Lucene search
K

8766 matches found

NVD
NVD
added 2026/06/11 12:16 p.m.13 views

CVE-2026-9694

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions, could have allowed an unauthenticated user to impersonate the GitLab Support Bot and inject arbitrary content via a specially...

4.3CVSS0.00211EPSS
Exploits0References3
CVE
CVE
added 2026/06/11 10:19 a.m.55 views

CVE-2026-9694

GitLab CE/EE (all supported lines affected) had a vulnerability allowing an unauthenticated user to impersonate the GitLab Support Bot and inject arbitrary content via a specially crafted Service Desk email reply. Root cause: improper neutralization in email template processing. Remediation: patc...

4.3CVSS5.6AI score0.00211EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.13 views

PT-2026-48657

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.9 through 18.10.7 GitLab CE/EE versions 18.11 through 18.11.4 GitLab CE/EE versions 19.0 through 19.0.1 Description An issue in email template processing allows an unauthenticated user to impersonate the GitLab Support...

4.3CVSS5.3AI score0.00211EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48658

Improper neutralization of special elements used in an expression language statement 'expression language injection' vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection. This issue affects Apinizer: from 2026.04.0 before 2026.04.6...

5.3CVSS5.5AI score0.00417EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/10 9:2 p.m.8 views

CVE-2026-45501

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...

6.5CVSS5.4AI score0.00308EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:1 p.m.9 views

CVE-2026-45481

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

7.3CVSS7AI score0.00687EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:0 p.m.8 views

CVE-2026-42835

Improper neutralization of special elements in output used by a downstream component 'injection' in Microsoft Teams for Android allows an authorized attacker to disclose information over a network...

8.1CVSS5.4AI score0.01259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.14 views

CVE-2026-25089

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may...

9.8CVSS6AI score0.23393EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 2:16 p.m.16 views

CVE-2026-49069

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM Portfolio allows Reflected XSS. This issue affects WPZOOM Portfolio: from n/a through 1.4.21...

7.1CVSS0.00142EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 6:30 p.m.11 views

EUVD-2026-35511

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

4.6CVSS7.1AI score0.00505EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 5:17 p.m.13 views

CVE-2026-47638

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

5.4CVSS0.00505EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.8 views

CVE-2026-45479

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

5.4CVSS0.00505EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.8 views

CVE-2026-45468

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

5.4CVSS0.00505EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.10 views

CVE-2026-45465

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

5.4CVSS0.0051EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.14 views

CVE-2026-42835

Improper neutralization of special elements in output used by a downstream component 'injection' in Microsoft Teams for Android allows an authorized attacker to disclose information over a network...

8.1CVSS0.01259EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.11 views

CVE-2026-41098

Improper neutralization of input during web page generation 'cross-site scripting' in Azure Stack Edge allows an authorized attacker to perform spoofing over a network...

8.4CVSS0.00814EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 5:5 p.m.19 views

CVE-2026-45465

CVE-2026-45465 : The vulnerability affects Microsoft Office SharePoint Server and is due to improper neutralization of input during web page generation, resulting in a cross-site scripting (XSS) issue. An authorized attacker can perform network-based spoofing. According to the provided descriptio...

5.4CVSS5.4AI score0.0051EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/09 5:5 p.m.20 views

CVE-2026-45462

The CVE-2026-45462 entry describes an XSS vulnerability in Microsoft Office SharePoint where improper neutralization of input during web page generation can enable spoofing over a network. According to the connected records, impact is limited to spoofing with Confidentiality/Integrity/Availabilit...

5.4CVSS5.4AI score0.00505EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/09 5:5 p.m.30 views

CVE-2026-47639

CVE-2026-47639 affects Microsoft Office SharePoint Server. The description identifies an Improper neutralization of input during web page generation (XSS) that enables an authorized attacker to perform spoofing over a network. Connected sources corroborate an XSS payload risk in SharePoint, leadi...

5.4CVSS5.4AI score0.0051EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/09 5:4 p.m.39 views

CVE-2026-45500

CVE-2026-45500: A cross-site scripting issue in Microsoft Exchange Server arises from improper neutralization of input during web page generation. This vulnerability could enable an unauthorized attacker to perform spoofing over the network. Documents identify Microsoft Exchange Server as affecte...

6.1CVSS5.4AI score0.00375EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder