Lucene search
K

872 matches found

Vulnrichment
Vulnrichment
added 2026/05/07 9:8 p.m.6 views

CVE-2026-41929 Vvveb < 1.0.8.2 Unauthenticated Reflected XSS via Visual Editor

Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulating the r query parameter and componentajax POST parameter. Attackers can craft a malicious link or...

6.1CVSS5.9AI score0.00198EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/07 9:8 p.m.47 views

CVE-2026-41929 Vvveb < 1.0.8.2 Unauthenticated Reflected XSS via Visual Editor

Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulating the r query parameter and componentajax POST parameter. Attackers can craft a malicious link or...

6.1CVSS0.00198EPSS
Exploits0References4
OSV
OSV
added 2026/05/07 8:16 p.m.4 views

DEBIAN-CVE-2026-39825

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...

5.3CVSS5.8AI score0.0039EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/07 7:41 p.m.10 views

CVE-2026-39825

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...

5.8AI score0.0039EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.11 views

PT-2026-38472

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...

8.2CVSS5.5AI score0.00435EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.13 views

PT-2026-38473

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...

8.2CVSS5.5AI score0.00435EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.13 views

PT-2026-38586

Name of the Vulnerable Software and Affected Versions Vvveb versions prior to 1.0.8.2 Description An unauthenticated reflected cross-site scripting issue exists in the visual editor preview renderer. Attackers can execute arbitrary JavaScript by manipulating the r query parameter and component aj...

6.1CVSS5.8AI score0.00198EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Vvveb 跨站脚本漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s developers, used for building websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.2 had a cross-site scripting vulnerability. This vulnerability stemmed from an unvalidated reflective cross-site scripting flaw in the...

6.1CVSS5.9AI score0.00198EPSS
Exploits0References1
NVD
NVD
added 2026/05/05 7:16 p.m.10 views

CVE-2026-30923

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...

8.2CVSS0.00435EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/05 6:46 p.m.6 views

EUVD-2026-27422

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...

8.2CVSS5.6AI score0.00435EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/05/05 11:17 a.m.12 views

CVE-2026-6994

A flaw was found in Envoy. A remote attacker could exploit a weakness in the Query Parameter Handler component, specifically within the params.add function. This vulnerability allows for injection, which may lead to limited impacts on the confidentiality, integrity, and availability of the affect...

6.5CVSS5.8AI score0.00228EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/30 3:33 a.m.11 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.7AI score0.01945EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/30 3:29 a.m.17 views

Important: Red Hat Security Advisory: runc security update

An update for runc is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

10CVSS7.2AI score0.01945EPSS
Exploits3References5
CVE
CVE
added 2026/04/28 6:9 p.m.11 views

CVE-2026-41395

OpenClaw prior to 2026.3.28 is affected by a webhook replay vulnerability in Plivo V3 signature verification. The system canonicalizes query ordering for signatures but hashes the raw verification URL for replay detection, allowing an attacker who captures a valid signed webhook to reorder query ...

8.2CVSS5.2AI score0.00149EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/28 6:9 p.m.27 views

CVE-2026-41395 OpenClaw < 2026.3.28 - Webhook Replay via Query Parameter Reordering in Plivo V3

OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay cache detection and trigger duplicate voice-call...

8.2CVSS0.00149EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/28 6:9 p.m.4 views

CVE-2026-41395 OpenClaw < 2026.3.28 - Webhook Replay via Query Parameter Reordering in Plivo V3

OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay cache detection and trigger duplicate voice-call...

8.2CVSS5.2AI score0.00149EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/27 5:15 p.m.3 views

CVE-2026-7143 1000 Projects Portfolio Management System MCA block_status.php sql injection

A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/blockstatus.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...

6.5CVSS5.4AI score0.00192EPSS
Exploits0References5
NVD
NVD
added 2026/04/26 10:17 p.m.9 views

CVE-2026-7059

A vulnerability was found in 666ghj MiroFish up to 0.1.2. This affects the function getsimulationposts of the file backend/app/api/simulation.py of the component Query Parameter Handler. Performing a manipulation of the argument Platform results in path traversal. The attack can be initiated...

6.9CVSS0.0044EPSS
Exploits0References5
CVE
CVE
added 2026/04/26 8:0 p.m.22 views

CVE-2026-7059

The CVE-2026-7059 entry concerns 666ghj MiroFish (affected up to version 0.1.2). The vulnerability lies in the get_simulation_posts function of backend/app/api/simulation.py within the Query Parameter Handler. An attacker can achieve path traversal by manipulating the Platform argument. The issue...

6.9CVSS5.4AI score0.0044EPSS
Exploits0References5
NVD
NVD
added 2026/04/25 7:16 p.m.6 views

CVE-2026-6994

A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/headermutation/headermutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack is possible. Patch...

6.5CVSS0.00228EPSS
Exploits0References5
Rows per page
Query Builder