Lucene search
+L

319 matches found

Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.20 views

PT-2026-38418

Name of the Vulnerable Software and Affected Versions Open Notebook version 1.8.3 Description Insufficient user input sanitization allows an application user to perform Server-Side Template Injection SSTI, a flaw where an attacker can inject malicious templates into a server-side engine. This...

10CVSS6AI score0.0023EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/04/07 6:1 p.m.16 views

CVE-2026-39341 SQL injection in ChurchCRM.0

ChurchCRM is an open-source church management system. Prior to 7.1.0, the application is vulnerable to time-based SQL injection due to an improper input validation. Endpoint Reports/ConfirmReportEmail.php?familyId= is not correctly sanitising user input, specifically, the sanitised input is not...

8.1CVSS0.0028EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.6 views

CVE-2026-2466

The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.8AI score0.00145EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.6 views

PT-2026-27516

Name of the Vulnerable Software and Affected Versions ActiveMatrix BusinessWorks and Enterprise Administrator affected versions not specified Description The software contains injection flaws stemming from inadequate validation or sanitization of user-provided input. This can lead to the disclosu...

8.7CVSS5.8AI score0.00333EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.17 views

PT-2026-22084

Name of the Vulnerable Software and Affected Versions Drupal Tagify versions prior to 1.2.49 Description The Tagify module for Drupal does not properly sanitize user-provided input before using it in JavaScript templates within the Tagify widget. This allows for the execution of arbitrary...

5.4CVSS6.2AI score0.00136EPSS
Exploits0References5
Debian
Debian
added 2026/02/20 7:20 p.m.9 views

[SECURITY] [DSA 6147-1] pillow security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6147-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 20, 2026 https://www.debian.org/security/faq -...

8.6CVSS6.1AI score0.00367EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/02/06 6:34 p.m.10 views

SCEditor has DOM XSS via emoticon URL/HTML injection

If an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration options. Proof of concept: js sceditor.createtextarea, emoticons: dropdown: ':':...

5.4CVSS5.3AI score0.00216EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/16 6:56 a.m.18 views

CVE-2025-13355

The URL Shortify WordPress plugin before 1.11.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.1AI score0.00147EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/25 6:2 a.m.8 views

CVE-2024-14015

The WordPress eCommerce Plugin WordPress plugin through 2.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.1AI score0.00376EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.10 views

PT-2025-47883

Name of the Vulnerable Software and Affected Versions WordPress eCommerce Plugin versions through 2.9.0 Description The WordPress eCommerce Plugin does not properly sanitize and escape a parameter before displaying it on a page. This can lead to a Reflected Cross-Site Scripting XSS issue,...

7.1CVSS5.3AI score0.00376EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/11/09 12:0 a.m.7 views

Fedora 42 : xen (2025-ec271ef07b)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-ec271ef07b advisory. Incorrect removal of permissions on PCI device unplug XSA-476, CVE-2025-58149 ---- x86: Incorrect input sanitisation in Viridian hypercalls XSA-475,...

7.5CVSS5.9AI score0.00396EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2025/10/28 4:40 p.m.6 views

Security update for xen

This update for xen fixes the following issues: CVE-2025-58147, CVE-2025-58148: Fixed incorrect input sanitisation in Viridian hypercalls bsc1251271, XSA-475 CVE-2025-27466, CVE-2025-58142, CVE-2025-58143: Fixed mutiple vulnerabilities in the Viridian interface bsc1248807, XSA-472 Patch...

7CVSS7.1AI score0.00435EPSS
Exploits0References14
OSV
OSV
added 2025/10/28 4:40 p.m.3 views

SUSE-SU-2025:3843-1 Security update for xen

This update for xen fixes the following issues: - CVE-2025-58147, CVE-2025-58148: Fixed incorrect input sanitisation in Viridian hypercalls bsc1251271, XSA-475 - CVE-2025-27466, CVE-2025-58142, CVE-2025-58143: Fixed mutiple vulnerabilities in the Viridian interface bsc1248807, XSA-472...

9.8CVSS5.8AI score0.00435EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/10/28 12:0 a.m.3 views

SUSE SLED15: xen / xen-devel / xen-doc-html / xen-libs / xen-libs-32bit / etc (SUSE-SU-2025:3798-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3798-1 advisory. - CVE-2025-58147, CVE-2025-58148: Fixed incorrect input sanitisation in Viridian hypercalls...

9.8CVSS5.8AI score0.00435EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2025/10/28 12:0 a.m.5 views

SUSE SLES15: xen / xen-devel / xen-libs / xen-tools / xen-tools-domU / etc (SUSE-SU-2025:3797-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3797-1 advisory. - CVE-2025-58147, CVE-2025-58148: Fixed incorrect input sanitisation in Viridian hypercalls bsc1251271, XSA-475 - CVE-2025-27466,...

9.8CVSS5.8AI score0.00435EPSS
Exploits0References13
SUSE Linux
SUSE Linux
added 2025/10/27 7:58 a.m.6 views

Security update for xen

This update for xen fixes the following issues: CVE-2025-58147, CVE-2025-58148: Fixed incorrect input sanitisation in Viridian hypercalls bsc1251271, XSA-475 CVE-2025-27466, CVE-2025-58142, CVE-2025-58143: Fixed mutiple vulnerabilities in the Viridian interface bsc1248807, XSA-472 Patch...

7CVSS7.1AI score0.00435EPSS
Exploits0References16
OSV
OSV
added 2025/10/27 7:58 a.m.4 views

SUSE-SU-2025:3798-1 Security update for xen

This update for xen fixes the following issues: - CVE-2025-58147, CVE-2025-58148: Fixed incorrect input sanitisation in Viridian hypercalls bsc1251271, XSA-475 - CVE-2025-27466, CVE-2025-58142, CVE-2025-58143: Fixed mutiple vulnerabilities in the Viridian interface bsc1248807, XSA-472...

9.8CVSS7.1AI score0.00435EPSS
Exploits0References9
SUSE Linux
SUSE Linux
added 2025/10/27 7:58 a.m.2 views

Security update for xen

This update for xen fixes the following issues: CVE-2025-58147, CVE-2025-58148: Fixed incorrect input sanitisation in Viridian hypercalls bsc1251271, XSA-475 CVE-2025-27466, CVE-2025-58142, CVE-2025-58143: Fixed mutiple vulnerabilities in the Viridian interface bsc1248807, XSA-472 Patch...

7CVSS7AI score0.00435EPSS
Exploits0References14
OSV
OSV
added 2025/10/27 7:58 a.m.3 views

SUSE-SU-2025:3797-1 Security update for xen

This update for xen fixes the following issues: - CVE-2025-58147, CVE-2025-58148: Fixed incorrect input sanitisation in Viridian hypercalls bsc1251271, XSA-475 - CVE-2025-27466, CVE-2025-58142, CVE-2025-58143: Fixed mutiple vulnerabilities in the Viridian interface bsc1248807, XSA-472...

9.8CVSS7.1AI score0.00435EPSS
Exploits0References8
Hacker One
Hacker One
added 2025/10/25 4:42 a.m.13 views

Revive Adserver: Improper sanitisation of input in the settings could cause DoS

A vulnerability was found in the settings functionality of the application where attacker-controlled values in the emailfromName and emailfromCompany fields were persisted and later rendered to pages without proper output encoding. This could have led to the execution of arbitrary JavaScript in t...

2.7CVSS6.8AI score0.00413EPSS
Exploits1
Rows per page
Query Builder