Lucene search
K

119 matches found

OSV
OSV
added 2026/07/02 8:46 p.m.2 views

GHSA-MM6C-5J6X-HQ8M Algernon vulnerable to server-side script source disclosure on Windows via NTFS filename

Summary Algernon selects its file handler from filepath.Ext engine/handlers.go:134, which does not treat the NTFS-equivalent names x.lua::$DATA, x.lua., or x.lua as .lua. On Windows, an unauthenticated client appends one of these suffixes to any server-side script on a public path and receives it...

8.7CVSS5.9AI score0.00077EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.12 views

PT-2026-55477

Name of the Vulnerable Software and Affected Versions Algernon version 1.17.8 Description On Windows hosts using the NTFS filesystem, an unauthenticated client can retrieve the raw source code of server-side scripts such as .lua, .tl, .po2, .amber, or .frm located on public paths. This occurs...

8.7CVSS6.1AI score0.00077EPSS
Exploits0References4
CVE
CVE
added 2026/06/27 6:50 a.m.16 views

CVE-2026-11597

The CVE concerns the WordPress plugin “Surbma | Infusionsoft Shortcode” for versions up to 2.0.1. It enables Stored Cross-Site Scripting via the infusionsoft-form shortcode by unsafely handling user-supplied account and id attributes in surbma_infusionsoft_shortcode_shortcode(), which are concate...

6.4CVSS5.9AI score0.00193EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.18 views

PT-2026-27623

Name of the Vulnerable Software and Affected Versions Authelia versions 4.39.15 Description Authelia is an open-source authentication and authorization server. An attacker may potentially be able to inject javascript into the Authelia login page if specific conditions are met, including...

2.1CVSS6AI score0.00226EPSS
Exploits1References4
OSV
OSV
added 2026/02/19 11:25 p.m.8 views

CVE-2026-27009 OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a atored XSS issue in the OpenClaw Control UI when rendering assistant identity name/avatar into an inline tag without script-context-safe escaping. A crafted value containing could break out of the script tag and execute...

5.8CVSS5.6AI score0.00228EPSS
Exploits1References6
NVD
NVD
added 2025/12/19 8:15 a.m.6 views

CVE-2025-66500

A stored cross-site scripting XSS vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received...

6.3CVSS0.00173EPSS
Exploits0References1
OSV
OSV
added 2025/12/19 8:15 a.m.3 views

CVE-2025-66500

A stored cross-site scripting XSS vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received...

5.4CVSS5.9AI score0.00173EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/19 7:16 a.m.27 views

CVE-2025-66500 Foxit webplugins.foxit.com Stored Cross-Site Scripting via postMessage Vulnerability

A stored cross-site scripting XSS vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received...

6.3CVSS0.00173EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.6 views

PT-2025-52428

A stored cross-site scripting XSS vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received...

6.3CVSS5.9AI score0.00173EPSS
Exploits0References2
CVE
CVE
added 2025/10/16 8:25 a.m.19 views

CVE-2025-0276

CVE-2025-0276 affects HCL BigFix Modern Client Management (MCM)

6.5CVSS6.4AI score0.00285EPSS
Exploits0References1Affected Software2
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2011-1032

Malware in sbrugna...

5CVSS7.4AI score0.03924EPSS
Exploits1References22
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2007-1472

Malware in sbrugna...

5CVSS6.4AI score0.02496EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2003-1092

Malware in sbrugna...

5CVSS6.4AI score0.01752EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2007-3317

Malware in sbrugna...

5CVSS6.4AI score0.02635EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2002-1164

Malware in sbrugna...

7.5CVSS6.4AI score0.07995EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2001-0679

Malware in sbrugna...

5CVSS6.4AI score0.03059EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2015-6410

Malware in sbrugna...

5CVSS6.4AI score0.01359EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-4608

Malicious code in bioql PyPI...

5CVSS6.6AI score0.0135EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/21 8:39 p.m.11 views

CVE-2002-2413

WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script source code for files with extensions greater than 3 characters via a URL request that uses the equivalent 8.3 file name...

5CVSS7.2AI score0.01173EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/07 10:38 p.m.24 views

CVE-2025-25187 Cross-site Scripting in Goto Anything allows arbitrary code execution in Joplin

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by adding note titles to the document using React's dangerouslySetInnerHTML, without first escaping HTML entities. Joplin lacks a...

7.8CVSS0.0047EPSS
Exploits1References4
Rows per page
Query Builder