Lucene search
+L

956 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 1:32 p.m.5 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a StackOverflowError CVE-2025-48924

Summary Apache Commons is used by the IBM Datapower Operations Dashboard in their Java components utility operations Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

5.3CVSS5.8AI score0.02164EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/02 1:43 p.m.8 views

CVE-2026-3386

A flaw has been found in wren-lang wren up to 0.4.0. Affected by this vulnerability is the function emitOp of the file src/vm/wrencompiler.c. This manipulation causes out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been published and may be used. The...

7.1CVSS5.5AI score0.0017EPSS
Exploits1References1
CVE
CVE
added 2026/03/01 8:32 a.m.25 views

CVE-2026-3386

The CVE-2026-3386 affects wren-lang Wren up to version 0.4.0. Affects the function emitOp in src/vm/wren_compiler.c, enabling an out-of-bounds read. Exploitation is possible on the local host; an exploit has been published. The project was informed of the issue early via an issue report but has n...

7.1CVSS5.5AI score0.0017EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2026/03/01 8:32 a.m.29 views

CVE-2026-3385 wren-lang wren wren_compiler.c resolveLocal recursion

A vulnerability was detected in wren-lang wren up to 0.4.0. Affected is the function resolveLocal of the file src/vm/wrencompiler.c. The manipulation results in uncontrolled recursion. Attacking locally is a requirement. The exploit is now public and may be used. The project was informed of the...

4.8CVSS0.00167EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/02/28 2:0 p.m.6 views

CVE-2026-1434

Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim’s browser. This issue was fixed in 4.6.7...

6.1CVSS6.1AI score0.00158EPSS
Exploits2References1
EUVD
EUVD
added 2026/02/27 12:31 p.m.7 views

EUVD-2026-9021

Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim’s browser. This issue was fixed in 4.6.7...

6.1CVSS6.1AI score0.00158EPSS
Exploits2References3
NVD
NVD
added 2026/02/27 11:16 a.m.12 views

CVE-2026-1434

Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim’s browser. This issue was fixed in 4.6.7...

6.1CVSS0.00158EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/02/27 10:32 a.m.26 views

CVE-2026-1434 Reflected XSS in Omega-PSIR

Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim’s browser. This issue was fixed in 4.6.7...

5.1CVSS0.00158EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/02/27 10:32 a.m.5 views

CVE-2026-1434 Reflected XSS in Omega-PSIR

Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim’s browser. This issue was fixed in 4.6.7...

5.1CVSS6.1AI score0.00158EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/02/27 10:32 a.m.4 views

CVE-2026-1434

Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim’s browser. This issue was fixed in 4.6.7...

6.1CVSS6.1AI score0.00158EPSS
Exploits2References3Affected Software1
EUVD
EUVD
added 2026/02/27 3:30 a.m.10 views

EUVD-2026-8992

A vulnerability was determined in berry-lang berry up to 1.1.0. The affected element is the function scanstring of the file src/belexer.c. This manipulation causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Patch name:...

4.8CVSS4.3AI score0.00223EPSS
Exploits1References9
Cvelist
Cvelist
added 2026/02/27 3:2 a.m.26 views

CVE-2026-3285 berry-lang berry be_lexer.c scan_string out-of-bounds

A vulnerability was determined in berry-lang berry up to 1.1.0. The affected element is the function scanstring of the file src/belexer.c. This manipulation causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Patch name:...

4.8CVSS0.00223EPSS
Exploits1References8
CVE
CVE
added 2026/02/27 3:2 a.m.22 views

CVE-2026-3285

Berry-lang (up to 1.1.0) contains an out-of-bounds read in the scan_string function of src/be_lexer.c. The flaw requires local access and has publicly disclosed exploits. A patch (commit 7149c59a39ba44feca261b12f06089f265fec176) is provided as the recommended fix; apply it to remediate. Vendors (...

7.8CVSS4.5AI score0.00223EPSS
Exploits1References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.9 views

PT-2026-22330

Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim’s browser. This issue was fixed in 4.6.7...

5.1CVSS6.1AI score0.00158EPSS
Exploits2References3
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.12 views

Omega-PSIR 跨站脚本漏洞

Omega-PSIR is a comprehensive scientific information management system operated by Politechnika Warszawska. Omega-PSIR has a cross-site scripting vulnerability, which stems from the reflective cross-site scripting present in the lang parameter. This vulnerability could allow attackers to execute...

6.1CVSS5.9AI score0.00158EPSS
Exploits2References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/17 12:4 p.m.13 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang:...

7.5CVSS6.5AI score0.03136EPSS
Exploits3Affected Software1
NVD
NVD
added 2026/02/14 7:16 a.m.7 views

CVE-2026-1910

The UpMenu – Online ordering for restaurants plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lang' attribute of the 'upmenu-menu' shortcode in all versions up to, and including, 3.1. This is due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS0.00237EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/14 6:42 a.m.4 views

CVE-2026-1910 UpMenu <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'upmenu-menu' Shortcode 'lang' Attribute

The UpMenu – Online ordering for restaurants plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lang' attribute of the 'upmenu-menu' shortcode in all versions up to, and including, 3.1. This is due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.7AI score0.00237EPSS
Exploits0References3
CVE
CVE
added 2026/02/14 6:42 a.m.15 views

CVE-2026-1910

CVE-2026-1910 refers to a stored cross-site scripting flaw in UpMenu – Online ordering for restaurants (WordPress) versions ≤ 3.1. The vulnerability arises from insufficient sanitization and output escaping of user-supplied attributes in the upmenu-menu shortcode lang attribute, enabling authenti...

6.4CVSS5.8AI score0.00237EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/14 6:42 a.m.27 views

CVE-2026-1910 UpMenu <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'upmenu-menu' Shortcode 'lang' Attribute

The UpMenu – Online ordering for restaurants plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lang' attribute of the 'upmenu-menu' shortcode in all versions up to, and including, 3.1. This is due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS0.00237EPSS
Exploits0References3
Rows per page
Query Builder