Lucene search
K

9 matches found

OSV
OSV
added 2026/05/19 2:1 p.m.5 views

OPENSUSE-SU-2026:20771-1 Security update for perl-YAML-Syck

This update for perl-YAML-Syck fixes the following issues: Changes in perl-YAML-Syck: - updated to 1.450.0 1.45 Bug Fixes - Fix: use syckbase64free to fix Windows "Free to wrong pool" crash in base64 encode/decode buffers; also plugs a memory leak PR 189 - Fix: clear type tag on blessed scalar...

9.1CVSS6AI score0.00429EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/23 6:43 p.m.3 views

CVE-2026-33688 AVideo has Pre-Captcha User Enumeration and Account Status Disclosure in Password Recovery Endpoint

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the password recovery endpoint at objects/userRecoverPass.php performs user existence and account status checks before validating the captcha. This allows an unauthenticated attacker to enumerate valid usernames a...

5.3CVSS5.8AI score0.00278EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/23 6:43 p.m.8 views

CVE-2026-33688

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the password recovery endpoint at objects/userRecoverPass.php performs user existence and account status checks before validating the captcha. This allows an unauthenticated attacker to enumerate valid usernames a...

5.3CVSS5.8AI score0.00278EPSS
Exploits1References3Affected Software1
RedHat Linux
RedHat Linux
added 2024/06/27 1:6 p.m.7 views

golang: html/template: errors returned from MarshalJSON methods may break template escaping

A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into...

5.4CVSS7.2AI score0.00795EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2024/05/22 11:47 a.m.3 views

golang: html/template: errors returned from MarshalJSON methods may break template escaping

A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into...

5.4CVSS7.2AI score0.00795EPSS
Exploits0References8
OSV
OSV
added 2024/03/05 11:15 p.m.2 views

DEBIAN-CVE-2024-24785

If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates...

5.4CVSS6.5AI score0.00795EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/12/06 2:4 a.m.5 views

SUSE CVE-2023-49080

The Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information...

4.1CVSS6.9AI score0.00841EPSS
Exploits0References3
OSV
OSV
added 2023/12/04 9:15 p.m.3 views

UBUNTU-CVE-2023-49080

The Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information...

4.3CVSS6.1AI score0.00841EPSS
Exploits0References5
OSV
OSV
added 2017/09/20 6:29 p.m.3 views

UBUNTU-CVE-2015-4707

Cross-site scripting XSS vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path...

6.1CVSS7.4AI score0.01762EPSS
Exploits0References3
Rows per page
Query Builder