Lucene search
+L

59 matches found

OSV
OSV
added 2026/02/19 11:15 a.m.7 views

CVE-2025-15562

The server API endpoint /report/internet/urls reflects received data into the HTML response without applying proper encoding or filtering. This allows an attacker to execute arbitrary JavaScript in the victim's browser if the victim opens a URL prepared by the attacker...

6.1CVSS6AI score0.00156EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.11 views

PT-2026-7884

Computrols CBAS-Web 19.0.0 contains a boolean-based blind SQL injection vulnerability in the 'id' parameter that allows authenticated attackers to manipulate database queries. Attackers can exploit the vulnerability by crafting boolean-based SQL injection payloads in the 'id' parameter of the...

7.1CVSS5.8AI score0.00026EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2026/01/29 12:0 a.m.234 views

📄 LibreChat MCP 0.8.2-rc2 Remote Code Execution

Proof of concept exploit for a remote code execution vulnerability in LibreChat MCP version 0.8.2-rc2 that leverages an unsanitized stdio server configuration issue...

9.9CVSS6.5AI score0.03678EPSS
Exploits4
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.5 views

Owlfiles 跨站脚本漏洞

Owlfiles is a file manager from Owlfiles, Inc. A cross-site scripting vulnerability exists in Owlfiles version 12.0.1, which stems from a cross-site scripting vulnerability in the path parameter in the HTTP server endpoint that could lead to the execution of arbitrary JavaScript...

6.1CVSS5.9AI score0.00244EPSS
Exploits1References5
OSV
OSV
added 2025/11/19 8:0 p.m.4 views

GHSA-WRWG-2HG8-V723 Astro vulnerable to reflected XSS via the server islands feature

Summary After some research it appears that it is possible to obtain a reflected XSS when the server islands feature is used in the targeted application, regardless of what was intended by the component templates. Details Server islands run in their own isolated context outside of the page reques...

7.1CVSS6.6AI score0.00456EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/11/04 1:9 p.m.3 views

CVE-2025-41112 Missing Authorization vulnerability in CanalDenuncia.app

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros2.php'...

8.7CVSS6.3AI score0.00293EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-1367

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.60427EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-36356

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.04251EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/08/21 6:8 a.m.5 views

CVE-2025-7390 Bypass the client certificate trust check of an opc.https server while only secure communication is allowed

A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication...

9.1CVSS7.2AI score0.0024EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/08/18 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-54782

Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution RCE vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API...

9.4CVSS6.3AI score0.43921EPSS
In wildExploits4References125
Vulnrichment
Vulnrichment
added 2025/08/11 6:57 p.m.1 views

CVE-2025-53514 Unexpected Input to Server Webhook endpoint Causes DoS in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body...

5.9CVSS7.1AI score0.00283EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/20 4:4 p.m.27 views

CVE-2025-5416 Keycloak-core: keycloak environment information

A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information...

2.7CVSS0.00242EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 8:7 a.m.7 views

CVE-2024-29882

SRS is a simple, high-efficiency, real-time video server. SRS's /api/v1/vhosts/vid-?callback= endpoint didn't filter the callback function name which led to injecting malicious javascript payloads and executing XSS Cross-Site Scripting. This vulnerability is fixed in 5.0.210 and 6.0.121...

7.2CVSS6.5AI score0.01086EPSS
Exploits1References1
OSV
OSV
added 2024/09/25 1:15 a.m.6 views

CVE-2024-8940

Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jqueryplugin/jQuery-File-Upload/server/php/ via a POST request. An attacker could upload malicious files to the server due to the application not properly...

9.8CVSS5.9AI score0.00546EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/24 12:0 a.m.6 views

PT-2024-39325 · Unknown · Scriptcase

Name of the Vulnerable Software and Affected Versions: Scriptcase version 9.4.019 Description: The issue involves the arbitrary upload of a file via "/scriptcase/devel/lib/third/jquery plugin/jQuery-File-Upload/server/php/" via a POST request. An attacker could upload malicious files to the serve...

10CVSS6.8AI score0.00546EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2024/07/10 12:0 a.m.5 views

PT-2024-7171 · Unknown · Soplanning

Name of the Vulnerable Software and Affected Versions: SOPlanning versions prior to 1.45 Description: A Cross-Site Scripting XSS issue exists due to the lack of proper validation of user input via the /soplanning/www/process/xajax server.php endpoint, affecting multiple parameters. This could all...

7.5CVSS5.5AI score0.00269EPSS
Exploits0References9
NVD
NVD
added 2024/06/24 6:15 p.m.64 views

CVE-2023-49793

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of CodeChecker store are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine o...

6.5CVSS0.0073EPSS
Exploits1References2
CVE
CVE
added 2024/06/24 5:36 p.m.58 views

CVE-2023-49793

CVE-2023-49793 describes a path traversal in CodeChecker server via the massStoreRun endpoint (CodeCheckerService). ZIPs uploaded to CodeChecker store are not sanitized, allowing reading files from the server with the same permissions as the CodeChecker server. Attack requires a CodeChecker user ...

6.5CVSS6.3AI score0.0073EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2024/06/06 7:16 p.m.25 views

CVE-2024-3408

man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution RCE due to improper input validation. The vulnerability arises from a hardcoded SECRETKEY in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled...

9.8CVSS0.77803EPSS
Exploits5References2
SUSE CVE
SUSE CVE
added 2024/02/09 3:3 a.m.5 views

SUSE CVE-2023-32192

A vulnerability has been identified in which unauthenticated cross-site scripting XSS in the API Server's public API endpoint can be exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser...

8.3CVSS7.1AI score0.00342EPSS
Exploits0References4
Rows per page
Query Builder