Lucene search
+L

143 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-48030

Malicious code in bioql PyPI...

7.1CVSS6.8AI score0.13922EPSS
Exploits1References2
nvd
nvd
added 2025/09/09 5:16 p.m.4 views

CVE-2025-58987

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AntoineH Football Pool football-pool allows Stored XSS.This issue affects Football Pool: from n/a through = 2.12.6...

6.5CVSS0.00154EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/08/30 6:19 p.m.3 views

CVE-2025-48316

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ItayXD Responsive Mobile-Friendly Tooltip responsive-mobile-friendly-tooltip allows Stored XSS.This issue affects Responsive Mobile-Friendly Tooltip: from n/a through = 1.6.6...

6.5CVSS5.9AI score0.0019EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/08/11 8:29 a.m.17 views

CVE-2025-8022

Versions of the package bun after 0.0.12 are vulnerable to Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the $ shell API due to improper neutralization of user input. An attacker can exploit this by providing specially crafted input that includes...

8.8CVSS6.6AI score
Exploits0References1
redhatcve
redhatcve
added 2025/08/02 8:22 p.m.6 views

CVE-2025-54433

Bugsink is a self-hosted error tracking service. In versions 1.4.2 and below, 1.5.0 through 1.5.4, 1.6.0 through 1.6.3, and 1.7.0 through 1.7.3, ingestion paths construct file locations directly from untrusted eventid input without validation. A specially crafted eventid can result in paths outsi...

7.2CVSS6.2AI score0.00538EPSS
Exploits0References1
osv
osv
added 2025/07/23 6:33 a.m.17 views

GHSA-4J66-8F4R-3PJX bun vulnerable to OS Command Injection

All versions of the package bun are vulnerable to Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the $ shell API due to improper neutralization of user input. An attacker can exploit this by providing specially crafted input that includes command-line...

8.8CVSS6.5AI score
Exploits0References4
github
github
added 2025/07/23 6:33 a.m.18 views

Withdrawn Advisory: bun vulnerable to OS Command Injection

Withdrawn Advisory This advisory has been withdrawn because it does not describe a vulnerability in Bun itself. See the following rejection message from the CVE Numbering Authority: Rejected reason: Bun Shell does not invoke /bin/sh, or any other interpreter, for template literals created with th...

6.8AI score
Exploits0References4Affected Software1
vulnrichment
vulnrichment
added 2025/07/23 5:0 a.m.6 views

CVE-2025-8022

...

6.3AI score
Exploits0
cve
cve
added 2025/07/23 5:0 a.m.90 views

CVE-2025-8022

CVE-2025-8022 entry is rejected/not used and does not represent an active vulnerability.

6.3AI score
Exploits0
redhatcve
redhatcve
added 2025/07/13 7:15 a.m.11 views

CVE-2025-5392

The GB Forms DB plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2 via the gbfdbtalktofront function. This is due to the function accepting user input and then passing that through calluserfunc. This makes it possible for unauthenticated...

9.8CVSS7.4AI score0.00838EPSS
Exploits0References1
cnvd
cnvd
added 2025/07/11 12:0 a.m.3 views

Endress+Hauser MEAC300-FNADE4 Cross-Site Scripting Vulnerability (CNVD-2025-16357)

The Endress+Hauser MEAC300-FNADE4 is a cost-effective emissions data management computer from Endress+Hauser Vietnam. The Endress+Hauser MEAC300-FNADE4 suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied dat...

7.4CVSS6.6AI score0.00284EPSS
Exploits0References1
cvelist
cvelist
added 2025/07/09 12:0 a.m.14 views

CVE-2025-52357

Cross-Site Scripting XSS vulnerability exists in the ping diagnostic feature of FiberHome FD602GW-DX-R410 router firmware V2.2.14, allowing an authenticated attacker to execute arbitrary JavaScript code in the context of the router s web interface. The vulnerability is triggered via user-supplied...

0.00269EPSS
Exploits2References2
osv
osv
added 2025/06/26 9:20 p.m.6 views

GHSA-6F6R-M9PV-67JW iOS Simulator MCP Command Injection allowed via exec API

Command Injection in MCP Server The MCP Server at https://github.com/joshuayoes/ios-simulator-mcp/ is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. Vulnerable tool The MCP Server exposes the too...

6CVSS7.9AI score0.00658EPSS
Exploits0References6
github
github
added 2025/06/26 9:20 p.m.17 views

iOS Simulator MCP Command Injection allowed via exec API

Command Injection in MCP Server The MCP Server at https://github.com/joshuayoes/ios-simulator-mcp/ is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. Vulnerable tool The MCP Server exposes the too...

6CVSS7.9AI score0.00658EPSS
Exploits0References6Affected Software1
cvelist
cvelist
added 2025/06/26 2:8 p.m.16 views

CVE-2025-52573 Command Injection in MCP Server ios-simulator-mcp

iOS Simulator MCP Server ios-simulator-mcp is a Model Context Protocol MCP server for interacting with iOS simulators. Versions prior to 1.3.3 are written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. T...

6CVSS0.00658EPSS
Exploits0References4
cnvd
cnvd
added 2025/06/17 12:0 a.m.2 views

WordPress Animated Buttons Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress Animated Buttons, which stems from insufficient cleanup and escaping of user-supplied attribute inputs in the...

6.4CVSS6.2AI score0.00203EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 11:57 a.m.5 views

CVE-2025-0193

A stored Cross-site Scripting XSS vulnerability exists in the MGate 5121/5122/5123 Series firmware version v1.0 because of insufficient sanitization and encoding of user input in the "Login Message" functionality. An authenticated attacker with administrative access can exploit this vulnerability...

5.2CVSS5.7AI score0.00287EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 10:23 a.m.6 views

CVE-2024-40519

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by adminsmtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain...

8.8CVSS8.4AI score0.0108EPSS
Exploits1
redhatcve
redhatcve
added 2025/05/23 5:24 a.m.7 views

CVE-2023-52192

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Keap Keap Official Opt-in Forms allows Stored XSS.This issue affects Keap Official Opt-in Forms: from n/a through 1.0.11...

6.5CVSS6.7AI score0.00322EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 4:53 a.m.6 views

CVE-2023-20019

A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform, Cisco BroadWorks Application Server, and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user ...

6.1CVSS6.2AI score0.00588EPSS
Exploits0References1
Rows per page
Query Builder