Lucene search
K

59 matches found

PyPA
PyPA
added 2026/05/04 6:16 p.m.16 views

PYSEC-2026-105

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...

4.6CVSS6AI score0.002EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/05/04 5:15 p.m.30 views

CVE-2026-42086 OpenC3 COSMOS: Self-XSS in the Command Sender

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...

4.6CVSS0.002EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/26 2:45 a.m.8 views

CVE-2026-7015 MaxSite CMS Guestbook Plugin cross site scripting

A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects some unknown processing of the component Guestbook Plugin. Such manipulation of the argument ftext/fslug/flimit/femail leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed t...

4.8CVSS3.2AI score0.00215EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/03/02 1:51 a.m.8 views

CVE-2026-28355

Canarytokens help track activity and actions on a network. Versions prior to sha-7ff0e12 have a Self Cross-Site Scripting vulnerability in the "PWA" Canarytoken, whereby the Canarytoken's creator can attack themselves or someone they share the link with. The creator of a PWA Canarytoken can inser...

5.3CVSS6AI score0.00397EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/27 9:4 p.m.8 views

CVE-2026-28355

Canarytokens help track activity and actions on a network. Versions prior to sha-7ff0e12 have a Self Cross-Site Scripting vulnerability in the "PWA" Canarytoken, whereby the Canarytoken's creator can attack themselves or someone they share the link with. The creator of a PWA Canarytoken can inser...

5.3CVSS6AI score0.00397EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/27 9:4 p.m.30 views

CVE-2026-28355 "PWA" Canarytoken Vulnerable to Stored Self Cross-Site Scripting

Canarytokens help track activity and actions on a network. Versions prior to sha-7ff0e12 have a Self Cross-Site Scripting vulnerability in the "PWA" Canarytoken, whereby the Canarytoken's creator can attack themselves or someone they share the link with. The creator of a PWA Canarytoken can inser...

5.3CVSS0.00397EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:33 a.m.20 views

CVE-2019-7171

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8...

4.8CVSS6.1AI score0.0061EPSS
Exploits1References1
Veracode
Veracode
added 2025/12/13 6:46 a.m.8 views

Self Cross-Site Scripting (Self-XSS)

privatebin/privatebin is vulnerable to self cross-site scripting Self-XSS. The vulnerability is due to improper handling and reflection of HTML content in filenames via the drag-and-drop helper, which allows an attacker to trick a macOS or Linux user into attaching a maliciously crafted file and...

5.4CVSS5.8AI score0.00107EPSS
Exploits1References3Affected Software1
FreeBSD
FreeBSD
added 2025/11/09 12:0 a.m.9 views

privatebin XSS

privatebin reports: Dragging a file whose filename contains HTML is reflected verbatim into the page via the drag-and-drop helper, so any user who drops a crafted file on PrivateBin will execute arbitrary JavaScript within their own session self-XSS. This allows an attacker who can entice a victi...

5.8CVSS6.8AI score0.00277EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2018-20684

Malware in sbrugna...

4.7CVSS5.3AI score0.0055EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-29160

Malware in sbrugna...

5.4CVSS5.5AI score0.00903EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-16814

Malware in sbrugna...

6.1CVSS7.7AI score0.01143EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2021-31050

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00451EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-51987

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00653EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2025-9623

Malicious code in bioql PyPI...

4.6CVSS6.5AI score0.0019EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2025-22334

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00281EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-52725

Malicious code in bioql PyPI...

6.1CVSS4AI score0.003EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/24 12:23 a.m.11 views

CVE-2025-51863

Self Cross Site Scripting XSS vulnerability in ChatGPT Unli ChatGPTUnli.com thru 2025-05-26 allows attackers to execute arbitrary code via a crafted SVG file to the chat interface...

6.1CVSS6AI score0.00281EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/07/22 12:0 a.m.6 views

CVE-2025-51858

Self Cross-Site Scripting XSS vulnerability in ChatPlayground.ai through 2025-05-24, allows attackers to execute arbitrary code and gain sensitive information via a crafted SVG file contents sent through the chat component...

6.3AI score0.00281EPSS
Exploits0References1
CVE
CVE
added 2025/07/22 12:0 a.m.18 views

CVE-2025-51858

The CVE-2025-51858 entry concerns a self XSS vulnerability in ChatPlayground.ai up to 2025-05-24, exploitable via crafted SVG content sent in the chat component. Affected software is ChatPlayground.ai (chat feature) with the root cause described as SVG content in chat triggering script execution ...

6.1CVSS5.9AI score0.00281EPSS
Exploits0References1
Rows per page
Query Builder