Lucene search
+L

134 matches found

NVD
NVD
added 2026/07/02 12:17 p.m.7 views

CVE-2026-57755

Contributor Cross Site Scripting XSS in Mosaic Gallery Advanced Gallery = 1.2.0 versions...

6.5CVSS0.00139EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.34 views

CVE-2026-57755 WordPress Mosaic Gallery &#8211; Advanced Gallery plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in Mosaic Gallery Advanced Gallery = 1.2.0 versions...

6.5CVSS0.00139EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:15 a.m.16 views

CVE-2026-57755

CVE-2026-57755 describes a Contributor Cross Site Scripting (XSS) vulnerability in the WordPress plugin Mosaic Gallery – Advanced Gallery, affected versions

6.5CVSS5.8AI score0.00139EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/02 8:53 a.m.5 views

WordPress Mosaic Gallery &#8211; Advanced Gallery plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Mosaic Gallery Advanced Gallery versions = 1.2.0...

6.5CVSS5.8AI score0.00139EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.12 views

PT-2026-55043

Name of the Vulnerable Software and Affected Versions Mosaic Gallery – Advanced Gallery versions prior to 1.2.1 Description A Cross Site Scripting XSS issue exists that allows users with Contributor privileges to execute malicious scripts. XSS is a type of security flaw where an attacker injects...

6.5CVSS6AI score0.00139EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/05/05 12:0 a.m.13 views

MOSAIC-Bench: Measuring Compositional Vulnerability Induction in Coding Agents

Coding agents often pass per-prompt safety review yet ship exploitable code when their tasks are decomposed into routine engineering tickets. The challenge is structural: existing safety alignment evaluates overt requests in isolation, leaving models blind to malicious end-states that emerge from...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.5 views

CVE-2026-2417

A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges...

9.3CVSS6.1AI score0.00573EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/24 9:31 p.m.11 views

EUVD-2026-14960

A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges...

9.3CVSS6.1AI score0.00573EPSS
Exploits0References2
NVD
NVD
added 2026/03/24 7:16 p.m.5 views

CVE-2026-2417

A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges...

9.3CVSS0.00573EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/24 6:6 p.m.4 views

CVE-2026-2417

A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges...

9.3CVSS6.1AI score0.00573EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/24 6:6 p.m.10 views

CVE-2026-2417

The CVE-2026-2417 entry concerns Pharos Controls Mosaic Show Controller firmware 2.15.3, describing a Missing Authentication for Critical Function that could let an unauthenticated attacker bypass authentication and run arbitrary commands with root privileges. The vulnerability is rated CRITICAL ...

9.3CVSS6.1AI score0.00573EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/24 6:6 p.m.22 views

CVE-2026-2417 Missing Authentication for Critical Function in Pharos Controls Mosaic Show Controller

A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges...

9.3CVSS0.00573EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/24 6:6 p.m.5 views

CVE-2026-2417 Missing Authentication for Critical Function in Pharos Controls Mosaic Show Controller

A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges...

9.3CVSS6.1AI score0.00573EPSS
Exploits0References1
ICS
ICS
added 2026/03/24 6:0 a.m.8 views

Pharos Controls Mosaic Show Controller

RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary commands with root privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize...

9.3CVSS6AI score0.00573EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.7 views

PT-2026-27478

Name of the Vulnerable Software and Affected Versions Pharos Controls Mosaic Show Controller version 2.15.3 Description A missing authentication check for a critical function allows an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges. This...

9.3CVSS6.1AI score0.00573EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.13 views

Pharos Controls Mosaic Show Controller 访问控制错误漏洞

Pharos Controls Mosaic Show Controller is an embedded control device developed by the British company Pharos, used for lighting control and multimedia scene orchestration. Version 2.15.3 of Pharos Controls Mosaic Show Controller contains a security vulnerability due to the lack of authentication...

9.3CVSS6.1AI score0.00573EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:46 a.m.8 views

CVE-2022-31521

The Niyaz-Mohamed/mosaic repository through 1.0.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS7AI score0.01242EPSS
Exploits1References1
Snyk
Snyk
added 2025/11/27 3:49 p.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The package was flagged as malicious during the Sha1-hulud supply chain attack. Although the Sha1-hulud IoCs are not present within the package, the contents of the affected version were removed from the officia...

9.8CVSS6.8AI score
Exploits0References3
EUVD
EUVD
added 2025/11/25 12:13 a.m.4 views

EUVD-2025-199518

Malicious code in @axinom/mosaic-cli npm...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/25 12:13 a.m.6 views

Malicious code in @axinom/mosaic-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7168f2a1e0e25128412330dd5022d955509346523f45c453d18e9205eb38b678 The package @axinom/mosaic-cli was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References1
Rows per page
Query Builder