Lucene search
K

50 matches found

EUVD
EUVD
added 2026/06/19 7:35 p.m.11 views

EUVD-2026-36539

parse-server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist...

2.1CVSS5.8AI score0.00281EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.21 views

PT-2026-48387

Name of the Vulnerable Software and Affected Versions Anti-Spam by CleanTalk. Spam protection WordPress plugin versions prior to 6.79 Description Insufficient sanitization of content within a custom shortcode used in the email-encoding feature allows unauthenticated attackers to perform Stored...

8.8CVSS5.4AI score0.00296EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.9 views

CVE-2026-34692 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00207EPSS
Exploits0References1
Information Security Automation
Information Security Automation
added 2026/03/11 7:20 p.m.11 views

March Microsoft Patch Tuesday

March Microsoft Patch Tuesday. A total of 79 vulnerabilities, about one and a half times more than in February. What's truly unusual is that this time there were no vulnerabilities with signs of exploitation in the wild or a public exploit! 🤔 At least not yet. 😏 The following vulnerabilities can ...

8.8CVSS7.2AI score0.04491EPSS
Exploits2
Krebs on Security
Krebs on Security
added 2026/03/11 4:20 p.m.9 views

Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker , a global medical technology company based in Michigan. News reports out of Ireland, Stryker's largest hub outside of the United States, said the company sent home mo...

5.8AI score
Exploits0
Talos Blog
Talos Blog
added 2026/03/10 10:23 p.m.7 views

Microsoft Patch Tuesday for March 2026 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for March 2026 which includes 79 vulnerabilities, including three that Microsoft marked as "critical." The remaining vulnerabilities listed are classified as "important." Microsoft assessed that exploitation of the three "critical" vulnerabilitie...

8.8CVSS6.4AI score0.04491EPSS
Exploits6
EUVD
EUVD
added 2026/03/10 6:31 p.m.9 views

EUVD-2025-208475

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in benkeen generatedata 4.0.14...

6.1CVSS5.8AI score0.00311EPSS
Exploits0References4
CVE
CVE
added 2026/03/10 12:0 a.m.17 views

CVE-2025-70025

CVE-2025-70025 concerns benkeen generatedata 4.0.14, with a vulnerability described as CWE-79: Improper Neutralization of Input During Web Page Generation. The connected sources consistently identify benkeen generatedata 4.0.14 as affected. CVSSv3.1 base score is 6.1 (MEDIUM) with network access,...

6.1CVSS5.8AI score0.00311EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/01/05 12:0 a.m.6 views

Ubiquiti UniFi Protect Application 安全漏洞

Ubiquiti UniFi Protect Application is a security application from Ubiquiti, Inc. A security vulnerability exists in Ubiquiti UniFi Protect Application version 6.1.79 and earlier, which stems from a flaw in the discovery protocol that could lead to unauthorized access...

8.8CVSS6.4AI score0.00401EPSS
Exploits0References2
NVD
NVD
added 2025/12/29 6:15 p.m.4 views

CVE-2025-55063

CWE-79 Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting'...

4.8CVSS0.00145EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/29 5:23 p.m.3 views

CVE-2025-55064 Priority - CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

CWE-79 Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting'...

4.8CVSS6.2AI score0.00145EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/10 6:23 p.m.34 views

CVE-2025-64565 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by a low privileged attacker to execute malicious scripts in the context of the victim's browser. Exploitation of this issue requires user interaction,...

5.4CVSS0.00205EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/10 6:23 p.m.24 views

CVE-2025-64543 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by a low privileged attacker to execute malicious scripts in the context of the victim's browser. Exploitation of this issue requires user interaction,...

5.4CVSS0.00205EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.2 views

Lexmark Printers 7PK - Security Features (CVE-2019-10059)

The legacy finger service TCP port 79 is enabled by default on various older Lexmark devices. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

5.3CVSS5.7AI score0.00871EPSS
Exploits0References2
Rosalinux
Rosalinux
added 2025/10/27 6:19 a.m.7 views

Advisory ROSA-SA-2025-3037

Software: postgresql14 14.18 OS: rosa-server79 unaffected versions = postgresql14-14.18-1PGDG.res7 affected versions postgresql14-14.18-1PGDG.res7 CVE-ID: CVE-2023-5869 BDU-ID: 2023-07840 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the arrayappend, arrayprepend, and arraysubscripthandler functio...

8.8CVSS8.9AI score0.89472EPSS
Exploits11
CVE
CVE
added 2025/10/14 9:18 p.m.14 views

CVE-2025-54272

CVE-2025-54272 is a stored XSS vulnerability in Adobe Experience Manager (AEM) 11.6 and earlier. The issue allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, with JavaScript potentially executing in a victim’s browser when loading a page containing the affec...

5.4CVSS5AI score0.00217EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/09/19 12:0 a.m.2 views

Fedora 41 : gh (2025-24e111e6f1)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-24e111e6f1 advisory. Update to 2.79.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

5.6AI score
Exploits0References1
CVE
CVE
added 2025/09/09 7:14 p.m.12 views

CVE-2025-55054

CVE-2025-55054 is a CWE-79 Cross-site Scripting flaw: improper neutralization of input during web page generation leads to XSS. Connected data cites Baicells EG7035E-M11 (BaiCE_BM_2.5.26_NA) as affected, indicating a web-facing input handling weakness. The documents do not provide explicit exploi...

6.1CVSS6AI score0.00181EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:29 a.m.7 views

CVE-2024-43797

audiobookshelf is a self-hosted audiobook and podcast server. A non-admin user is not allowed to create libraries or access only the ones they have permission to. However, the LibraryController is missing the check for admin user and thus allows a path traversal issue. Allowing non-admin users to...

6.3CVSS6.8AI score0.00546EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 3:14 a.m.3 views

CVE-2023-22277

Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314...

7.8CVSS7.4AI score0.00236EPSS
Exploits0References1
Rows per page
Query Builder