Lucene search
K

8771 matches found

Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.5 views

PT-2026-52416

Name of the Vulnerable Software and Affected Versions YMC Filter versions prior to 3.11.5 Description Improper neutralization of special elements used in an SQL command allows for SQL Injection. This occurs when the application fails to properly sanitize user-supplied data before incorporating it...

9.3CVSS5.8AI score0.00229EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 6:32 p.m.6 views

EUVD-2026-38800

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer...

4.6CVSS5.9AI score0.00256EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 4:16 p.m.9 views

CVE-2026-50708

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the MultiSelectDialog component...

4.8CVSS0.00239EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 3:16 p.m.8 views

CVE-2026-11878

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OpenText Access Manager allows Cross-Site Scripting XSS. This issue affects Access Manager: from 5.1 through 5.1.2...

8.2CVSS0.0013EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 2:17 p.m.19 views

CVE-2026-12537

Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI versions prior to 0.39.1 and run-gemini-cli GitHub Action versions prior to 0.1.22 on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously...

10CVSS0.00134EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 2:1 p.m.5 views

CVE-2026-11878

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OpenText Access Manager allows Cross-Site Scripting XSS. This issue affects Access Manager: from 5.1 through 5.1.2...

8.2CVSS5.8AI score0.0013EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:4 a.m.6 views

CVE-2026-10745

Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging. This issue affects upKeeper Instant Privilege Access: through 1.6.1...

7.9CVSS5.9AI score0.00264EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 3:53 p.m.29 views

CVE-2026-12621 Cross-Site Scripting (XSS) Vulnerability in Password Reset Redirect in GridTime™ 3000 GNSS Time Server

Improper neutralization of input during web page generation XSS vulnerability in the GridTime 3000 password reset form allows XSS. This issue affects GridTime 3000: from 1.0r0.03 before 1.2r0.0...

5.3CVSS0.0023EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 3:53 p.m.15 views

CVE-2026-12621

GridTime 3000 GNSS Time Server Password Reset form is vulnerable to XSS due to improper neutralization of input during web page generation. Affected from 1.0r0.03 up to, but not including, 1.2r0.0. Base CVSS v4 score is 5.3 (Medium). No exploitation details are provided in the documents; no remed...

5.3CVSS5.8AI score0.0023EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Ansible

A flaw in log output neutralization was discovered in Ansible when using the uri module. This flaw exposes sensitive data to content and JSON output. It allows attackers to access logs or outputs of executed tasks, thereby enabling them to read keys used in playbooks from other users within the u...

5.5CVSS6.8AI score0.00568EPSS
Exploits1References2
NVD
NVD
added 2026/06/18 2:17 p.m.10 views

CVE-2026-56012

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35...

8.5CVSS0.00211EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/06/18 2:0 p.m.7 views

Dynamics 365 Customer Voice Spoofing Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network...

9.3CVSS5.8AI score
Exploits0
CVE
CVE
added 2026/06/18 10:43 a.m.17 views

CVE-2026-56009

CVE-2026-56009 : Stored XSS in Bricksable for Bricks Builder plugin for WordPress, affected versions from n/a through 1.6.83. Root cause: Improper Neutralization of Input During Web Page Generation. CVSS 3.1 base score 5.9 (MEDIUM); attack vector NETWORK, complexity LOW, privileges required HIGH,...

5.9CVSS5.2AI score0.0014EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/18 10:43 a.m.8 views

EUVD-2026-37873

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bricksable for Bricks Builder allows Stored XSS. This issue affects Bricksable for Bricks Builder: from n/a through 1.6.83...

5.9CVSS5.3AI score0.0014EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 3:17 p.m.9 views

CVE-2026-54812

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in StylemixThemes Motors allows Blind SQL Injection. This issue affects Motors: from n/a through 1.4.109...

9.3CVSS0.00291EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.9 views

CVE-2026-54809

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10...

9.3CVSS0.00241EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:19 p.m.5 views

CVE-2025-31013

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themify Folo allows Reflected XSS. This issue affects Themify Folo: from n/a through 1.9.6...

7.1CVSS0.00146EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50549

Name of the Vulnerable Software and Affected Versions AWS Bedrock AgentCore Python SDK versions 1.1.3 through 1.6.0 Description Improper neutralization of argument delimiters in the install packages method of the Code Interpreter client allows a remote authenticated user to execute arbitrary...

8.4CVSS6.3AI score0.00302EPSS
Exploits0References9
CVE
CVE
added 2026/06/16 6:34 p.m.13 views

CVE-2026-12425

CVE-2026-12425 is a reflected/DOM-based XSS in PowerSchool Employee Access Center 23.10. The issue allows injection of JavaScript after the login URL that can be eval()’d in the user’s browser context, enabling an attacker to run code with the user’s privileges. The CVSS metrics indicate network ...

7.4CVSS5.5AI score0.00149EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/16 9:4 a.m.13 views

EUVD-2026-37057

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2...

9.3CVSS5.7AI score0.00229EPSS
Exploits1References1
Rows per page
Query Builder