Lucene search
K

25 matches found

NVD
NVD
added 2026/06/22 7:17 p.m.11 views

CVE-2026-54298

Astro is a web framework. Prior to 6.4.6, the spreadAttributes function in Astro's server-side rendering pipeline iterates over object keys and passes them directly to addAttribute, which interpolates the key into the HTML output without escaping. When a developer uses the spread syntax ...props ...

6.1CVSS0.0016EPSS
Exploits1References1
CVE
CVE
added 2026/06/22 5:33 p.m.22 views

CVE-2026-54299

Summary of CVE-2026-54299 (Astro) : Astro SSR apps that prerender error pages (e.g., 404/500 with prerender = true) fetch those pages over HTTP using a URL derived from request.url, which is based on the Host header. If Host is not validated against allowedDomains, an attacker can direct the fetc...

7.5CVSS6AI score0.00196EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/22 5:33 p.m.12 views

CVE-2026-54298

Astro, prior to 6.4.6, is vulnerable to XSS via unescaped attribute names when spreading props onto HTML elements. The spreadAttributes path iterates over object keys and passes them to addAttribute, which interpolates the key into the HTML output without escaping, allowing attackers to inject ev...

6.1CVSS6AI score0.0016EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/06/16 2:57 p.m.4 views

NPM: Astro: XSS via Unescaped Attribute Names in Spread Props

NPM: Astro: XSS via Unescaped Attribute Names in Spread Props vulnerability discovered by ? in WordPress Npm astro versions 6.4.6...

6.1CVSS5.8AI score0.0016EPSS
Exploits1References2Affected Software1
Circl
Circl
added 2026/06/16 5:0 a.m.8 views

CVE-2026-0646

creationtimestamp| type| source ---|---|--- 2026-06-16 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-167-05 2026-06-16 16:12:33+00:00| seen| https://bsky.app/profile/boredchilada.bsky.social/post/3mog6uxnajr2d 2026-06-16 17:25:57+00:00| seen|...

8.7CVSS4.9AI score0.00343EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.10 views

CVE-2026-53698

Silverpeas through 6.4.6 mishandles the "Personal space" feature that is selected when no componentId is set...

6.5CVSS5.5AI score0.00327EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 12:0 a.m.6 views

CVE-2026-53698

Silverpeas through 6.4.6 mishandles the "Personal space" feature that is selected when no componentId is set...

6.5CVSS5.4AI score0.00327EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.12 views

CVE-2026-30139

A reflected cross-site scripting XSS vulnerability in the AdvancedSearch functionality of Silverpeas Core before version 6.4.6 allows attackers to execute arbitrary JavaScript in the context of a user's browser via crafted input...

6.1CVSS5.6AI score0.00188EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.9 views

Silverpeas Core 跨站脚本漏洞

Silverpeas Core is an open-source project developed by Silverpeas, used for building and running collaborative and social web portals. Versions of Silverpeas Core prior to 6.4.6 contained a cross-site scripting vulnerability. This vulnerability stemmed from the AdvancedSearch feature having...

6.1CVSS5.9AI score0.00188EPSS
Exploits1References1
CVE
CVE
added 2026/04/22 12:0 a.m.14 views

CVE-2026-30139

Silverpeas Core prior to 6.4.6 is affected by a reflected XSS in the AdvancedSearch functionality. Crafted input can execute arbitrary JavaScript in the context of a user’s browser. The description identifies the vulnerable component and version, but does not provide remediation steps or affected...

6.1CVSS5.9AI score0.00188EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/22 12:0 a.m.2 views

CVE-2026-30139

A reflected cross-site scripting XSS vulnerability in the AdvancedSearch functionality of Silverpeas Core before version 6.4.6 allows attackers to execute arbitrary JavaScript in the context of a user's browser via crafted input...

6.1CVSS5.9AI score0.00188EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2025/11/25 4:7 p.m.5 views

Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.4.6 Security Update

New Red Hat build of Keycloak 26.4.6 packages are available from the Customer Portal Red Hat build of Keycloak 26.4.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security fixes...

5.5CVSS6.1AI score0.00399EPSS
Exploits0References1
Snyk
Snyk
added 2025/05/19 12:0 a.m.1 views

Missing Authentication for Critical Function

Overview org.springframework.security:spring-security-core is a package that provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to improperly locating method security annotations on private...

9.3CVSS6.8AI score0.00535EPSS
Exploits0References2
OSV
OSV
added 2024/11/12 4:15 p.m.5 views

CVE-2024-50331

An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory...

7.5CVSS5.8AI score0.01074EPSS
Exploits0References1
OSV
OSV
added 2024/11/12 4:15 p.m.5 views

CVE-2024-50317

A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service...

7.5CVSS5.8AI score0.01113EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.5 views

Ivanti Avalanche 安全漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability previously existed in Ivanti Avalanche version 6.4.6, which stemmed from the inclusion of ...

7.5CVSS6.3AI score0.01113EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.4 views

Ivanti Avalanche 安全漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability previously existed in Ivanti Avalanche version 6.4.6, which stemmed from the inclusion of ...

7.5CVSS6.3AI score0.01113EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/17 12:0 a.m.4 views

PT-2024-8641 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche versions prior to 6.4.6 Description: A null pointer dereference in Ivanti Avalanche allows a remote unauthenticated attacker to cause a denial of service. This issue is related to the system management of mobile devices and c...

7.8CVSS7.4AI score0.01113EPSS
Exploits0References10
vulnersOsv
vulnersOsv
added 2022/12/13 3:30 p.m.7 views

ai.idylnlp:idylnlp-nlp-language-detection-tika (>=1.0.0 <=1.1.0), ai.stainless:grails-tika (=0.1.0) +2685 more potentially affected by CVE-2022-46363 via org.apache.cxf:cxf-core (>=3.0.0-milestone1 <=3.4.1)

org.apache.cxf:cxf-core MAVEN version =3.0.0-milestone1, =1.0.0, =11.4-37, =3.6.1, =3.11.0, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.1.0.RELEASE - cloud.testload:jmeter-clickhouse-listener =2.00 and more Source cves: CVE-2022-46363 Source...

7.5CVSS6.5AI score0.01193EPSS
Exploits1
CNNVD
CNNVD
added 2022/07/28 12:0 a.m.23 views

Automattic Mongoose 安全漏洞

Automattic Mongoose is a MongoDB object modeling tool for asynchronous environments. A security vulnerability exists in Automattic Mongoose versions prior to 6.4.6, which stems from the Schema.path function being susceptible to prototype contamination when setting up schema objects, which can be...

9.8CVSS7.1AI score0.32676EPSS
Exploits1References5
Rows per page
Query Builder