Lucene search
K

45 matches found

NVD
NVD
added 2026/07/02 8:17 p.m.6 views

CVE-2026-59102

Forgejo before 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by setting a full name containing an HTML payload and triggering an Actions run. When the DEFAULTSHOWFULLNAME option is enabled,...

5.4CVSS0.00199EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/02 7:44 p.m.35 views

CVE-2026-59102 Forgejo < 15.0.3 - Stored XSS via Actions Run Full Name Rendering

Forgejo before 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by setting a full name containing an HTML payload and triggering an Actions run. When the DEFAULTSHOWFULLNAME option is enabled,...

5.4CVSS0.00199EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.14 views

PT-2026-53816

Name of the Vulnerable Software and Affected Versions Export User Data versions prior to 2.2.7 Description Insufficient file path validation in the unserialize function allows authenticated attackers with subscriber-level access or higher to delete arbitrary files on the server. This occurs when ...

8CVSS6.4AI score0.00341EPSS
Exploits0References9
EUVD
EUVD
added 2026/04/26 1:19 p.m.7 views

EUVD-2018-21809

Softdisk 3.0.3 contains a buffer overflow vulnerability in the registration code dialog that allows local attackers to crash the application by supplying an oversized string. Attackers can trigger the vulnerability by entering a 6000-byte payload in the Registration Name field through the Help...

6.9CVSS5.8AI score0.00137EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/14 3:30 p.m.6 views

EUVD-2026-22274

A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context o...

7.1CVSS6.1AI score0.00204EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/14 1:56 p.m.29 views

CVE-2026-4345 Stored Cross-Site Scripting (XSS) Vulnerability in Design Name

A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context o...

7.1CVSS0.00204EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/22 1:38 p.m.3 views

CVE-2019-25606 Fast AVI MPEG Joiner 1.2.0812 Buffer Overflow Denial of Service

Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the License Name inpu...

6.8CVSS6.1AI score0.00132EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/18 12:58 p.m.10 views

Craft CMS Vulnerable to Stored XSS in Revision Context Menu

The revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user e.g., Author can set their fullName to an XSS payload via the profile editor, then crea...

5.4CVSS5.8AI score0.00243EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/03/09 7:51 p.m.4 views

SQL Injection

Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to SQL Injection via the normalize function in the TimescaleDB export module, which constructs SQL queries using unsanitized system monitoring data such as process names, filesyst...

9.8CVSS6.7AI score0.00364EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/05 6:51 p.m.0 views

CVE-2026-26276 Gogs: DOM-based XSS via milestone selection

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. This issue has been patched in...

7.3CVSS5.7AI score0.00184EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.19 views

PT-2026-23488

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.2 Description Gogs, a self-hosted Git service, is affected by a DOM-Based Cross-Site Scripting XSS issue. An attacker can inject an HTML/JavaScript payload into a repository’s Milestone name. When another user selec...

9.9CVSS5.8AI score0.22162EPSS
Exploits70References137
OSV
OSV
added 2026/02/11 9:16 p.m.5 views

CVE-2020-37205

RemShutdown 2.9.0.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' registration field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash...

7.5CVSS6AI score0.00383EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/06 11:14 p.m.37 views

CVE-2020-37164 AbsoluteTelnet 11.12 - "license entry" Denial of Service

AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload and paste it into the license entry field to trigger an application crash...

6.7CVSS0.00222EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/25 12:24 p.m.5 views

CVE-2020-36931 Click2Magic 1.1.5 - Stored Cross-Site Scripting

Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin processes user requests...

6.4CVSS5.8AI score0.00251EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/22 4:58 p.m.20 views

CVE-2026-0533 Stored XSS in Fusion desktop when attempting to delete a file

A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local...

8.1CVSS0.0059EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/22 4:58 p.m.3 views

CVE-2026-0533 Stored XSS in Fusion desktop when attempting to delete a file

A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local...

8.1CVSS6AI score0.0059EPSS
Exploits0References3
CVE
CVE
added 2026/01/22 4:58 p.m.25 views

CVE-2026-0533

Technical details (affected product/version, root cause, exploit specifics, impact, or fixes) are not publicly available in the provided documents. Monitor for updates from Autodesk and security advisories to obtain concrete details and remediation guidance.

8.1CVSS5.9AI score0.0059EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2025/12/19 7:33 a.m.15 views

CVE-2025-66521

Summary: CVE-2025-66521 is a stored XSS in Foxit’s pdfonline.foxit.com, specifically in the Trusted Certificates feature. What’s affected: The certificate name field accepts crafted input that is later rendered into the DOM without proper sanitization. Root cause: Insufficient sanitization of the...

6.3CVSS5.3AI score0.001EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.10 views

PT-2025-52430

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Page Templates feature. A crafted payload can be stored as the template name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time the affected...

6.3CVSS5.5AI score0.00147EPSS
Exploits0References2
OSV
OSV
added 2025/10/13 9:15 p.m.6 views

CVE-2025-62246

Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions allow remote authenticated users t...

5.4CVSS5.6AI score0.00205EPSS
Exploits0References1
Rows per page
Query Builder