Lucene search
K

8 matches found

NVD
NVD
added 2026/06/26 2:16 a.m.11 views

CVE-2026-50745

A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sanitised, allowing user‑supplied input t...

6.1CVSS0.00224EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.16 views

PT-2026-48555

Simple Link Directory through 9.0.4 interpolates the sld no results found option into a JavaScript string literal without encoding. Because sanitize text field leaves quotes intact, a stored payload breaks out of the string and runs script for every page visitor...

5.4CVSS5.4AI score0.00141EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/05 12:0 a.m.11 views

CVE-2026-38579

Multiple reflected Cross-Site Scripting XSS vulnerabilities in damasac thaipalliativelte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter line 24, the id parameter lines 25, 75, and the ptidkey parameter lines 26, 42 in...

5.6AI score0.00199EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/05/14 12:0 a.m.9 views

PT-2024-26126 · Oceanic · Oceanic

Name of the Vulnerable Software and Affected Versions: Oceanic versions prior to 1.10.4 Description: The issue arises from the lack of url-encoding for input to certain functions, such as Client.rest.channels.removeBan. This allows specially crafted input, like ../../../channels/id, to be...

6.5CVSS6.8AI score0.00551EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.5 views

SUSE CVE-2007-5386

Cross-site scripting XSS vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string...

4.3CVSS6AI score0.03326EPSS
Exploits0References3
curl security advisories
curl security advisories
added 2020/06/24 8:0 a.m.12 views

Partial password leak over DNS on HTTP redirect

libcurl can be tricked to prepend a part of the password to the hostname before it resolves it, potentially leaking the partial password over the network and to the DNS servers. libcurl can be given a username and password for HTTP authentication when requesting an HTTP resource - used for HTTP...

7.5CVSS7.2AI score0.03427EPSS
Exploits1References1Affected Software2
RedHat Linux
RedHat Linux
added 2019/08/06 1:26 p.m.7 views

python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...

6.1CVSS6.8AI score0.02056EPSS
Exploits1References4
Exploit DB
Exploit DB
added 2018/05/06 12:0 a.m.35 views

Linux/x86 - execve(/bin/sh) + NOT Encoded Shellcode (27 bytes)

Linux/x86 - execve/bin/sh + NOT Encoded Shellcode 27 bytes. Shellcode exploit for Linuxx86 platform / ; Title : Execve /bin/sh Shellcode encoded with NOT ; Date : May, 2018 ; Author : Nuno Freitas ; Twitter : @nunof11 ; SLAE ID : SLAE-1112 ; Size : 27 bytes ; Tested on : i686 GNU/Linux section...

7.4AI score
Exploits0
Rows per page
Query Builder