Lucene search
+L

936 matches found

Cvelist
Cvelist
added 2026/01/28 1:28 a.m.43 views

CVE-2026-1513

billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...

0.00158EPSS
Exploits0References1
CVE
CVE
added 2026/01/28 1:28 a.m.58 views

CVE-2026-1513

CVE-2026-1513 affects billboard.js prior to 3.18.0, enabling cross-site scripting via improper sanitization during chart option binding. Multiple sources (Red Hat, OSV, Snyk) confirm an XSS risk in the affected library. Remediation: upgrade billboard.js to 3.18.0-next.2 or higher (per OSV/Snyk gu...

6.1CVSS6AI score0.00158EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.5 views

PT-2026-5054

billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...

6AI score0.00158EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/27 10:47 p.m.4 views

Relative Path Traversal

Overview @vltpkg/tar is an An extremely limited and very fast tar extractor Affected versions of this package are vulnerable to Relative Path Traversal via improper sanitization of file paths during the extraction process. An attacker can overwrite arbitrary files on the filesystem by crafting ta...

5.9CVSS6AI score0.0018EPSS
Exploits0References2
NVD
NVD
added 2026/01/26 7:16 a.m.10 views

CVE-2025-14316

The AhaChat Messenger Marketing WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS0.00188EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/22 9:48 p.m.5 views

CVE-2025-9289

A Cross-Site Scripting XSS vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. If...

5.7CVSS5.7AI score0.00173EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:52 p.m.4 views

CVE-2025-69045

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FooEvents FooEvents for WooCommerce fooevents allows SQL Injection.This issue affects FooEvents for WooCommerce: from n/a through = 1.20.4...

8.5CVSS5.5AI score0.0033EPSS
Exploits0References2
Veracode
Veracode
added 2026/01/20 12:37 p.m.8 views

Cross-site Scripting (XSS)

october/system is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in backend configuration stylesheet fields, which allows an attacker with backend customization privileges to inject malicious HTML or JavaScript and execute arbitrary scripts across...

6.1CVSS5.8AI score0.00183EPSS
Exploits0References2Affected Software2
RedhatCVE
RedhatCVE
added 2026/01/17 6:24 a.m.10 views

CVE-2026-23769

lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files...

6.5CVSS7.2AI score0.00198EPSS
Exploits0References1
OSV
OSV
added 2026/01/16 6:15 a.m.6 views

CVE-2026-23769

lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files...

6.1CVSS5.9AI score0.00198EPSS
Exploits0References2
NVD
NVD
added 2026/01/16 6:15 a.m.7 views

CVE-2026-23769

lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files...

6.5CVSS0.00198EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/16 5:23 a.m.3 views

CVE-2026-23769

lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files...

6.5CVSS5.6AI score0.00198EPSS
Exploits0References3
CVE
CVE
added 2026/01/16 5:23 a.m.17 views

CVE-2026-23769

CVE-2026-23769 affects lucy-xss-filter. The issue arises from improper sanitization due to misconfigured default superset rule files, enabling an attacker to execute malicious JavaScript. The noted vulnerable state involves versions prior to commit e5826c0. Red Hat and other sources confirm impac...

6.5CVSS6.8AI score0.00198EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/01/16 5:23 a.m.37 views

CVE-2026-23769

lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files...

0.00198EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/13 9:51 p.m.12 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview quill is a modern rich text editor built for compatibility and extensibility. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' due to the improper sanitazation in the getHTML function. An...

5.1CVSS7.1AI score0.00221EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/12 12:0 a.m.11 views

PT-2026-1747

Name of the Vulnerable Software and Affected Versions The Quiz Maker WordPress plugin versions prior to 6.7.0.89 Description The software does not properly sanitize and escape certain settings, potentially allowing users with high privileges, such as administrators, to carry out Stored Cross-Site...

4.8CVSS4.7AI score0.00185EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 10:44 a.m.9 views

CVE-2022-0255

The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue...

7.2CVSS7.5AI score0.01285EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:33 a.m.6 views

CVE-2024-39123

In janeczku Calibre-Web 0.6.0 to 0.6.21, the editbookcomments function is vulnerable to Cross Site Scripting XSS due to improper sanitization performed by the cleanstring function. The vulnerability arises from the way the cleanstring function handles HTML sanitization...

5.4CVSS5.8AI score0.22894EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:17 a.m.9 views

CVE-2025-23039

Caido is a web security auditing toolkit. A Cross-Site Scripting XSS vulnerability was identified in Caido v0.45.0 due to improper sanitization in the URL decoding tooltip of HTTP request and response editors. This issue could allow an attacker to execute arbitrary scripts, potentially leading to...

5.2CVSS6.2AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:52 a.m.11 views

CVE-2021-33886

An improper sanitization of input vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to gain user-level command-line access by passing a raw external string straight through to printf statements. The attacker is required to be on the same network as t...

8.8CVSS7.2AI score0.00827EPSS
Exploits1References1
Rows per page
Query Builder