Lucene search
K

5 matches found

Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.4 views

PT-2026-31962

OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling attackers to...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/07 7:22 p.m.19 views

CVE-2026-39367 WWBN AVideo has Stored XSS via Malicious EPG XML Program Titles in AVideo EPG Page

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's EPG Electronic Program Guide feature parses XML from user-controlled URLs and renders programme titles directly into HTML without any sanitization or escaping. A user with upload permission can set a video's epglin...

5.4CVSS0.00195EPSS
Exploits0References2
NVD
NVD
added 2025/11/18 11:15 p.m.6 views

CVE-2025-65012

Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any page or the name of any user to a malicious string. Then they could modify any content field of the same model without saving, making the model a candidate for display in the...

5.4CVSS0.00156EPSS
Exploits0References2
OSV
OSV
added 2025/11/18 6:1 p.m.7 views

GHSA-84HF-8GH5-575J Kirby CMS has cross-site scripting (XSS) in the changes dialog

TL;DR This vulnerability affects all Kirby 5 sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update page titles or usernames. The attack requires user interaction by another Panel user and cannot be automated. ---- Introductio...

5.1CVSS6.6AI score0.00156EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.4 views

PT-2025-47416

Name of the Vulnerable Software and Affected Versions Kirby versions 5.0.0 through 5.1.3 Description Kirby is a content management system. Attackers could modify the title of any page or the name of any user to a malicious string. Subsequently, they could alter any content field of the same model...

5.1CVSS6.1AI score0.00156EPSS
Exploits0References6
Rows per page
Query Builder