Lucene search
K

5750 matches found

RedhatCVE
RedhatCVE
added 2026/06/03 10:1 p.m.12 views

CVE-2026-30586

Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZESCHEMA, Memo Rendering Component, and Public/Private Memo View pages...

6.1CVSS5.8AI score0.00224EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.14 views

PT-2026-46113

Name of the Vulnerable Software and Affected Versions Drupal Commerce Core versions 3.3.0 through 3.3.6 Description Stored Cross-site Scripting XSS occurs due to improper neutralization of input during web page generation. The module fails to sufficiently sanitize customer comments within the ord...

6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.20 views

PT-2026-46099

Summary Using CookieJar.load with untrusted input may allow arbitrary code execution. Impact Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications. Workaround If an application does allow attacker controlled files to be...

6.4CVSS6.1AI score0.00128EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/02 9:30 p.m.10 views

EUVD-2026-34018

Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZESCHEMA, Memo Rendering Component, and Public/Private Memo View pages...

5.8AI score0.00224EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 1:28 a.m.9 views

CVE-2026-10100

The Simple Custom Login Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color settings fields Page Background, Form Background, Text Color, Link Color in versions up to and including 1.0.3. This is due to insufficient input sanitization of the color option values th...

4.4CVSS5.8AI score0.00183EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.23 views

PT-2026-45825

Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZE SCHEMA, Memo Rendering Component, and Public/Private Memo View pages...

5.8AI score0.00224EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/02 12:0 a.m.8 views

CVE-2026-30586

Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZESCHEMA, Memo Rendering Component, and Public/Private Memo View pages...

5.8AI score0.00224EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.11 views

PT-2026-45829

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.0 Description Using the CookieJar.load function with untrusted input may allow arbitrary code execution. This issue is unlikely to affect many applications as most use this function with the user's own data...

7.3CVSS6.1AI score0.00128EPSS
Exploits0References52
NVD
NVD
added 2026/06/01 6:16 a.m.26 views

CVE-2026-10222

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.30. Affected by this issue is the function sanitizeenvlines of the file hermescli/config.py. The manipulation results in injection. It is possible to launch the attack remotely. The attack requires a high level of...

6.3CVSS0.00266EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/01 4:0 a.m.23 views

EUVD-2026-33555

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.30. Affected by this issue is the function sanitizeenvlines of the file hermescli/config.py. The manipulation results in injection. It is possible to launch the attack remotely. The attack requires a high level of...

6.3CVSS5.2AI score0.00266EPSS
Exploits0References5
CVE
CVE
added 2026/06/01 4:0 a.m.60 views

CVE-2026-10222

CVE-2026-10222 concerns NousResearch hermes-agent (up to 2026.4.30). The vulnerability affects the function _sanitize_env_lines in hermes_cli/config.py, enabling injection and remote exploitation. Reported attack complexity is high; exploit has been released publicly and can be used for attacks. ...

6.3CVSS5.5AI score0.00266EPSS
Exploits0References5
NVD
NVD
added 2026/06/01 2:16 a.m.12 views

CVE-2026-10210

A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function sanitizepromptdescription of the file astrbot/core/skills/skillmanager.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and...

6.5CVSS0.00228EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/01 1:0 a.m.14 views

EUVD-2026-33531

A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function sanitizepromptdescription of the file astrbot/core/skills/skillmanager.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and...

6.5CVSS6.2AI score0.00228EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/01 1:0 a.m.9 views

CVE-2026-10210

A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function sanitizepromptdescription of the file astrbot/core/skills/skillmanager.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and...

6.5CVSS6.2AI score0.00228EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/01 1:0 a.m.29 views

CVE-2026-10210

The CVE affects AstrBotDevs AstrBot 4.23.6. The vulnerable component is the function _sanitize_prompt_description in astrbot/core/skills/skill_manager.py, where input handling allows injection due to improper sanitization. This vulnerability is reachable over a network (remote exploit) and, per t...

6.5CVSS6.2AI score0.00228EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.97 views

Hermes Agent 安全漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 2026.4.30 contained a security vulnerability, which was caused by a problem with the sanitizeenvlines function in the hermescli/config.py file. This vulnerability...

6.3CVSS5.8AI score0.00266EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.14 views

PT-2026-45242

A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function sanitize prompt description of the file astrbot/core/skills/skill manager.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public an...

6.5CVSS6.2AI score0.00228EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

AstrBot 安全漏洞

AstrBot is an open-source multi-platform LLM chatbot and development framework created by AstrBot. Version 4.23.6 of AstrBot contains a security vulnerability, which stems from an injection vulnerability in the sanitizepromptdescription function located in the astrbot/core/skills/skillmanager.py...

6.5CVSS6.3AI score0.00228EPSS
Exploits0References5
NVD
NVD
added 2026/05/29 7:16 p.m.14 views

CVE-2026-44650

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, POST /api/extensions/delete endpoint accepts extensionName: "." which bypasses sanitize-filename...

9.1CVSS0.00567EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 3:18 p.m.30 views

CVE-2026-47760

CVE-2026-47760 affects TinyMCE before 7.1.0, where an XSS flaw arises from improper SVG namespace scope handling in the sanitizer. The issue allows a crafted payload using nested SVG elements to bypass attribute sanitization and execute arbitrary JavaScript. Affected versions are 6.8.0 up to, but...

8.7CVSS6AI score0.00191EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder