Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/04/14 11:46 p.m.3 views

CVE-2026-40090 Zarf has a Path Traversal via Malicious Package Metadata.Name — Arbitrary File Write

Zarf is an Airgap Native Packager Manager for Kubernetes. Versions 0.23.0 through 0.74.1 contain an arbitrary file write vulnerability in the zarf package inspect sbom and zarf package inspect documentation subcommands. These subcommands output file paths are constructed by joining a...

7.1CVSS5.9AI score0.0032EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/23 6:31 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the package creation and search processes. An attacker can execute arbitrary scripts in the browsers of other users by injecting crafted HTML or JavaScript into the Name or Description fields, which are later...

5.4CVSS6AI score0.00198EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2019/03/26 12:0 a.m.6 views

PT-2019-18679 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel versions through 0.9.8.763 Description: The issue concerns a Stored/Persistent XSS vulnerability. It affects the add package module, specifically the Package Name field. This allows for potential exploitation via the module...

4.8CVSS4.8AI score0.07246EPSS
Exploits5References4
CNVD
CNVD
added 2017/07/19 12:0 a.m.5 views

Biscom Secure File Transfer Cross-Site Scripting Vulnerability

Biscom Secure File Transfer SFT is a Web-based file transfer solution from Biscom USA. The solution has features such as file sharing, workspace creation and automatic file cleanup. A cross-site scripting vulnerability exists in the Package Name field in Biscom SFT. A remote attacker could exploi...

5.4CVSS5.3AI score0.00503EPSS
Exploits0References1
Rows per page
Query Builder