Lucene search
K

61695 matches found

Snyk
Snyk
added 2026/03/05 9:13 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper sanitization of HTML anchor tags in the comment and issue description functionality. An attacker can execute arbitrary JavaScript in the context of another user by injecting malicious links...

8.7CVSS5.8AI score0.00306EPSS
Exploits1References2
CVE
CVE
added 2026/03/05 9:6 p.m.29 views

CVE-2026-28492

File Browser CVE-2026-28492 affects the File Browser file-management interface. Before v2.61.0, the withHashFile middleware uses filepath.Dir(link.Path) to determine BasePathFs, causing the filesystem root to be set to the parent directory of a public share rather than the share itself. This allo...

7.1CVSS5.8AI score0.00322EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/05 9:6 p.m.5 views

CVE-2026-28492

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.0, when a user creates a public share link for a directory, the withHashFile middleware in http/public.go uses...

7.1CVSS5.8AI score0.00322EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/05 8:16 p.m.2 views

DEBIAN-CVE-2026-28350

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inje...

6.1CVSS8.3AI score0.00254EPSS
Exploits1References1
NVD
NVD
added 2026/03/05 8:16 p.m.4 views

CVE-2025-29165

An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc/shadow.sample component...

9.8CVSS0.00633EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/03/05 8:16 p.m.4 views

CVE-2026-28350

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inje...

6.1CVSS7.2AI score0.00254EPSS
Exploits1References3
Circl
Circl
added 2026/03/05 8:0 p.m.3 views

CVE-2026-26194

creationtimestamp| type| source ---|---|--- 2026-03-05 20:00:34+00:00| seen| https://bsky.app/profile/flarestart.bsky.social/post/3mgdlluyxax24 2026-05-29 16:00:06+00:00| seen| https://t.me/truesecator/8260...

8.8CVSS7.2AI score0.00433EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/03/05 7:49 p.m.7 views

CVE-2026-28350

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inje...

6.1CVSS8.3AI score0.00254EPSS
Exploits1
Circl
Circl
added 2026/03/05 7:33 p.m.8 views

CVE-2026-28115

creationtimestamp| type| source ---|---|--- 2026-03-05 19:33:30+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgdk3hvnwq2t...

9.3CVSS5.9AI score0.00241EPSS
Exploits0References1
Circl
Circl
added 2026/03/05 7:33 p.m.6 views

CVE-2026-24457

creationtimestamp| type| source ---|---|--- 2026-03-05 19:33:24+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgdk3bgqqg2c...

9.8CVSS5.9AI score0.00616EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/05 7:31 p.m.5 views

CVE-2026-20102

A vulnerability in the SAML 2.0 single sign-on SSO feature of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the SAML feature and access sensitive,...

6.1CVSS5.8AI score0.00264EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/05 7:31 p.m.6 views

CVE-2026-20149

A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. Cisco has addressed this vulnerability, and no customer action is needed. This vulnerability was due to improper filtering of user-supplied input. Prior to this...

6.1CVSS5.8AI score0.00235EPSS
Exploits0References1
OSV
OSV
added 2026/03/05 7:26 p.m.3 views

GHSA-XRCR-GMF5-2R8J Gogs: Stored XSS via data URI in issue comments

Summary A Stored Cross-site Scripting XSS vulnerability exists in the comment and issue description functionality. The application's HTML sanitizer explicitly allows data: URI schemes, enabling authenticated users to inject arbitrary JavaScript execution via malicious links. Details The...

8.7CVSS6.3AI score0.00306EPSS
Exploits1References6
OSV
OSV
added 2026/03/05 7:16 p.m.6 views

CVE-2025-70232

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter...

9.8CVSS6AI score0.00633EPSS
Exploits1References3
OSV
OSV
added 2026/03/05 7:16 p.m.6 views

CVE-2025-70233

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard...

9.8CVSS6AI score0.00633EPSS
Exploits1References3
NVD
NVD
added 2026/03/05 7:16 p.m.6 views

CVE-2025-70233

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard...

9.8CVSS0.00633EPSS
Exploits1References3
NVD
NVD
added 2026/03/05 7:16 p.m.11 views

CVE-2025-70232

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter...

9.8CVSS0.00633EPSS
Exploits1References3
OSV
OSV
added 2026/03/05 7:16 p.m.4 views

CVE-2025-70231

D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When processing POST requests related to verification codes in /goform/formLogin, it enters /goform/getAuthCode but fails to filter the value of the FILECODE parameter, resulting in a path traversal vulnerability...

9.8CVSS5.8AI score0.00664EPSS
Exploits1References3
NVD
NVD
added 2026/03/05 7:16 p.m.6 views

CVE-2025-70230

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDDNS...

9.8CVSS0.00784EPSS
Exploits1References3
NVD
NVD
added 2026/03/05 7:16 p.m.11 views

CVE-2025-70229

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSchedule...

9.8CVSS0.00633EPSS
Exploits1References3
Rows per page
Query Builder