Lucene search
K

617 matches found

CVE
CVE
added 2025/02/24 7:31 p.m.94 views

CVE-2025-26525

CVE-2025-26525 affects Moodle and is caused by insufficient sanitizing in the TeX notation filter, enabling an arbitrary file read on sites where pdfTeX is available (e.g., TeX Live). Multiple external feeds (GHSA, OSV) describe the vulnerability as Moodle’s arbitrary file read risk through pdfTe...

8.6CVSS6.9AI score0.00409EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/02/24 7:31 p.m.12 views

CVE-2025-26525 Arbitrary file read risk through pdfTeX

Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available such as those with TeX Live installed...

8.6CVSS0.00409EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/18 12:0 a.m.9 views

PT-2025-7781 · Tex Live +1 · Tex Live +1

Name of the Vulnerable Software and Affected Versions: TeX Live affected versions not specified Description: The issue is related to insufficient sanitizing in the TeX notation filter, which poses an arbitrary file read risk on sites where pdfTeX is available. This typically affects systems with...

8.6CVSS6.8AI score0.00409EPSS
Exploits0References22
Positive Technologies
Positive Technologies
added 2025/02/18 12:0 a.m.4 views

PT-2025-7784 · Unknown +1 · Ddimageortext +1

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A stored XSS risk was identified in the drag-and-drop onto image ddimageortext question type, which required additional sanitizing. Recommendations: At the moment, there is no information...

6.1CVSS3.4AI score0.00267EPSS
Exploits0References18
OSV
OSV
added 2025/02/17 7:57 p.m.5 views

CLSA-2025-1739822224 samba: Fix of CVE-2023-34968

Fix CVE-2023-34968: fix path disclosure vulnerability by sanitizing search query results - Delete fixed tests from knowfail list...

5.3CVSS6.6AI score0.01185EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.2 views

PT-2025-42569

Name of the Vulnerable Software and Affected Versions mediawiki affected versions not specified Description The software contains a flaw related to sanitizing attributes unwrapped from data-ve-attributes. This could potentially allow for issues related to attribute handling. Recommendations At th...

6.4AI score0.00149EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/12/27 12:0 a.m.3 views

WordPress plugin WP-SVG 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

5.9CVSS8.3AI score0.00333EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2024/12/18 12:40 a.m.3 views

kernel: vmci: prevent speculation leaks by sanitizing event in event_deliver()

A vulnerability was found in the eventdeliver function in the Linux kernel's VMCI component, where the issue involves a lack of sanitization for the eventdata.event index controlled by user-space, which could lead to speculative information leaks...

7.1CVSS7.2AI score0.00298EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/12/11 10:59 p.m.20 views

CVE-2024-54484

The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data...

0.00225EPSS
Exploits0References1
Veracode
Veracode
added 2024/11/29 4:30 a.m.14 views

Arbitrary File Read

moodle/moodle is vulnerable to Arbitrary file read. The vulnerability is due to insufficient sanitizing in the TeX notation filter, which allows file reading on sites where pdfTeX is available, such as those with TeX Live installed...

7.5CVSS7AI score0.00597EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/11/19 10:15 p.m.9 views

PYSEC-2024-160

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...

6.1CVSS7AI score0.00472EPSS
Exploits0References3
OSV
OSV
added 2024/11/15 3:17 p.m.30 views

GHSA-C86Q-RJ37-8F85 LibreNMS has a stored XSS in ExamplePlugin with Device's Notes

Summary The application fail to sanitising inputs properly and rendering the code from user input to browser which allow an attacker to execute malicious javascript code. Details User with Admin role can add Notes to a device, the application did not properly sanitize the user input, when the...

6.8CVSS5.4AI score0.00332EPSS
Exploits1References4
OSV
OSV
added 2024/11/11 6:30 p.m.5 views

GHSA-HJGC-JXJC-8V9J Moodle reflected XSS via H5P error message

A flaw was found in moodle. H5P error messages require additional sanitizing to prevent a reflected cross-site scripting XSS risk...

5.4CVSS5.8AI score0.00357EPSS
Exploits0References5
NVD
NVD
added 2024/11/11 4:15 p.m.23 views

CVE-2024-43439

A flaw was found in moodle. H5P error messages require additional sanitizing to prevent a reflected cross-site scripting XSS risk...

6.1CVSS0.00357EPSS
Exploits0References2
OSV
OSV
added 2024/11/11 3:31 p.m.6 views

GHSA-4HJF-6PXR-549H Moodle Cross-site Scripting vulnerability

A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting XSS risk from malicious backup files...

5.4CVSS5.4AI score0.00338EPSS
Exploits0References5
NVD
NVD
added 2024/11/11 1:15 p.m.39 views

CVE-2024-43437

A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting XSS risk from malicious backup files...

6.1CVSS0.00338EPSS
Exploits0References2
OSV
OSV
added 2024/11/11 1:15 p.m.2 views

UBUNTU-CVE-2024-43437

A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting XSS risk from malicious backup files...

6.1CVSS5.7AI score0.00338EPSS
Exploits0References4
CVE
CVE
added 2024/11/11 12:19 p.m.74 views

CVE-2024-43437

CVE-2024-43437 affects Moodle and is described in connected sources as a cross-site scripting (XSS) risk caused by insufficient sanitization of data during restoration of backup files. The vulnerability arises when processing malicious backups, enabling XSS. The connected documents (OSV, GHSA, CN...

6.1CVSS5.2AI score0.00338EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/11/11 12:19 p.m.14 views

CVE-2024-43437 Moodle: xss risk when restoring malicious course backup file

A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting XSS risk from malicious backup files...

5.4CVSS5.8AI score0.00338EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2024/11/10 12:0 a.m.16 views

CVE-2024-46952

An issue was discovered in pdf/pdfxref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream related to W array values...

8.4CVSS7.8AI score0.00316EPSS
Exploits0
Rows per page
Query Builder