Lucene search
K

20 matches found

RedHat Linux
RedHat Linux
added 2026/07/01 9:21 p.m.10 views

dnsmasq: dnsmasq: heap buffer overflow in cache via NAME_ESCAPE expansion

A heap buffer overflow was discovered in dnsmasq's DNS cache. When processing DNS responses, dnsmasq expands certain characters into longer escape sequences, but the cache buffer is not sized to hold the expanded result. A specially crafted DNS response can overflow this buffer, potentially...

7.3CVSS6AI score0.00754EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.6 views

CVE-2026-57282

Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, allowing attackers able to control the name of a build's working directory to execute arbitrary operating system commands on the agent...

5CVSS6.2AI score0.00207EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/19 4:15 p.m.18 views

dnsmasq: dnsmasq: heap buffer overflow in cache via NAME_ESCAPE expansion

A heap buffer overflow was discovered in dnsmasq's DNS cache. When processing DNS responses, dnsmasq expands certain characters into longer escape sequences, but the cache buffer is not sized to hold the expanded result. A specially crafted DNS response can overflow this buffer, potentially...

7.3CVSS6AI score0.00754EPSS
Exploits1References4
NVD
NVD
added 2026/05/14 7:16 p.m.21 views

CVE-2026-44670

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the kernel stores Attribute View AV / database names without any HTML escape, then a render template uses raw strings.ReplaceAlltpl, "$avName", nodeAvName to embed the name in HTML before pushing to all clients via...

9.4CVSS0.00509EPSS
Exploits0References1
NVD
NVD
added 2026/02/06 4:16 p.m.8 views

CVE-2025-13523

Mattermost Confluence plugin version 1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connectio...

7.7CVSS0.00189EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/06 3:52 p.m.27 views

CVE-2025-13523 Cross-Site Scripting (XSS) via Unescaped Display Names in Mattermost Confluence Plugin OAuth2 Flow

Mattermost Confluence plugin version 1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connectio...

7.7CVSS0.00189EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/06 3:52 p.m.7 views

EUVD-2025-206888

Mattermost Confluence plugin version 1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connectio...

7.7CVSS5.7AI score0.00189EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2007-6576

Malware in sbrugna...

10CVSS6.1AI score0.02282EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-5000

Malware in sbrugna...

9.8CVSS9.4AI score0.0123EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-54812

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout, logger names are not properly escaped when writing out to the HT...

5.4CVSS6.2AI score0.01084EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/25 6:54 a.m.11 views

CVE-2025-54301 Extension - norrnext.com - Stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla

A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. File names are not properly escaped...

8.5CVSS0.00293EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:41 a.m.11 views

CVE-2023-0439

The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins in multisite / admins in single site can create forms, however there is a settings allowing them to give lower roles access to such featur...

5.4CVSS5.3AI score0.00367EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/05/16 12:0 a.m.3 views

PT-2023-24110 · Jenkins · Jenkins Pipeline: Job Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Job Plugin versions 1292.v27d8cc3e2602 and earlier Description: The Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site...

7.5CVSS5.4AI score0.00586EPSS
Exploits0References7
OSV
OSV
added 2022/06/23 5:15 p.m.4 views

CVE-2022-34194

Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS6.3AI score0.00606EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/04/12 8:15 p.m.5 views

CVE-2022-29041

Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS6AI score0.00825EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/04/12 12:0 a.m.5 views

Jenkins Git Parameter Plugin跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exis...

5.4CVSS5.3AI score0.00802EPSS
Exploits0References4
OSV
OSV
added 2021/12/13 11:15 a.m.4 views

CVE-2021-24782

The Flex Local Fonts WordPress plugin through 1.0.0 does not escape the Class Name field when adding a font, which could allow hight privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00598EPSS
Exploits2References1
OSV
OSV
added 2021/11/08 6:15 p.m.3 views

CVE-2021-24708

The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 does not escape its Export's Name before outputting it in Manage Exports settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00598EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2019/10/31 4:15 p.m.2 views

CVE-2009-5043

burn allows file names to escape via mishandled quotation marks...

9.8CVSS5.5AI score0.0123EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2011/03/01 10:48 p.m.6 views

Mailman: Three XSS flaws due improper escaping of the full name of the member

Multiple cross-site scripting XSS vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 full name or 2 username field in a confirmation message...

4.3CVSS7.3AI score0.04248EPSS
Exploits0References4
Rows per page
Query Builder