Lucene search
K

220 matches found

NVD
NVD
added 19 hours ago7 views

CVE-2026-15524

A security vulnerability has been detected in alioshr memory-bank-mcp up to 0.2.1/3.1. This affects an unknown part of the file list-project-files-validation-factory.ts. Such manipulation of the argument projectName leads to path traversal. Local access is required to approach this attack. The...

4.8CVSS
Exploits0References6
CVE
CVE
added 20 hours ago11 views

CVE-2026-15524

The vulnerability CVE-2026-15524 affects alioshr memory-bank-mcp up to versions 0.2.1/3.1. The issue resides in the file list-project-files-validation-factory.ts where manipulation of the projectName argument enables path traversal. Local access is required to exploit, and public disclosure of th...

4.8CVSS5.8AI score
Exploits0References6
NVD
NVD
added 2026/06/17 3:17 p.m.12 views

CVE-2026-55748

OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...

6CVSS0.0019EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 2:12 p.m.30 views

CVE-2026-55748

OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...

6CVSS0.0019EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 3:41 p.m.6 views

MAL-2026-5898 Malicious code in strict-engine-peer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0913b30a168bfed09d3c5ae59aeaf6a305a395f86516fb1fb8ece60bb95904de On npm install, the package's preinstall hook preinstall: node index.js in package.json executes index.js, which reads the installer's project...

5.4AI score
Exploits0References2
OSV
OSV
added 2026/06/15 3:54 p.m.13 views

MAL-2026-5792 Malicious code in nativescript-swisspost-imagepicker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2271ce1525f722f302ee59b9de3270020e6d1aa84d74cc2972cb6ffa34d9a62 package.json declares preinstall: node index.js. On npm install, index.js reads process.env.INITCWD the installing project's working directory, takes...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 3:54 p.m.14 views

Malicious code in nativescript-swisspost-pcc-creative-editor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9c9ef8861d14485e696e98c66d95ee5c2a5a608b213841c9c18b254003ae049 Package masquerades as an internal Swiss Post NativeScript package name nativescript-swisspost-pcc-creative-editor, description literally Security Po...

6AI score
Exploits0References1
OSV
OSV
added 2026/06/15 3:54 p.m.7 views

MAL-2026-5793 Malicious code in nativescript-swisspost-pcc-creative-editor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9c9ef8861d14485e696e98c66d95ee5c2a5a608b213841c9c18b254003ae049 Package masquerades as an internal Swiss Post NativeScript package name nativescript-swisspost-pcc-creative-editor, description literally Security Po...

6.1AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.14 views

CVE-2026-34463

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior contain a Stored XSS vulnerability. When cloning an issue originating from a Project other than the current one, the clone form bugreportpage.php prepends the source Project name before the category selector...

8.6CVSS5.3AI score0.00444EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.8 views

CVE-2026-44655

Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2...

8.6CVSS5.4AI score0.00298EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 10:41 a.m.13 views

CVE-2026-9811

A stored Cross-Site Scripting XSS vulnerability exists in the project selector component of Mautic 7. When rendering selection menus for associating projects with system entities, the application fails to sanitize project names returned via AJAX before injecting them into the DOM as option fields...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References2
NVD
NVD
added 2026/05/28 9:16 p.m.16 views

CVE-2026-44655

Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2...

8.6CVSS0.00298EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/28 8:27 p.m.11 views

CVE-2026-44655

Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2...

8.6CVSS5.8AI score0.00298EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/28 8:27 p.m.14 views

CVE-2026-44655 MantisBT: Stored XSS on Move Attachments Admin Page

Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2...

8.6CVSS5.8AI score0.00298EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/28 8:27 p.m.29 views

CVE-2026-44655 MantisBT: Stored XSS on Move Attachments Admin Page

Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2...

8.6CVSS0.00298EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/28 8:27 p.m.12 views

EUVD-2026-33025

Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2...

8.6CVSS5.8AI score0.00298EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 9:57 p.m.8 views

CVE-2026-34463 MantisBT has Stored HTML Injection/XSS via Clone Issue Form

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior contain a Stored XSS vulnerability. When cloning an issue originating from a Project other than the current one, the clone form bugreportpage.php prepends the source Project name before the category selector...

8.6CVSS5.7AI score0.00444EPSS
Exploits0References3
CVE
CVE
added 2026/05/19 9:57 p.m.18 views

CVE-2026-34463

CVE-2026-34463 affects MantisBT prior to 2.28.2. When cloning an issue from a different project, the clone form (bug_report_page.php) prepends the source project name before the category selector without proper escaping, allowing stored HTML injection (XSS) if an attacker can set the project name...

8.6CVSS5.7AI score0.00444EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/19 9:57 p.m.27 views

CVE-2026-34463 MantisBT has Stored HTML Injection/XSS via Clone Issue Form

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior contain a Stored XSS vulnerability. When cloning an issue originating from a Project other than the current one, the clone form bugreportpage.php prepends the source Project name before the category selector...

8.6CVSS0.00444EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/19 9:57 p.m.11 views

EUVD-2026-30998

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior contain a Stored XSS vulnerability. When cloning an issue originating from a Project other than the current one, the clone form bugreportpage.php prepends the source Project name before the category selector...

8.6CVSS5.7AI score0.00444EPSS
Exploits0References3
Rows per page
Query Builder