CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

NVD•added 2025/12/09 4:17 p.m.•3 views

CVE-2025-42873

SAPUI5 and OpenUI5 packages use outdated 3rd party libraries with known security vulnerabilities. When markdown-it encounters special malformed input, it fails to terminate properly, resulting in an infinite loop. This Denial of Service via infinite loop causes high CPU usage and system...

5.9CVSS0.00055EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-0483

Malware in sbrugna...

7.8CVSS7.6AI score0.00301EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-1054

Malware in sbrugna...

6.1CVSS6.3AI score0.00287EPSS

Exploits0References4

RedhatCVE•added 2025/05/22 9:30 p.m.•3 views

CVE-2021-21316

less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be execut...

7.8CVSS6.8AI score0.00301EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 8:25 a.m.•5 views

CVE-2019-0281

SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

6.1CVSS6AI score0.00287EPSS

Exploits0References1

Node.js•added 2021/02/23 1:32 a.m.•77 views

Arbitrary JavaScript Execution

Overview In affected versions of less-openui5 processing untrusted theming resources might execute arbitrary code. Impact When processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be...

6.8CVSS0.7AI score0.00301EPSS

Exploits0Affected Software1

NVD•added 2021/02/16 6:15 p.m.•11 views

CVE-2021-21316

7.8CVSS0.00301EPSS

Exploits0References5

Prion•added 2021/02/16 6:15 p.m.•8 views

Privilege escalation

6.8CVSS7.5AI score0.00301EPSS

Exploits0References5Affected Software1

ATTACKERKB•added 2021/02/16 6:15 p.m.•0 views

CVE-2021-21316

7.8CVSS5.6AI score0.00301EPSS

Exploits0References6Affected Software1

CVE•added 2021/02/16 5:35 p.m.•67 views

CVE-2021-21316

CVE-2021-21316 affects the npm package less-openui5 (pre-0.10.0) and can allow arbitrary code execution during build when processing untrusted theming resources (*.less). The vulnerability arises from inline JavaScript evaluation in a forked Less.js v1.6.3 embedded by less-openui5, which is norma...

7.8CVSS6.7AI score0.00301EPSS

Exploits0References5Affected Software1

Cvelist•added 2021/02/16 5:35 p.m.•10 views

CVE-2021-21316 Arbitrary code execution in less-openui5

6.3CVSS7.8AI score0.00301EPSS

Exploits0References5

CNNVD•added 2021/02/16 12:0 a.m.•1 views

Less-openui5 Injection Vulnerability

An injection vulnerability exists in Less-openui5, which arises when a network system or product lacks proper validation of user input during the course of an operation to construct a command, data structure, or record, and fails to filter, or fails to correctly filter out, specific elements of t...

7.8CVSS7.1AI score0.00301EPSS

Exploits0References6

Veracode•added 2021/02/01 6:19 a.m.•18 views

Arbitrary Code Execution

less-openui5 is vulnerable to arbitrary code execution. When processing theming resources i.e. .less files that originate from an untrusted source, the resources may contain JavaScript code which will be executed in the context of the build process...

7.8CVSS2.5AI score0.00301EPSS

Exploits0References6Affected Software1

Github Security Blog•added 2021/01/29 8:51 p.m.•45 views

Processing untrusted theming resources might execute arbitrary code (ACE)

Impact When processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be executed in the context of the build process. While this is a feature of the Less.js library, it is an unexpected behavi...

7.8CVSS0.2AI score0.00301EPSS

Exploits0References7Affected Software1

OSV•added 2021/01/29 8:51 p.m.•20 views

GHSA-3CRJ-W4F5-GWH4 Processing untrusted theming resources might execute arbitrary code (ACE)

6.3CVSS7.5AI score0.00301EPSS

Exploits0References6

NVD•added 2019/07/10 7:15 p.m.•11 views

CVE-2019-0281

SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

6.1CVSS6AI score0.00287EPSS

Exploits0References3

OSV•added 2019/07/10 7:15 p.m.•12 views

CVE-2019-0281

SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

6.1CVSS6AI score

Exploits0References3

Prion•added 2019/07/10 7:15 p.m.•18 views

Cross site scripting

SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

4.3CVSS5.9AI score0.00287EPSS

Exploits0References3Affected Software1

CVE•added 2019/07/10 6:46 p.m.•130 views

CVE-2019-0281

SAPUI5 and OpenUI5 are affected prior to versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, where user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability. The root cause is insufficient input encoding. Connected documents confirm the issue ...

6.1CVSS5.9AI score0.00287EPSS

Exploits0References3Affected Software1

Cvelist•added 2019/07/10 6:46 p.m.•11 views

CVE-2019-0281

SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

6AI score0.00287EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by