Lucene search
K

754 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.9 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000856)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000856 advisory. The tcprcvstateprocess function in net/ipv4/tcpinput.c in the Linux kernel before 3.2.24 allows remote attackers to cause a denial of service kernel resource...

7.8CVSS7.9AI score0.03336EPSS
Exploits2References7
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.8 views

Softlink Oliver Library Server security vulnerability

Softlink Oliver Library Server is a library management system developed by the Australian company Softlink. Version 5 of Softlink Oliver Library Server contains a security vulnerability. This vulnerability stems from uncleaned inputs in the FileServlet endpoint, which may lead to the download of...

8.7CVSS5.9AI score0.00753EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/14 4:52 p.m.4 views

EUVD-2026-2450

html2pdf.js converts any webpage or element into a printable PDF entirely client-side. Prior to 0.14.0, html2pdf.js contains a cross-site scripting XSS vulnerability when given a text source rather than an element. This text is not sufficiently sanitized before being attached to the DOM, allowing...

8.7CVSS5.3AI score0.00324EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.9 views

PT-2026-2926

Name of the Vulnerable Software and Affected Versions html2pdf.js versions prior to 0.14.0 Description html2pdf.js converts webpages or elements into printable PDFs client-side. When provided with a text source instead of an element, versions prior to 0.14.0 do not sufficiently sanitize the text...

8.7CVSS6.5AI score0.00324EPSS
Exploits1References14
RedhatCVE
RedhatCVE
added 2026/01/09 12:41 p.m.7 views

CVE-2023-25367

Siglent SDS 1104X-E SDS1xx4X-EV6.1.37R9.ADS allows unfiltered user input resulting in Remote Code Execution RCE with SCPI interface or web server...

9.8CVSS7.7AI score0.0172EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:57 a.m.9 views

CVE-2020-12815

An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields...

5.4CVSS6.4AI score0.00851EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:5 a.m.7 views

CVE-2024-34766

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Automattic ChaosTheory allows Stored XSS.This issue affects ChaosTheory: from n/a through 1.3...

6.5CVSS6AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:34 a.m.17 views

CVE-2024-41116

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the visparams variable on line 1254 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 1345, leading to remote code...

9.8CVSS9.7AI score0.01322EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:32 a.m.9 views

CVE-2024-39631

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through = 23.1.2...

7.1CVSS5.9AI score0.00307EPSS
Exploits0References1
OSV
OSV
added 2026/01/08 3:55 p.m.7 views

USN-7946-2 gnupg vulnerability

USN-7946-1 fixed vulnerabilities in GnuPG 2.x. This update provides the corresponding updates for GnuPG 1.x. Original advisory details: It was discovered that GnuPG incorrectly handled crafted input. A remote attacker could possibly use this issue to crash the program, or execute arbitrary code...

7.8CVSS7.3AI score0.00129EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/05 8:45 p.m.4 views

EUVD-2025-206232

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a command injection vulnerability exists in the git source input fields of a resource, allowing a low privileged user member to execute syst...

9.4CVSS7.2AI score0.0194EPSS
Exploits2References2
EUVD
EUVD
added 2026/01/05 7:42 p.m.4 views

EUVD-2026-0823

badkeys vulnerable to ASCII control character injection on console via malformed input...

5.1CVSS6.8AI score0.00302EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/12/31 5:6 p.m.5 views

CVE-2025-62746

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodeFlavors Featured Video for WordPress - VideographyWP videographywp allows Stored XSS.This issue affects Featured Video for WordPress - VideographyWP: from n/a through = 1.0.18...

6.5CVSS5.9AI score0.00127EPSS
Exploits0References1
NVD
NVD
added 2025/12/29 10:15 p.m.9 views

CVE-2025-68607

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hiroaki Miyashita Custom Field Template custom-field-template allows Stored XSS.This issue affects Custom Field Template: from n/a through = 2.7.7...

6.5CVSS0.0017EPSS
Exploits0References1
OSV
OSV
added 2025/12/26 3:30 a.m.15 views

GHSA-898P-HH3P-HF9R Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text

Gitea before 1.22.2 allows XSS because the search input box for creating tags and branches is v-html instead of v-text...

5.4CVSS6.2AI score0.00222EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/22 9:35 p.m.3 views

CVE-2023-53978 myBB Forums 1.8.26 Stored Cross-Site Scripting via Forum Announcements

myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum announcement system that allows authenticated administrators to inject malicious scripts when creating announcements. Attackers can exploit this vulnerability by inserting script payloads in the announcement titl...

5.4CVSS5.8AI score0.00198EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/09 2:52 p.m.35 views

CVE-2025-63042 WordPress Tutor LMS Elementor Addons plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Tutor LMS Elementor Addons tutor-lms-elementor-addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons: from n/a through = 3.0.1...

6.5CVSS0.0022EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.7 views

PT-2025-49921

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FirePlugins FireBox firebox allows Stored XSS.This issue affects FireBox: from n/a through = 3.1.0-free...

6.5CVSS6AI score0.00162EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/03 8:44 p.m.6 views

Arbitrary Command Injection

Overview mcp-server-kubernetes is a MCP server for interacting with Kubernetes clusters via kubectl Affected versions of this package are vulnerable to Arbitrary Command Injection via the execinpod tool. An attacker can execute arbitrary commands within Kubernetes pods by supplying crafted input...

8.8CVSS7.7AI score0.01309EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/03 6:6 a.m.14 views

Security Bulletin: IBM Automation Decision Services for October 2025 - Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2025-46653...

8.1CVSS7.7AI score0.26049EPSS
Exploits4Affected Software1
Rows per page
Query Builder