Lucene search
K

21 matches found

EUVD
EUVD
added 2026/05/12 3:31 a.m.8 views

EUVD-2026-29368

SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...

4.7CVSS5.8AI score0.00249EPSS
Exploits0References3
NVD
NVD
added 2026/02/11 12:16 p.m.7 views

CVE-2025-14560

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by injecting malicious conten...

7.3CVSS0.00217EPSS
Exploits0References3
Veracode
Veracode
added 2025/10/23 8:19 a.m.8 views

Improper Input Validation

@anthropic-ai/claude-code is vulnerable to Improper Input Validation. The vulnerability is due to an error in command parsing that allows an attacker to bypass the confirmation prompt and trigger execution of untrusted commands by injecting malicious content into a Claude Code context window...

9.8CVSS7.5AI score0.00512EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/09/26 9:4 a.m.4 views

CVE-2025-9642 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could allow an attacker to inject malicious content that may lead to account takeover...

8.7CVSS6.5AI score0.00507EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/23 12:0 a.m.3 views

WSO2 Identity Server 安全漏洞

WSO2 Identity Server IS is an identity server from WSO2, Inc. A security vulnerability exists in WSO2 Identity Server IS that stems from improper handling of error messages and could lead to malicious content injection and social engineering attacks...

4.3CVSS6.7AI score0.002EPSS
Exploits0References1
OSV
OSV
added 2025/08/13 6:15 p.m.2 views

UBUNTU-CVE-2025-7734

An issue has been discovered in GitLab CE/EE affecting all versions from 14.2 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content...

8.7CVSS5.9AI score0.00289EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.2 views

GitLab 跨站脚本漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A cross-site scripting vulnerability exists in GitLab CE/EE versions prior to...

8.7CVSS6.6AI score0.00289EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/05/21 12:0 a.m.8 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Tomcat vulnerability (USN-7525-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7525-1 advisory. It was discovered that Apache Tomcat incorrectly implemented partial PUT functionality by replacing path separators with dots ...

10CVSS8.6AI score0.99945EPSS
Exploits46References2
CNNVD
CNNVD
added 2024/12/02 12:0 a.m.6 views

Rails HTML Sanitizers 跨站脚本漏洞

Rails HTML Sanitizers is an HTML cleanup tool from the US Rails team for use in Rails applications. A cross-site scripting vulnerability exists in Rails HTML Sanitizers version 1.6.0, which stems from a cross-site scripting vulnerability under certain configurations that could easily lead to...

6.1CVSS5.5AI score0.00435EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/09/20 5:41 a.m.15 views

CVE-2024-45808

A flaw was found in envoy. Affected versions of envoy may allow malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the REQUESTEDSERVERNAME field for access loggers. Mitigation Mitigation for this issue is either not availab...

6.5CVSS6.6AI score0.00353EPSS
Exploits0References4
Hacker One
Hacker One
added 2024/06/07 1:4 p.m.7 views

Mattermost: Posts sent via websockets aren't sanitized properly

The posts sent via websockets in the Mattermost application were not properly sanitized, allowing attackers to inject malicious content. The vulnerability enabled the creation of customized permalink embeds and YouTube embeds with arbitrary content, which could lead to denial-of-service issues an...

6.5CVSS6.7AI score0.00577EPSS
Exploits0
OSV
OSV
added 2024/05/03 5:53 p.m.31 views

GHSA-PWGC-W4X9-GW67 changedetection.io Cross-site Scripting vulnerability

Summary Input in parameter notificationurls is not processed resulting in javascript execution in the application Details changedetection.io version: v0.45.21 https://github.com/dgtlmoon/changedetection.io/blob/0.45.21/changedetectionio/forms.pyL226 for serverurl in field.data: if not...

4.3CVSS4.3AI score0.01281EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/02/14 8:24 a.m.19 views

CVE-2023-44294

In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance between v5.10.00.00 and v5.18.00.00, a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This issue may potentially...

5.4CVSS6.5AI score0.00444EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/14 8:5 a.m.28 views

CVE-2023-44293

In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance between v5.10.00.00 and v5.18.00.00, a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially le...

5.4CVSS6.8AI score0.00444EPSS
Exploits0References1
Snyk
Snyk
added 2023/01/03 1:36 p.m.1 views

External Control of Assumed-Immutable Web Parameter

Overview Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter due to improper escape of the " character in the generatemultipart function, which allows injecting malicious content to the filename parameter via the Content-Disposition header. PoC...

6.5CVSS7AI score0.0129EPSS
Exploits1References2
Talos
Talos
added 2022/12/21 12:0 a.m.44 views

Ghost unauthorized newsletter modification vulnerability

Talos Vulnerability Report TALOS-2022-1624 Ghost unauthorized newsletter modification vulnerability December 21, 2022 CVE Number CVE-2022-41654 SUMMARY An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted...

9.6CVSS5AI score0.18914EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2022/11/18 12:0 a.m.5 views

PT-2022-6734 · Ruby +10 · Cgi +10

Name of the Vulnerable Software and Affected Versions: cgi gem versions 0.1.0.0 through 0.1.0.1 cgi gem versions 0.2.0 through 0.2.1 cgi gem versions 0.3.0 through 0.3.4 Description: The issue is related to HTTP response splitting, which occurs when untrusted user input is inserted into an HTTP...

9.8CVSS6.6AI score0.04127EPSS
Exploits4References183
OSV
OSV
added 2020/09/11 5:15 p.m.4 views

CVE-2020-1198

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

7.4CVSS5.6AI score0.02665EPSS
Exploits1References1
Prion
Prion
added 2020/09/11 5:15 p.m.16 views

Cross site scripting

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

3.5CVSS5.6AI score0.0164EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2019/11/27 12:0 a.m.1 views

Ruby has an unspecified vulnerability (CNVD-2020-12798)

Ruby is a simple and fast object-oriented object-oriented programming scripting language. An unspecified vulnerability exists in Ruby. An attacker could exploit the vulnerability by inserting line breaks to split headers and inject malicious content to spoof the client...

5.3CVSS5.6AI score0.04569EPSS
Exploits0References1
Rows per page
Query Builder