Lucene search
+L

936 matches found

NVD
NVD
added 2026/05/14 6:16 a.m.34 views

CVE-2026-6335

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user to execute arbitrary code in another user's browser session due to improper sanitization...

5.4CVSS0.00192EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/14 6:16 a.m.9 views

CVE-2025-12669

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to inject HTML and JavaScript into email notifications sent to other users due to improper input sanitizatio...

5.4CVSS5.8AI score0.00176EPSS
Exploits0References4
OSV
OSV
added 2026/05/14 6:16 a.m.8 views

UBUNTU-CVE-2026-6335

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user to execute arbitrary code in another user's browser session due to improper sanitization...

5.4CVSS6.2AI score0.00192EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/14 5:33 a.m.14 views

CVE-2026-6335

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user to execute arbitrary code in another user's browser session due to improper sanitization...

5.4CVSS6.2AI score0.00192EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/13 4:16 p.m.13 views

CVE-2026-41219

An improper sanitization vulnerability exists in the BIG-IP QKView utility that allows a low-privileged attacker to read sensitive information from a QKView file. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

7.1CVSS0.00277EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 2:12 p.m.36 views

CVE-2026-41219 BIG-IP QKView vulnerability

An improper sanitization vulnerability exists in the BIG-IP QKView utility that allows a low-privileged attacker to read sensitive information from a QKView file. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

7.1CVSS0.00277EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 2:12 p.m.7 views

CVE-2026-41219 BIG-IP QKView vulnerability

An improper sanitization vulnerability exists in the BIG-IP QKView utility that allows a low-privileged attacker to read sensitive information from a QKView file. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

7.1CVSS5.8AI score0.00277EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.17 views

PT-2026-40659

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IQ versions prior to 17.5.1.4 Description An improper sanitization issue in the QKView utility allows a low-privileged attacker to read sensitive information from a QKView file. Recommendations Updat...

7.1CVSS5.8AI score0.00277EPSS
Exploits0References4
OSV
OSV
added 2026/05/12 8:56 a.m.9 views

BIT-PHP-2026-6735 XSS within PHP-FPM status endpoint

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

8.8CVSS6.2AI score0.0021EPSS
Exploits1References2
Patchstack
Patchstack
added 2026/05/11 7:37 p.m.14 views

NPM: Mermaid: Improper sanitization of configuration leads to CSS injection

NPM: Mermaid: Improper sanitization of configuration leads to CSS injection vulnerability discovered by ? in WordPress Npm mermaid versions = 10.9.5...

5.8AI score0.00398EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 7:37 p.m.13 views

Mermaid: Improper sanitization of configuration leads to CSS injection

Impact Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration options. Live demo: mermaid.live Example code: %%init: "fontFamily": "x;ab :not&background:green !important cd"%% flowchart LR A --...

5.3CVSS5.8AI score0.00398EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/05/11 7:36 p.m.10 views

GHSA-XCJ9-5M2H-648R Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection

Details The state diagram and any other diagram type that routes user-controlled style strings through createCssStyles parser for Mermaid v11.14.0 and earlier captures classDef values with an unrestricted regex: jison // packages/mermaid/src/diagrams/state/parser/stateDiagram.jison:83 ^\n...

5.3CVSS5.8AI score0.00338EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/05/10 5:16 a.m.10 views

CVE-2026-6735

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

8.8CVSS6AI score0.0021EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/05/10 3:27 a.m.11 views

CVE-2026-6735

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

8.8CVSS6.2AI score0.0021EPSS
Exploits1
Veracode
Veracode
added 2026/05/09 5:36 a.m.13 views

SQL Injection

CKAN is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of input in datastoresearchsql, which allows an attacker to inject arbitrary SQL queries and gain access to private resources and PostgreSQL system information...

9.8CVSS6AI score0.01815EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/05/08 10:21 p.m.11 views

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering process of the pending user overlay content due to improper sanitization order. An attacker can execute arbitrary JavaScript in the browser context of affected users ...

4.8CVSS5.8AI score0.0017EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/08 12:0 a.m.9 views

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-milvus-store is a Spring AI Vector Store - Milvus Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the MilvusVectorStoredoDeleteList implementation. An attacker can inject filter...

8.8CVSS5.7AI score0.00353EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/07 6:30 p.m.15 views

EUVD-2026-28391

A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /addmembers.php. This vulnerability affects the file upload functionality, where improper file sanitization allows attackers to inject malicious files which leads RCE...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References3
OSV
OSV
added 2026/05/07 6:30 p.m.10 views

GHSA-587P-W43Q-4HJX query-parser-string is vulnerable to Prototype Pollution

NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object...

9.8CVSS5.8AI score0.00476EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/07 12:0 a.m.12 views

CVE-2026-36387

A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /addmembers.php. This vulnerability affects the file upload functionality, where improper file sanitization allows attackers to inject malicious files which leads RCE...

5.8AI score0.00255EPSS
Exploits0References2
Rows per page
Query Builder