Lucene search
K

108 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-0362

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00741EPSS
Exploits0References7
CVE
CVE
added 2025/07/30 2:29 p.m.21 views

CVE-2025-54433

Bugsink suffers from a Path Traversal vulnerability (CVE-2025-54433) where ingestion paths are constructed from unvalidated event_id input. Affected versions include 1.4.2 and earlier, 1.5.0–1.5.4, 1.6.0–1.6.3, and 1.7.0–1.7.3. An attacker with a valid DSN can craft an event_id to cause file writ...

7.2CVSS6.5AI score0.00538EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/07/23 12:0 a.m.4 views

PT-2025-30550 · Unknown · Main Web Interface

Name of the Vulnerable Software and Affected Versions: Apache affected versions not specified Description: An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to improper sanitizing of user input in the Main Web Interface. The vulnerable...

8.8CVSS7AI score0.00696EPSS
Exploits0References7
CVE
CVE
added 2025/07/20 12:0 a.m.91 views

CVE-2025-54314

CVE-2025-54314 is tied to Ruby’s Thor library. The IBM/endorsement bulletin confirms Thor versions before 1.4.0 can construct an unsafe shell command from library input. The vulnerability is mitigated by upgrading to Thor 1.4.0 or newer, as noted in official fixes; the supplier disputes the claim...

2.8CVSS6.4AI score0.00155EPSS
Exploits0References5
CNVD
CNVD
added 2025/07/14 12:0 a.m.7 views

WordPress Events Manager Plugin SQL Injection Vulnerability

WordPress Events Manager plugin is a full-featured event management tool that supports event registration, ticket sales, booking management and recurring event settings. The WordPress Events Manager plugin suffers from a SQL injection vulnerability that stems from the plugin's failure to adequate...

7.5CVSS7.6AI score0.55683EPSS
Exploits2References1
NVD
NVD
added 2025/07/07 10:15 a.m.7 views

CVE-2025-3466

langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as parseInt, before sandbox security restrictio...

9.8CVSS0.00712EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/06/09 12:0 a.m.4 views

PT-2025-24524 · Unknown · Wc Myparcel Belgium

Name of the Vulnerable Software and Affected Versions: WC MyParcel Belgium versions 4.5.5 through beta Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to...

7.1CVSS6.7AI score0.0018EPSS
Exploits0References4
CVE
CVE
added 2025/06/08 11:47 a.m.55 views

CVE-2025-27242

This CVE-2025-27242 affects OpenHarmony v5.0.3 and earlier, where an improper input handling vulnerability allows a local attacker to cause a denial of service. The root cause is input validation/handling weakness in the OpenHarmony security component (security_component_manager). Reported impact...

5.5CVSS3.9AI score0.00114EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/06/02 2:53 p.m.4 views

USN-7549-1 php-twig vulnerability

It was discovered that Twig did not correctly handle securing user input. An attacker could possibly use this issue to cause Twig to expose sensitive information if it opened a specially crafted file. CVE-2024-45411...

8.6CVSS7.3AI score0.00826EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 1:58 a.m.10 views

CVE-2023-47130

Yii is an open source PHP web framework. yiisoft/yii before version 1.1.29 are vulnerable to Remote Code Execution RCE if the application calls unserialize on arbitrary user input. An attacker may leverage this vulnerability to compromise the host system. A fix has been developed for the 1.1.29...

9.8CVSS7.5AI score0.03147EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:55 p.m.6 views

CVE-2021-46034

A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vulnerability that can be injected through the nickname input box...

6.1CVSS6AI score0.00588EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 5:55 p.m.7 views

CVE-2020-25750

An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input $POST'xml' is used for simplexmlloadstring without sanitization. NOTE: This vulnerability only affects products...

7.5CVSS6.9AI score0.01145EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 10:22 a.m.9 views

CVE-2019-9094

A Reflected Cross Site Scripting XSS Vulnerability was discovered in /s/adada/cfiles/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing JavaScript in the filename is echoed back in JavaScript code, which resulted in XSS...

6.1CVSS6AI score0.00822EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:18 a.m.4 views

CVE-2017-1002201

In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code...

6.1CVSS6.5AI score0.01452EPSS
Exploits1References1
CNVD
CNVD
added 2025/05/19 12:0 a.m.12 views

SAP Data Services Management Console Cross-Site Scripting Vulnerability

SAP Data Services Management Console is a console for managing and monitoring data services. A cross-site scripting vulnerability exists in SAP Data Services Management Console that stems from the system failing to adequately encode user-controlled input. An attacker could exploit the vulnerabili...

4.4CVSS6.2AI score0.0017EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/05 12:0 a.m.3 views

PT-2025-19739 · Unknown · Retrieval-Based-Voice-Conversion-Webui

Name of the Vulnerable Software and Affected Versions: Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior Description: Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. The variables exp dir1, np7, and f0method8 take user input and pass it into...

9.8CVSS6.8AI score0.02259EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.4 views

PT-2025-17170 · Unknown · Rtpharry Bulk Page Stub Creator

Name of the Vulnerable Software and Affected Versions: rtpHarry Bulk Page Stub Creator versions n/a through 1.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This means an attacke...

7.1CVSS7.4AI score0.00235EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/04/10 12:0 a.m.13 views

Moodle < 3.9.20 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.20, 3.11.x prior to 3.11.13, 4.0.x prior to 4.0.7 or 4.1.x prior to 4.1.2. It is, therefore, affected by multiple vulnerabilities. - The course participation report required additional checks to...

9.8CVSS7.5AI score0.01195EPSS
Exploits0References21
Vulnrichment
Vulnrichment
added 2025/04/08 7:10 a.m.7 views

CVE-2025-26653 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)

SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting XSS vulnerability. This enables an attacker, without requiring any privileges, to inject malicious JavaScript into a website. When a user visits the compromised page,...

4.7CVSS5.9AI score0.00209EPSS
Exploits0References2
OSV
OSV
added 2025/04/03 2:10 p.m.3 views

BIT-JOOMLA-2020-13763

In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users...

7.5CVSS7AI score0.01227EPSS
Exploits0References2
Rows per page
Query Builder