Lucene search
K

24584 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.7 views

Automated Logic WebCTRL Premium Server Improper Neutralization of Input During Web Page Generation (CVE-2024-8528)

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. User input is not properly sanitized, allowing injection of malicious scripts into web pages viewed by...

5.4CVSS5.8AI score0.00106EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.15 views

PT-2026-51321

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A sanitize-then-interpolate ordering bug exists in the geomap panel's XYZ tile layer. The sanitizeTextPanelContent function processes the raw template string...

7.3CVSS5.7AI score0.0025EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/06/19 2:21 p.m.16 views

undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

Impact undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into their literal byte equivalents. RFC 6265 §5.4 does not specify any decoding and browsers do not decode either. Applications that parse a...

5.9CVSS6AI score0.00257EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/06/19 6:17 a.m.15 views

CVE-2026-12157

The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient...

6.4CVSS0.00212EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/19 4:31 a.m.13 views

EUVD-2026-37980

The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6AI score0.00193EPSS
Exploits0References4
NVD
NVD
added 2026/06/18 8:16 a.m.14 views

CVE-2026-12136

The Customize My Account For Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sysbasicsuseravatar' shortcode in versions up to, and including, 4.3.6. This is due to insufficient input sanitization and output escaping on user supplied attributes minheight,...

6.4CVSS0.00193EPSS
Exploits0References5
CVE
CVE
added 2026/06/18 6:50 a.m.29 views

CVE-2026-12136

CVE-2026-12136 affects the WordPress plugin “Customize My Account for WooCommerce” up to version 4.3.6. The root cause is insufficient input sanitization and output escaping on shortcode attributes (min_height, min_width, max_height, max_width) used by sysbasics_user_avatar, which are concatenate...

6.4CVSS5.6AI score0.00193EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2026/06/17 12:0 a.m.2 views

The vulnerability of the OpenNebula cloud management platform for virtual machines, related to the lack of measures taken to sanitize input data, allows a perpetrator to trigger a service failure.

The vulnerability of the OpenNebula cloud management platform for virtual machines is related to the lack of measures taken to sanitize input data. Exploiting this vulnerability could allow a malicious actor to trigger service failures...

10CVSS5.8AI score0.01536EPSS
Exploits0References5Affected Software2
Snyk
Snyk
added 2026/06/16 11:38 p.m.11 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the NoScript component when untrusted input is interpolated into its slot content. An attacker can inject malicious HTML or scripts by supplying specially crafted data that is rendered unescaped in the...

6.1CVSS6AI score0.00209EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/16 11:38 p.m.12 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:nuxt is a Affected versions of this package are vulnerable to Cross-site Scripting XSS via the NoScript component when untrusted input is interpolated into its slot content. An attacker can inject malicious HTML or scripts by supplying specially crafted data that is...

6.1CVSS5.9AI score0.00209EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/16 9:13 p.m.8 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via insufficient sanitization of input passed to the aria2c external...

9.6CVSS6.4AI score0.00406EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 5:22 p.m.6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the two-way property binding. An attacker can execute arbitrary JavaScript in the context of the user's browser by supplying crafted input to a sensitive DOM property bound with two-way binding syntax. Note:...

8.3CVSS5.9AI score0.00195EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 4:51 p.m.39 views

@angular/core: Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (XSS)

An issue in the @angular/core package allows bypassing script-execution restrictions during dynamic component creation. Specifically, the dynamic component instantiation mechanism createComponent failed to reject mounting components directly onto a or namespaced script element such as . This...

6.1CVSS6.1AI score0.00238EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/15 12:0 p.m.15 views

CVE-2016-20070

CVE-2016-20070 affects WordPress plug‑in Booking Calendar Contact Form 1.0.23 . The vulnerability comprises a privilege escalation and a stored XSS flaw that allows authenticated, subscriber‑level users to modify plugin options and inject XSS payloads. Payloads can be supplied via parameters such...

6.4CVSS5.3AI score0.00231EPSS
Exploits0References3
OSV
OSV
added 2026/06/13 8:57 a.m.14 views

BIT-GITLAB-2026-10087 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code on behalf of a...

8.7CVSS5.9AI score0.00249EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/13 7:51 a.m.14 views

EUVD-2026-36648

The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...

6.4CVSS5.5AI score0.00199EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/13 2:34 a.m.17 views

CVE-2026-54057

A flaw was found in Kitty, a cross-platform GPU-based terminal. An input sanitization vulnerability in Kitty's OSC 21 color-control query reply allows an attacker to inject controlled bytes, including newlines, directly into the shell's input. This could enable an attacker to execute arbitrary co...

7.8CVSS5.5AI score0.00166EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.22 views

PT-2026-49091

Name of the Vulnerable Software and Affected Versions Bookly versions prior to 27.3 Description The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping...

7.2CVSS5.5AI score0.00312EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2026/06/12 12:51 p.m.9 views

CVE-2026-45669 Nuxt: Reflected XSS in `navigateTo()` external redirect

Nuxt is an open-source web development framework for Vue.js. From versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, navigateTo with external: true generates a server-side HTML redirect body containing a tag. The destination URL is only sanitized by replacing " with %22, leaving ,...

5.3CVSS5.4AI score0.00164EPSS
Exploits1References2
OSV
OSV
added 2026/06/12 9:5 a.m.10 views

BIT-GITLAB-2026-8589 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to add unauthorized email addresses to a targeted user's account due to improper...

8.7CVSS5.3AI score0.00255EPSS
Exploits0References4
Rows per page
Query Builder