Lucene search
+L

18 matches found

cvelist
cvelist
added 2026/04/21 4:8 p.m.36 views

CVE-2026-40568 FreeScout Vulnerable to XSS via Mailbox Signature Due to Incomplete HTML Sanitization

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a stored cross-site scripting XSS vulnerability in the mailbox signature feature. The sanitization function Helper::stripDangerousTags app/Misc/Helper.php:568 uses an incomplete blocklist of only four HTM...

8.5CVSS0.00238EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/04/21 4:8 p.m.7 views

CVE-2026-40568

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a stored cross-site scripting XSS vulnerability in the mailbox signature feature. The sanitization function Helper::stripDangerousTags app/Misc/Helper.php:568 uses an incomplete blocklist of only four HTM...

8.5CVSS5.8AI score0.00238EPSS
Exploits0References4Affected Software1
cnnvd
cnnvd
added 2026/04/21 12:0 a.m.13 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.213 contained security vulnerabilities. These vulnerabilities stemmed from the Helper::stripDangerousTags function used in the...

8.5CVSS5.9AI score0.00238EPSS
Exploits0References1
freebsd
freebsd
added 2026/03/31 12:0 a.m.12 views

Mbed TLS -- vulnerabilities

https://mbed-tls.readthedocs.io/en/latest/security-advisories/ reports: Client impersonation while resuming a TLS 1.3 session CVE-2026-34873 Entropy on Linux can fall back to /dev/urandom CVE-2026-34871 PSA random generator cloning CVE-2026-25835 Compiler-induced constant-time violations...

9.8CVSS5.9AI score0.00426EPSS
Exploits0References1
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-15418

Malware in sbrugna...

7.5CVSS7.5AI score0.00313EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2009-2367

Malware in sbrugna...

6.5CVSS6.4AI score0.01142EPSS
Exploits0References6
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2013-5485

Malware in sbrugna...

4.3CVSS8.3AI score0.0188EPSS
Exploits2References9
nessus
nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2016-1000338

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject ext...

7.5CVSS6.4AI score0.0186EPSS
Exploits0References2
snyk
snyk
added 2025/02/18 7:25 p.m.3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to improper validation of SAML response signatures which allows an attacker to inject a malicious, signed XML element as the first signature, bypassing proper verification and enabling impersonation of any SPID or...

9.3CVSS7AI score0.0056EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2023/01/20 12:0 a.m.9 views

CVE-2020-22653

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 SCG200 before 3.6.2.0.795, SmartZone 100 SZ-100 before 3.6.2.0.795, SmartZone 300 SZ300 before 3.6.2.0.795, Virtua...

9.6AI score0.00455EPSS
Exploits0References2
cnnvd
cnnvd
added 2022/11/30 12:0 a.m.3 views

Open-Xchange OX App Suite 跨站脚本漏洞

Open-Xchange OX App Suite is an e-mail and productivity suite client software from the German company Open-Xchange. A security vulnerability exists in Open-Xchange OX App Suite version 7.10.6 and earlier, which stems from the fact that certain content such as E-Mail signatures are stored using a...

6.1CVSS6.3AI score0.00538EPSS
Exploits2References5
osv
osv
added 2018/10/17 4:23 p.m.1 views

GHSA-4VHJ-98R6-424H In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate

In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of...

7.5CVSS6.8AI score0.0186EPSS
Exploits0References11
github
github
added 2018/10/17 4:23 p.m.75 views

In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate

In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of...

7.5CVSS3.1AI score0.0186EPSS
Exploits0References11Affected Software3
redhat
redhat
added 2018/10/16 5:38 p.m.4 views

bouncycastle: ECDSA improper validation of ASN.1 encoding of signature

In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of...

7.5CVSS7.2AI score0.01796EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2018/06/04 12:0 a.m.9 views

PT-2018-4636 · Bouncy Castle +3 · Bouncy Castle Jce Provider +3

Name of the Vulnerable Software and Affected Versions: Bouncy Castle JCE Provider versions 1.55 and earlier Description: The issue concerns the validation of ASN.1 encoding of signatures. Specifically, it does not fully validate the encoding on verification, allowing potential injection of extra...

9.8CVSS6.5AI score0.24282EPSS
Exploits1References90
osv
osv
added 2017/10/13 5:29 p.m.7 views

CVE-2017-10620

Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. This may allow a man-in-the-middle attacker to inject bogus signatures to cause service disruptions or make the device not detect certain types of attacks. Affected...

7.4CVSS5.8AI score0.00566EPSS
Exploits0References1
attackerkb
attackerkb
added 2013/08/29 12:7 p.m.3 views

CVE-2013-5645

Multiple cross-site scripting XSS vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in 1 new or 2 draft mode, related to compose.inc; and 3 might allow remote authenticated users to injec...

4.3CVSS5.4AI score0.0188EPSS
Exploits2References6
prion
prion
added 2007/12/15 1:46 a.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in modificarPerfil.php in JLMForo System allows remote authenticated users to inject arbitrary web script or HTML via a signature...

4.3CVSS5.6AI score0.01022EPSS
Exploits0References3
Rows per page
Query Builder