Lucene search
K

184 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-13753

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONENEWUSER and the TIOCSTI ioctl. CLONENEWUSER could...

10CVSS6.7AI score0.02917EPSS
Exploits0References2
OSV
OSV
added 2025/07/08 7:15 a.m.3 views

CVE-2025-42956

SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, injected input data will be used by the web site page generation to create...

6.1CVSS5.6AI score0.00207EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/07 3:7 p.m.3 views

CVE-2025-53486 WikiCategoryTagCloud: Reflected Cross-Site Scripting (XSS) via linkstyle attribute in parser function

The WikiCategoryTagCloud extension is vulnerable to reflected XSS via the linkstyle attribute, which is improperly concatenated into inline HTML without escaping. An attacker can inject JavaScript event handlers such as onmouseenter using carefully crafted input via the tag:tagcloud parser...

6AI score0.00244EPSS
Exploits0References2
Snyk
Snyk
added 2025/06/24 7:43 a.m.1 views

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

Overview apache-airflow-providers-snowflake is a Provider package apache-airflow-providers-snowflake for Apache Airflow Affected versions of this package are vulnerable to Failure to Sanitize Special Elements into a Different Plane Special Element Injection in the...

9.8CVSS8.1AI score0.00593EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2025/06/15 12:0 a.m.276 views

AirKeyboard iOS App 1.0.5 - Remote Input Injection

Exploit Title: AirKeyboard iOS App 1.0.5 - Remote Input Injection Date: 2025-06-13 Exploit Author: Chokri Hammedi Vendor Homepage: https://airkeyboardapp.com Software Link: https://apps.apple.com/us/app/air-keyboard/id6463187929 Version: Version 1.0.5 Tested on: iOS 18.5 with AirKeyboard app '''...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/26 12:0 a.m.86 views

📄 Remote for Windows 2024.15 Unauthenticated Arbitrary Input

Remote for Windows version 2024.15 allows for unauthenticated arbitrary input into the active window. Exploit Title: Remote for Windows 2024.15 - Unauthenticated Arbitrary Input into Active Window Date: 2025-05-23 Exploit Author: Chokri Hammedi Vendor Homepage: https://rs.ltd Software Link:...

7.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 7:45 a.m.9 views

CVE-2024-28831

Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation pop-up...

5.4CVSS6.2AI score0.00343EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:28 a.m.5 views

CVE-2023-36637

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail's calendar via input fields...

5.4CVSS6.6AI score0.00389EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:10 p.m.8 views

CVE-2021-45836

An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by injecting a maliciously crafted input in the request through /tos/index.php?app/handapp...

9CVSS7.6AI score0.02375EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 8:12 p.m.19 views

CVE-2021-39497

eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote function...

9.8CVSS6.7AI score0.02358EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:45 p.m.8 views

CVE-2020-14525

Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users...

3.5CVSS4.2AI score0.00445EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:25 a.m.14 views

CVE-2019-10665

An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with...

9.8CVSS7.5AI score0.01482EPSS
Exploits1References1
OSV
OSV
added 2025/05/08 7:15 a.m.4 views

UBUNTU-CVE-2025-37814

In the Linux kernel, the following vulnerability has been resolved: tty: Require CAPSYSADMIN for all usages of TIOCLSELMOUSEREPORT This requirement was overeagerly loosened in commit 2f83e38a095f "tty: Permit some TIOCLSETSEL modes without CAPSYSADMIN", but as it turns out, 1 the logic I...

5.5CVSS6.7AI score0.00172EPSS
Exploits0References6
OSV
OSV
added 2025/05/07 6:15 p.m.2 views

CVE-2025-20193

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device.r This vulnerability is due to insufficient input validation. An attacker could exploit this...

6.5CVSS5.8AI score0.00355EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/05 12:0 a.m.3 views

Output Messenger 安全漏洞

Output Messenger is an enterprise-grade instant messaging and collaboration software from Output Messenger, Inc. that provides secure internal communications, file sharing, screen sharing, and remote desktop control. A security vulnerability exists in Output Messenger versions prior to 2.0.63,...

6.1CVSS8AI score0.0037EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/04/25 10:48 p.m.14 views

CVE-2025-0757

Overview The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. CWE-79 Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and...

4.4CVSS6.7AI score0.00262EPSS
Exploits0References1
NVD
NVD
added 2025/03/11 10:15 a.m.11 views

CVE-2025-27494

A vulnerability has been identified in SiPass integrated AC5102 ACC-G2 All versions V6.4.9, SiPass integrated ACC-AP All versions V6.4.9. Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileg...

9.4CVSS0.00466EPSS
Exploits0References1
Snyk
Snyk
added 2025/02/21 10:14 p.m.1 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the user details viewing functionality. An attacker can manipulate the host header in HTTP requests to gain unauthorized access to view...

8.8CVSS7AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/09 12:27 a.m.13 views

CVE-2024-52882

An issue was discovered in AudioCodes One Voice Operations Center OVOC before 8.4.582. Due to improper neutralization of input via the devices API, an attacker can inject malicious JavaScript code XSS to attack logged-in administrator sessions...

6.1CVSS6.6AI score0.00227EPSS
Exploits0References1
CVE
CVE
added 2025/02/07 12:0 a.m.82 views

CVE-2024-52882

CVE-2024-52882 affects AudioCodes One Voice Operations Center (OVOC) prior to 8.4.582. The issue stems from improper neutralization of input via the devices API, enabling an attacker to inject malicious JavaScript (XSS) that targets logged-in administrator sessions. Impact is limited to cross-sit...

6.1CVSS6.7AI score0.00227EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder