Lucene search
K

43 matches found

Vulnrichment
Vulnrichment
added 2026/03/13 9:43 p.m.5 views

CVE-2026-32732 XSS in @leanprover/unicode-input-component

Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as...

5.7AI score0.00327EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/13 9:43 p.m.34 views

CVE-2026-32732 XSS in @leanprover/unicode-input-component

Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as...

0.00327EPSS
Exploits0References3
CVE
CVE
added 2026/03/13 9:43 p.m.27 views

CVE-2026-32732

CVE-2026-32732 describes an XSS issue in Lean 4 VS Code Extension caused by the @leanprover/unicode-input-component. The component re-inserted text into the input element as unescaped HTML, making versions 0.1.9 and earlier vulnerable. The issue affects projects using the affected component and c...

5.7AI score0.00327EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.12 views

PT-2026-25402

Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as...

5.7AI score0.00327EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/23 6:34 a.m.12 views

CVE-2024-39236

Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/componentmeta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself...

9.8CVSS9.5AI score0.00863EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/04/23 3:41 p.m.6 views

Malicious code in @sporta-technology/rn-components.text-input (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/02/24 12:0 a.m.5 views

The vulnerability of the Input component in the Linux operating system’s kernel allows a hacker to gain elevated privileges within the system.

The vulnerability of the Input component in the Linux operating system’s kernel is related to memory management errors after deallocation. Exploiting this vulnerability can allow an attacker to gain elevated privileges within the system...

5.5CVSS6.5AI score0.00283EPSS
Exploits0References42Affected Software6
BDU FSTEC
BDU FSTEC
added 2025/01/13 12:0 a.m.4 views

The vulnerability of graphics drivers in microprogramming software for Intel processors arises from incorrect neutralization of special elements in the output data used by the input component. This allows attackers to exploit their privileges.

The vulnerability of graphic drivers in microprogramming software for Intel processors is related to incorrect neutralization of special elements in the output data used by the input component. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...

7.8CVSS5.4AI score0.00342EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/11/26 12:0 a.m.5 views

The vulnerability of the Input component in the Linux operating system’s kernel allows a hacker to gain elevated privileges within the system.

The vulnerability of the Input component in the Linux operating system’s kernel relates to the use of memory after it is freed in the rmiunregisterfunction function. Exploiting this vulnerability can allow an attacker to increase their privileges within the system...

8.8CVSS6.3AI score0.00242EPSS
Exploits0References26Affected Software5
BDU FSTEC
BDU FSTEC
added 2024/09/23 12:0 a.m.5 views

The vulnerability of the lsx_read_w_buf() function in the formats_i.c component of the SoX sound processing program allows a hacker to cause a service failure.

The vulnerability of the lsxreadwbuf function in the formsi.c component of the SoX sound processing program is related to the copying of buffers without checking the input data. Exploiting this vulnerability allows an attacker to cause a service failure using a specially created file...

5.5CVSS6.8AI score0.00457EPSS
Exploits1References11Affected Software4
Veracode
Veracode
added 2024/08/22 8:35 a.m.12 views

Code Injection

SquirrellyJS is vulnerable to Code Injection. The vulnerability is due to improper handling of input in the options.varName component of SquirrellyJS, allowing an attacker to inject and execute arbitrary code...

9.8CVSS7.4AI score0.01135EPSS
Exploits2References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/05/17 12:0 a.m.6 views

The vulnerability of the XML input component of the software tool for working with Oracle Web Applications and Oracle E-Business Suite desktop integration solutions for enterprise automation activities allows a malicious individual to gain unauthorized access to data or to modify, add, or delete protected data.

The vulnerability of the XML input component of the software tool for working with Oracle Web Applications, a desktop integration system for automating business activities within the Oracle E-Business Suite, is related to insufficient validation of entered data. Exploiting this vulnerability can...

4.3CVSS7.2AI score0.00417EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2024/04/16 12:0 a.m.5 views

PT-2024-3528 · Oracle · Oracle Web Applications Desktop Integrator

Name of the Vulnerable Software and Affected Versions: Oracle Web Applications Desktop Integrator versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the XML input component of Oracle Web Applications Desktop Integrator, part of the Oracle...

4.3CVSS7AI score0.00417EPSS
Exploits0References4
OSV
OSV
added 2024/03/01 11:15 p.m.7 views

CVE-2024-24512

Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component...

6.1CVSS6.2AI score0.00528EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2023/10/13 12:0 a.m.4 views

The vulnerability of the Input component in the Google Chrome browser allows attackers to perform spoofing attacks.

The vulnerability of the Input component in Google Chrome browser is related to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to carry out spam attacks using a specially created HTML page...

5CVSS5.4AI score0.00684EPSS
Exploits0References13Affected Software5
Positive Technologies
Positive Technologies
added 2023/10/10 12:0 a.m.6 views

PT-2023-5912 · Google +4 · Google Chrome +4

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 118.0.5993.70 Description: The issue is related to an inappropriate implementation in the Input component of Google Chrome, which allowed a remote attacker to spoof security UI via a crafted HTML page. This cou...

9.8CVSS6.3AI score0.99694EPSS
Exploits128References1114
Veracode
Veracode
added 2023/10/09 5:25 p.m.23 views

Spoofing Attack

chromium is vulnerable to Spoofing Attack. The vulnerability exists due to the inappropriate implementation in the Input component of the library, which allows an attacker to spoof security UI via a maliciously crafted HTML page...

4.3CVSS6.5AI score0.00663EPSS
Exploits0References8Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/26 12:0 a.m.8 views

The vulnerability of the Input component in the Google Chrome browser allows a hacker to replace the user interface.

The vulnerability of the Input component in Google Chrome browser is related to the improper use of standard permissions. Exploiting this vulnerability allows a malicious actor to replace the user interface with a specially created HTML page...

5CVSS5.5AI score0.00663EPSS
Exploits0References11Affected Software5
Positive Technologies
Positive Technologies
added 2023/09/12 12:0 a.m.6 views

PT-2023-5469 · Google +2 · Google Chrome +2

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 117.0.5938.62 Description: The issue is related to an inappropriate implementation in the Input component of Google Chrome, which can be exploited by a remote attacker to spoof the security UI via a crafted HTM...

9.8CVSS6.4AI score0.99694EPSS
Exploits133References1113
SUSE CVE
SUSE CVE
added 2023/02/15 3:32 a.m.3 views

SUSE CVE-2022-2613

Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions...

8.8CVSS9.2AI score0.00763EPSS
Exploits0References5
Rows per page
Query Builder