Lucene search
K

1487 matches found

CNNVD
CNNVD
added 2026/05/10 12:0 a.m.11 views

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online auctions and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the filter functions for the...

6.1CVSS5.7AI score0.00252EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/08 8:25 p.m.14 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the processing of JDBC connection URL parameters. An attacker can execute arbitrary code by supplying a crafted connection URL that causes the loading...

9.2CVSS6.3AI score0.00573EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/08 4:32 p.m.8 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' in the ToolExecutionMixin.executetool process. An attacker...

8.8CVSS6.1AI score0.00363EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/08 4:32 p.m.11 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

8.8CVSS6.1AI score0.00363EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/07 7:34 p.m.6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the fsNick cookie parameter, which is reflected into the HTML without proper sanitization. An attacker can execute arbitrary JavaScript code in the context of the user's browser by tricking a user with a val...

3.9CVSS5.8AI score0.00104EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/07 7:34 p.m.11 views

FacturaScripts vulnerable to Reflected Cross-Site Scripting (XSS) via Cookie Manipulation

Summary A Reflected Cross-Site Scripting XSS vulnerability exists in the fsNick cookie parameter. The application reflects the cookie's value directly into the HTML without sanitization. Details The fsNick cookie is rendered into the DOM without encoding. While the server does reject the modified...

3.9CVSS5.9AI score0.00104EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Admidio 跨站脚本漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a cross-site scripting vulnerability. This vulnerability...

6.1CVSS5.8AI score0.00181EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.17 views

PT-2026-38612

Name of the Vulnerable Software and Affected Versions FacturaScripts versions prior to 2025.8 Description A Reflected Cross-Site Scripting XSS issue exists where the application reflects the value of the fsNick cookie directly into the HTML without proper sanitization or encoding. Although the...

3.9CVSS5.9AI score0.00104EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

WordPress plugin Bricks Builder 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5.6AI score0.00142EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/06 8:57 p.m.11 views

Magento LTS: Reflected XSS - Import -> Data Flow (profiles)

A reflected XSS vulnerability was found under admin panel - System - Import/Export - Dataflow - Profiles. Steps to produce + Login to the admin panel + Go to the path System - Import/Export - Dataflow - Profiles + Select profile direction as Import. + Click on Import Customers + Upload the file...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/05/06 5:54 p.m.11 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the condition process. An attacker can execute arbitrary commands on the server by injecting malicious...

8.6CVSS6.1AI score0.00346EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.16 views

PT-2026-38267

A reflected XSS vulnerability was found under admin panel - System - Import/Export - Dataflow - Profiles. Steps to produce + Login to the admin panel + Go to the path System - Import/Export - Dataflow - Profiles + Select profile direction as Import. + Click on Import Customers + Upload the file...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/05 8:27 p.m.102 views

Exploit for Improper Authentication in Microsoft

CVE-2026-26128 !Examplehttps://github.com/jarnovandenbrink/...

7.8CVSS5.9AI score0.00447EPSS
Exploits1
Snyk
Snyk
added 2026/05/04 6:26 p.m.13 views

Unsafe Reflection

Overview Affected versions of this package are vulnerable to Unsafe Reflection that leads to arbitrary class instantiation, via the instantiateExtension method in the ExtensionLoader class. An attacker can trigger the static initializer of any class present on the classpath by supplying a model...

9.8CVSS6.1AI score0.00692EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/04 6:26 p.m.14 views

Unsafe Reflection

Overview org.apache.opennlp:opennlp-tools is an is a machine learning based toolkit for the processing of natural language text. Affected versions of this package are vulnerable to Unsafe Reflection that leads to arbitrary class instantiation, via the instantiateExtension method in the...

9.8CVSS6.1AI score0.00692EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.11 views

Tegsoft Online Support Application 跨站脚本漏洞

Tegsoft Online Support Application is a communication system for customer service and online support provided by the Turkish company Tegsoft. The Tegsoft Online Support Application V3 version through version 31122025 contained a cross-site scripting vulnerability. This vulnerability stemmed from...

9.8CVSS5.7AI score0.00327EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/30 6:17 a.m.13 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview org.jenkins-ci.plugins:matrix-auth is a The Jenkins Plugins Parent POM Project Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the inheritanceStrategy deserialization path in...

7.1CVSS5.9AI score0.00246EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/04/30 4:31 a.m.141 views

Exploit for Improper Authentication in Microsoft

CVE-2026-24294 - Local NTLM Reflection LPE via SMB Arbitrary P...

7.8CVSS5.6AI score0.02762EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2026/04/30 12:0 a.m.9 views

WOOTdroid: Whole-System Online On-Device Tracing for Android

System auditing on Android faces two problems. First, existing syscall tracers lose events under load, silently overwriting entries faster than a user space reader can drain them. Second, security-relevant application behavior is mediated through Binder, Android's kernel IPC mechanism, and is...

5.8AI score
Exploits0
NVD
NVD
added 2026/04/27 9:16 p.m.10 views

CVE-2026-29971

A reflected cross-site scripting XSS vulnerability exists in WebFileSys version before 2.32.0 and fixed in v.2.32.0. User-controlled input is reflected into HTML and JavaScript contexts without proper output encoding, allowing arbitrary JavaScript execution in the victim's browser via the ftpBack...

6.1CVSS0.00299EPSS
Exploits3References2
Rows per page
Query Builder