Lucene search
K

20 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-16604

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00457EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-43614

Malicious code in bioql PyPI...

9.3CVSS6.5AI score0.00549EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 10:1 p.m.6 views

CVE-2022-30120

XSS in /dashboard/blocks/stacks/viewdetails/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot...

6.1CVSS6.1AI score0.0095EPSS
Exploits0References1
CVE
CVE
added 2025/02/11 7:21 a.m.52 views

CVE-2024-52612

Summary of CVE-2024-52612 (SolarWinds Platform): A reflected cross-site scripting vulnerability exists due to insufficient sanitation of input parameters. Exploitation requires authentication by a high-privileged account (and user interaction is typically required per NVD metrics), with impact on...

6.8CVSS6.4AI score0.00524EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/01/30 1:41 p.m.16 views

CVE-2024-12444 WP Dispensary <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP Dispensary plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdmenu' shortcode in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00264EPSS
Exploits0References3
Drupal
Drupal
added 2024/10/23 12:0 a.m.8 views

SVG Embed - Moderately critical - Cross site scripting - SA-CONTRIB-2024-050

This module enables you to embed the content of an SVG file into the body html of a node and optionally allows to translate text contained within the image. The module doesn't sufficiently sanitize the SVG file before embedding it into the html. This vulnerability is mitigated by the fact that an...

5.4CVSS7AI score0.00213EPSS
Exploits0References6
OSV
OSV
added 2022/06/25 12:0 a.m.26 views

GHSA-M2WW-6WV6-VW3C Cross site scripting in Concrete CMS

XSS in /dashboard/blocks/stacks/viewdetails/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot...

3.1CVSS6AI score0.0095EPSS
Exploits0References5
NVD
NVD
added 2022/06/24 3:15 p.m.18 views

CVE-2022-30119

XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Explorer with the XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2. This cannot be exploited in modern-da...

6.1CVSS0.00853EPSS
Exploits0References3
Prion
Prion
added 2022/06/24 3:15 p.m.13 views

Design/Logic Flaw

XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Explorer with the XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2. This cannot be exploited in modern-da...

4.3CVSS6AI score0.00853EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/17 3:43 p.m.11 views

SUSE-SU-2022:1717-1 Security update for nodejs10

This update for nodejs10 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe bsc1192153. - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite bsc1191963. - CVE-2021-32804: Fixed...

9.8CVSS8.3AI score0.21514EPSS
Exploits6References19
OSV
OSV
added 2022/05/17 7:13 a.m.13 views

SUSE-SU-2022:1694-1 Security update for nodejs8

This update for nodejs8 fixes the following issues: - CVE-2021-44906: Fixed prototype pollution in npm dependency bsc1198247. - CVE-2021-44907: Fixed insuficient sanitation in npm dependency bsc1197283. - CVE-2022-0235: Fixed passing of cookie data and sensitive headers to different hostnames in...

9.8CVSS7.9AI score0.04581EPSS
Exploits2References7
OSV
OSV
added 2016/12/29 11:39 p.m.7 views

MGASA-2016-0430 Updated roundcubemail packages fix security vulnerability

Users can execute commands on the server by writing e-mails, due to insufficient sanitation of the from field when calling PHP's mail function CVE-2016-9920. Note that only roundcubemail installations that don't have an SMTP server configured for mail delivery are affected...

7.5CVSS7.7AI score0.05621EPSS
Exploits2References4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

PHPKIT 1.6.x 'b-day.php' Addon SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/38891/info PHPKIT 'b-day.php' addon is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2012/12/10 12:0 a.m.10 views

Cisco DPC2420 Cross Site Scripting / File Disclosure

Cisco DPC2420 router is prone to a file disclosure and to a XSS vulnerability because it fails to sufficiently sanitize user supplied data. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

7.1AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2012/02/22 12:0 a.m.25 views

Oracle Java Web Start java-vm-args Command Argument Injection Remote Code Execution

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java Webstar...

9CVSS7.6AI score
Exploits0References1
Exploit DB
Exploit DB
added 2010/08/05 12:0 a.m.34 views

Hulihan Applications BXR 0.6.8 - SQL Injection / HTML Injection

source: https://www.securityfocus.com/bid/42247/info Hulihan Applications BXR is prone to an SQL-injection vulnerability and multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to compromise the application,...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2009/07/03 12:0 a.m.28 views

PeaZIP < 2.6.2 RCE Vulnerability - Windows

PeaZIP is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS7.5AI score0.41422EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2009/07/03 12:0 a.m.26 views

PeaZIP Remote Code Execution Vulnerability (Windows)

This host is installed with PeaZIP and is prone to Remote Code Execution vulnerability. OpenVAS Vulnerability Test $Id: gbpeazipcodeexecvuln.nasl 4869 2016-12-29 11:01:45Z teissa $ PeaZIP Remote Code Execution Vulnerability Windows Authors: Nikita MR Copyright: Copyright c 2009 Greenbone Networks...

9.3CVSS0.6AI score0.41422EPSS
Exploits3References2
exploitpack
exploitpack
added 2004/01/16 12:0 a.m.12 views

XtremeASP PhotoGallery 2.0 - Adminlogin.asp SQL Injection

XtremeASP PhotoGallery 2.0 - Adminlogin.asp SQL Injection source: https://www.securityfocus.com/bid/9438/info XtremeASP PhotoGallery is prone to an SQL injection vulnerability. The issue is reported to exist in the administration login interface, which does not sufficiently sanitize user-supplied...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2003/03/18 12:0 a.m.24 views

Mambo Site Server 4.0.10 - &#039;index.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/7135/info Mambo Site Server has been reported prone to a cross-site scripting vulnerability. It has been reported that certain user supplied URI parameters are not sufficiently sanitized by the Mambo Site Server. As a result of this deficiency an attacker...

7.4AI score
Exploits0
Rows per page
Query Builder