Lucene search
K

733575 matches found

CVE
CVE
added 2026/06/20 3:21 p.m.18 views

CVE-2026-56317

CVE-2026-56317 affects Nuxt before 4.4.7 and the 3.x branch before 3.21.7. The NoScript component writes slot content to innerHTML without escaping, enabling cross-site scripting via untrusted data in NoScript slots (e.g., route.query parameters). Impact is XSS in pages rendering NoScript content...

6.1CVSS5.7AI score0.00209EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/20 3:21 p.m.3 views

CVE-2026-56317

Nuxt before 4.4.7 and the 3.x branch before 3.21.7 contains a cross-site scripting vulnerability in the NoScript component that writes slot content to innerHTML without escaping. Attackers can inject malicious scripts through untrusted data in NoScript slots, such as route.query parameters, which...

2.3CVSS5.7AI score0.00209EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/06/20 3:21 p.m.7 views

EUVD-2026-38112

Nuxt before 4.4.7 and the 3.x branch before 3.21.7 contains a cross-site scripting vulnerability in the NoScript component that writes slot content to innerHTML without escaping. Attackers can inject malicious scripts through untrusted data in NoScript slots, such as route.query parameters, which...

2.3CVSS5.7AI score0.00209EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/20 3:21 p.m.26 views

CVE-2026-56317 Nuxt - Cross-Site Scripting via NoScript Component Slot Content

Nuxt before 4.4.7 and the 3.x branch before 3.21.7 contains a cross-site scripting vulnerability in the NoScript component that writes slot content to innerHTML without escaping. Attackers can inject malicious scripts through untrusted data in NoScript slots, such as route.query parameters, which...

2.3CVSS0.00209EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/20 1:10 p.m.12 views

Malicious code in atlasora-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f33093da9f0bcf9358f3b00bd87e723d95267074539c72511ab58bff4172f092 The package declares a postinstall hook in package.json "postinstall": "node install.js" that auto-executes install.js on every npm install. install....

5.9AI score
Exploits0References1
OSV
OSV
added 2026/06/20 1:10 p.m.9 views

MAL-2026-6239 Malicious code in atlasora-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f33093da9f0bcf9358f3b00bd87e723d95267074539c72511ab58bff4172f092 The package declares a postinstall hook in package.json "postinstall": "node install.js" that auto-executes install.js on every npm install. install....

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/20 1:10 p.m.8 views

Malicious code in atlasora-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7af2118f668c8e39caf15aeb52d365083d5bc6b9c1ae4d9ff6d007d348ba8b9e On npm install, the package runs install.js via the postinstall lifecycle hook. The script harvests installer-side secrets and POSTs them as JSON to ...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/20 1:10 p.m.8 views

MAL-2026-6242 Malicious code in atlasora-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7af2118f668c8e39caf15aeb52d365083d5bc6b9c1ae4d9ff6d007d348ba8b9e On npm install, the package runs install.js via the postinstall lifecycle hook. The script harvests installer-side secrets and POSTs them as JSON to ...

5.8AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/20 12:50 p.m.7 views

Security Bulletin: Security vulnerability in JavaScript affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in JavaScript affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. JavaScript is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fix...

9.9CVSS6.7AI score0.01186EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/20 12:50 p.m.5 views

Security Bulletin: Multiple security vulnerabilities in .NET affect IBM Robotic Process Automation

Summary Multiple security vulnerabilities in .NET affect IBM Robotic Process Automation. .NET is used by IBM Robotic Process as part of it's development framework. This security bulletin identifies the fixes required to resolve these vulnerabilities Vulnerability Details CVEID:CVE-2026-26171...

7.5CVSS6.1AI score0.02142EPSS
Exploits2Affected Software1
GithubExploit
GithubExploit
added 2026/06/20 11:58 a.m.78 views

GumVulns

GumVulns A single-file PHP CLI that searches many vulnerabi...

10CVSS7.5AI score0.99999EPSS
Exploits347
GithubExploit
GithubExploit
added 2026/06/20 11:28 a.m.49 views

Web-Security-Audit-Skill

--- Features - Multi-language support: Automatic identi...

6.3AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/20 8:12 a.m.57 views

flowise-mcp-env-case-bypass-poc

Flowise 3.1.2 Custom MCP Environment Variable Case Bypass PoC...

6.3AI score
Exploits0
OSV
OSV
added 2026/06/20 6:56 a.m.2 views

SUSE-SU-2026:22197-1 Security update for tomcat10

This update for tomcat10 fixes the following issues Update to Tomcat 10.1.55: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165....

9.8CVSS6.7AI score0.01339EPSS
Exploits2References15
OSV
OSV
added 2026/06/20 6:56 a.m.2 views

SUSE-SU-2026:22195-1 Security update for tomcat

This update for tomcat fixes the following issues Update to Tomcat 9.0.118: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165. -...

9.8CVSS6.7AI score0.01339EPSS
Exploits2References15
OSV
OSV
added 2026/06/20 6:54 a.m.2 views

SUSE-SU-2026:22196-1 Security update for tomcat11

This update for tomcat11 fixes the following issues Update to Tomcat 11.0.22: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165....

9.8CVSS6.7AI score0.01339EPSS
Exploits2References15
OSV
OSV
added 2026/06/20 6:53 a.m.2 views

OPENSUSE-SU-2026:21121-1 Security update for tomcat11

This update for tomcat11 fixes the following issues Update to Tomcat 11.0.22: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165....

9.8CVSS6.7AI score0.01339EPSS
Exploits2References14
OSV
OSV
added 2026/06/20 6:53 a.m.2 views

OPENSUSE-SU-2026:21122-1 Security update for tomcat10

This update for tomcat10 fixes the following issues Update to Tomcat 10.1.55: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165....

9.8CVSS5.9AI score0.01339EPSS
Exploits2References14
OSV
OSV
added 2026/06/20 6:53 a.m.2 views

OPENSUSE-SU-2026:21117-1 Security update for tomcat

This update for tomcat fixes the following issues Update to Tomcat 9.0.118: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165. -...

9.8CVSS6.7AI score0.01339EPSS
Exploits2References14
Veracode
Veracode
added 2026/06/20 6:36 a.m.5 views

Cross-Site Scripting (XSS)

Angular is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of namespaced script elements and attributes in the @angular/compiler and @angular/core packages, which allows an attacker to inject specially crafted namespaced templates that bypass Angular's...

6.1CVSS5.8AI score0.00206EPSS
Exploits0References7Affected Software2
Rows per page
Query Builder