Lucene search
+L

936 matches found

Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.6 views

PT-2026-24958

Name of the Vulnerable Software and Affected Versions Canonical LXD versions 4.12 through 6.6 Description An improper sanitization of the compression algorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API cal...

9.4CVSS6AI score0.00502EPSS
Exploits0References15
CVE
CVE
added 2026/03/11 6:28 p.m.16 views

CVE-2026-31877

Frappe (full-stack web framework) contains a SQL injection vulnerability prior to versions 15.84.0 and 14.99.0, exploitable via a specially crafted request to a certain endpoint. The issue can lead to information disclosure with high impact to confidentiality and integrity. The vulnerability is f...

9.8CVSS5.8AI score0.00285EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/11 6:28 p.m.2 views

CVE-2026-31877 Frappe SQL Injection due to improper field sanitization

Frappe is a full-stack web application framework. Prior to 15.84.0 and 14.99.0, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. This vulnerability is fixed in 15.84.0 and 14.99.0...

9.3CVSS5.8AI score0.00285EPSS
Exploits0References1
OSV
OSV
added 2026/03/11 6:28 p.m.3 views

CVE-2026-31877 Frappe SQL Injection due to improper field sanitization

Frappe is a full-stack web application framework. Prior to 15.84.0 and 14.99.0, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. This vulnerability is fixed in 15.84.0 and 14.99.0...

9.3CVSS5.8AI score0.00285EPSS
Exploits0References3
NVD
NVD
added 2026/03/11 4:16 p.m.4 views

CVE-2026-1090

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the markdownplaceholders feature flag was enabled, to inject JavaScript in a browser due to improper...

8.7CVSS0.00231EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/05 9:13 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper sanitization of HTML anchor tags in the comment and issue description functionality. An attacker can execute arbitrary JavaScript in the context of another user by injecting malicious links...

8.7CVSS5.8AI score0.00306EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2026/02/22 8:46 a.m.188 views

SQLi-Exfiltration-Lab

SQL Injection SQLi - Database Exfiltration Lab Overview...

6.1AI score
Exploits0
Veracode
Veracode
added 2026/02/21 5:5 a.m.8 views

Remote Code Execution (RCE)

craftcms/cms is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper sanitization of user-supplied configuration data in the assembleLayoutFromPost function before passing it to Craft::createObject, which allows an authenticated administrator to inject malicious Yii2...

8.6CVSS7.6AI score0.0097EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

WordPress plugin Smartsupp – live chat, AI shopping assistant and chatbots 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.00266EPSS
Exploits0References6
OSV
OSV
added 2026/02/12 8:51 a.m.14 views

BIT-MOODLE-2025-67849 Moodle: moodle: cross-site scripting (xss) via improper sanitization of ai prompt responses

A flaw was found in Moodle. This cross-site scripting XSS vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface...

7.3CVSS5.1AI score0.00232EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/03 11:15 a.m.5 views

CVE-2025-67849

A flaw was found in Moodle. This cross-site scripting XSS vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface...

7.3CVSS5.7AI score0.00232EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/03 10:52 a.m.35 views

CVE-2025-67849 Moodle: moodle: cross-site scripting (xss) via improper sanitization of ai prompt responses

A flaw was found in Moodle. This cross-site scripting XSS vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface...

7.3CVSS0.00232EPSS
Exploits0References2
CVE
CVE
added 2026/02/03 10:52 a.m.39 views

CVE-2025-67849

CVE-2025-67849 affects Moodle with an XSS flaw caused by improper sanitization of AI prompt responses. The vulnerability allows injecting malicious HTML/script into pages viewed by other users, potentially stealing sessions or manipulating the UI. Connected sources (Nessus/NASL, CVE records, OSV/...

7.3CVSS5AI score0.00232EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.8 views

Kodmatic Online Exam and Assessment SQL Injection Vulnerability

Kodmatic Online Exam and Assessment is an online examination software developed by Kodmatic Corporation. Versions of Kodmatic Online Exam and Assessment prior to 30012026 contained a SQL injection vulnerability. This vulnerability stemmed from improper neutralization of special elements in SQL...

8.6CVSS5.9AI score0.00299EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/29 3:26 a.m.9 views

CVE-2026-1513

billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...

6.1CVSS6AI score0.00158EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 3:30 a.m.6 views

GHSA-RPC5-PM7Q-HJMP billboard.js is vulnerable to XSS during chart option binding

billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...

7.1CVSS6AI score0.00158EPSS
Exploits0References5
Snyk
Snyk
added 2026/01/28 2:47 a.m.2 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:billboard.js is a Re-usable easy interface JavaScript chart library, based on D3 v4+ Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization in the chart option binding. An attacker can execute arbitrary JavaScript code by...

7.1CVSS5.5AI score0.00158EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/28 2:47 a.m.5 views

Cross-site Scripting (XSS)

Overview billboard.js is a Re-usable easy interface JavaScript chart library, based on D3 v4+ Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization in the chart option binding. An attacker can execute arbitrary JavaScript code by supplying crafted...

7.1CVSS6AI score0.00158EPSS
Exploits0References2
OSV
OSV
added 2026/01/28 2:16 a.m.6 views

CVE-2026-1513

billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...

6.1CVSS5.5AI score0.00158EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/28 1:28 a.m.2 views

CVE-2026-1513

billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...

6AI score0.00158EPSS
Exploits0References1
Rows per page
Query Builder