Lucene search
K

22 matches found

EUVD
EUVD
added 2026/07/02 5:35 a.m.9 views

EUVD-2026-41249

The Insert Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post custom field keys meta key names in all versions up to, and including, 3.11.4. This is due to insufficient output escaping in the themeta function: while the custom field VALUE is sanitized with wpksespost...

6.4CVSS5.9AI score0.00217EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/02 5:35 a.m.40 views

CVE-2026-10089 Insert Pages <= 3.11.4 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Field Keys (Meta Key Names)

The Insert Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post custom field keys meta key names in all versions up to, and including, 3.11.4. This is due to insufficient output escaping in the themeta function: while the custom field VALUE is sanitized with wpksespost...

6.4CVSS0.00217EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/08 1:52 a.m.48 views

lodash: lodash: Arbitrary code execution via untrusted input in template imports

A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. Additionally, .template uses assignInWith to merge imports, whi...

9.8CVSS6.4AI score0.01735EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-4114

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.04036EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/06/02 12:0 a.m.5 views

Gokapi 安全漏洞

Gokapi is a lightweight, self-hosted Firefox sending alternative from Marc Bulling Personal Developer. A security vulnerability exists in Gokapi versions prior to 2.0.0, which stems from a cross-site scripting attack that may result from the injection of JavaScript code when renaming API key...

5.4CVSS6.2AI score0.00117EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 10:51 a.m.39 views

BIT-ETCD-2023-32082 etcd key name can be accessed via LeaseTimeToLive API

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...

4.3CVSS6.1AI score0.00744EPSS
Exploits0References5
OSV
OSV
added 2023/07/11 5:15 p.m.4 views

UBUNTU-CVE-2023-36824

Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several...

8.8CVSS6.5AI score0.77422EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/05/23 2:54 a.m.3 views

SUSE CVE-2023-32082

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...

4.3CVSS8.1AI score0.00744EPSS
Exploits0References3
OSV
OSV
added 2023/05/12 8:19 p.m.44 views

GHSA-3P4G-RCW5-8298 etcd Key name can be accessed via LeaseTimeToLive API

Impact LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limited to a cluster which enables auth RBAC. Patches v3.4.26 and v3.5.9 are affected. Workarounds No. Reporter Yo...

3.1CVSS6AI score0.00744EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/05/12 8:19 p.m.40 views

etcd Key name can be accessed via LeaseTimeToLive API

Impact LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limited to a cluster which enables auth RBAC. Patches v3.4.26 and v3.5.9 are affected. Workarounds No. Reporter Yo...

4.3CVSS6.1AI score0.00744EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/05/11 8:15 p.m.1 views

DEBIAN-CVE-2023-32082

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...

4.3CVSS6.5AI score0.00744EPSS
Exploits0References1
OSV
OSV
added 2023/05/11 8:15 p.m.3 views

UBUNTU-CVE-2023-32082

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...

4.3CVSS7.1AI score0.00744EPSS
Exploits0References6
Cvelist
Cvelist
added 2023/05/11 7:22 p.m.30 views

CVE-2023-32082 etcd key name can be accessed via LeaseTimeToLive API

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...

3.1CVSS5.7AI score0.00744EPSS
Exploits0References4
Veracode
Veracode
added 2022/12/29 8:15 a.m.14 views

Command Injection

rdiffweb is vulnerable to command injection. The vulnerability exists in notification.py due to lack of character sanitisation in SSH key names which allows an attacker to inject a hyperlink that allows an attacker to redirect victim to malicious website...

5.4CVSS5.8AI score0.00485EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/23 12:0 a.m.4 views

PT-2022-28035 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.5.5 Description: The issue is related to a failure to sanitize special elements, which can lead to special element injection. Specifically, in rdiffweb, the lack of sanitization of characters in SSH key names coul...

6.6CVSS5.8AI score0.00485EPSS
Exploits1References10
OSV
OSV
added 2022/05/24 5:4 p.m.34 views

GHSA-H8WP-WGCQ-QHRF Improper Neutralization of Input During Web Page Generation in swagger-ui

swagger-ui has XSS in key names...

6.1CVSS6.1AI score0.04036EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 5:4 p.m.32 views

Improper Neutralization of Input During Web Page Generation in swagger-ui

swagger-ui has XSS in key names...

6.1CVSS2.6AI score0.04036EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2019/12/20 2:15 p.m.28 views

CVE-2016-1000229

swagger-ui has XSS in key names...

6.1CVSS6.6AI score0.04036EPSS
Exploits0References4
OSV
OSV
added 2019/12/20 2:15 p.m.26 views

CVE-2016-1000229

swagger-ui has XSS in key names...

6.1CVSS5.9AI score0.04036EPSS
Exploits0References4
Cvelist
Cvelist
added 2019/12/20 1:2 p.m.32 views

CVE-2016-1000229

swagger-ui has XSS in key names...

6.2AI score0.04036EPSS
Exploits0References4
Rows per page
Query Builder