Lucene search
K

121 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:41 p.m.8 views

CVE-2022-2838

In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests...

5.3CVSS7.2AI score0.00455EPSS
Exploits0References1
Rockylinux
Rockylinux
added 2025/05/07 7:13 p.m.7 views

python-sphinx bug fix and enhancement update

An update is available for python-sphinx. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linu...

6.8AI score
Exploits0
NVD
NVD
added 2025/01/24 11:15 a.m.21 views

CVE-2025-23734

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Casey Bisson Gigaom Sphinx go-sphinx allows Reflected XSS.This issue affects Gigaom Sphinx: from n/a through = 0.1...

7.1CVSS0.0022EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/24 10:52 a.m.16 views

CVE-2025-23734 WordPress Gigaom Sphinx plugin <= 0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Casey Bisson Gigaom Sphinx go-sphinx allows Reflected XSS.This issue affects Gigaom Sphinx: from n/a through = 0.1...

7.1CVSS0.0022EPSS
Exploits0References1
CVE
CVE
added 2025/01/24 10:52 a.m.56 views

CVE-2025-23734

CVE-2025-23734 — Reflected XSS in NotFound Gigaom Sphinx WordPress plugin (go-sphinx) up to version 0.1 due to improper input neutralization during web page generation. Impact: potential script execution in victims’ browsers. Affected: Gigaom Sphinx plugin (WordPress). Remediation: upgrade to a v...

7.1CVSS7.2AI score0.0022EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/24 10:52 a.m.5 views

CVE-2025-23734 WordPress Gigaom Sphinx plugin <= 0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Casey Bisson Gigaom Sphinx go-sphinx allows Reflected XSS.This issue affects Gigaom Sphinx: from n/a through = 0.1...

7.1CVSS7.2AI score0.0022EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/24 12:0 a.m.5 views

WordPress plugin Gigaom Sphinx 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS7.7AI score0.0022EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/01/16 6:42 p.m.4 views

WordPress Gigaom Sphinx plugin <= 0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Gigaom Sphinx versions = 0.1...

7.1CVSS6.1AI score0.0022EPSS
Exploits0Affected Software1
SUSE Linux
SUSE Linux
added 2024/12/03 11:12 a.m.1 views

Security update for python310

This update for python310 fixes the following issues: CVE-2024-11168: improper validation of IPv6 and IPvFuture addresses. bsc1233307 Bug fixes: Remove -IVendor/ from python-config. bsc1231795 Include renaming :noindex: option to :no-index: in Sphinx 7.2. bsc1232750 Patch Instructions: To install...

6.3CVSS6.6AI score0.0067EPSS
Exploits0References8
OSV
OSV
added 2024/12/03 11:12 a.m.10 views

SUSE-SU-2024:4153-1 Security update for python310

This update for python310 fixes the following issues: - CVE-2024-11168: improper validation of IPv6 and IPvFuture addresses. bsc1233307 Bug fixes: - Remove -IVendor/ from python-config. bsc1231795 - Include renaming :noindex: option to :no-index: in Sphinx 7.2. bsc1232750...

6.3CVSS4.4AI score0.0067EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/11/06 6:46 p.m.4 views

Malicious code in sphinx-rdt-theme (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8397635bb7a7130efa3b0f3b924fbb3b61c66ab82baedef14452ded787f4e00a A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

7.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/11/06 6:46 p.m.4 views

Malicious code in sphinx-rtd-themes (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1933e78b1c1cac28d6c11543982037a14a670072822edf7efeba506a880e47a6 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

7.1AI score
Exploits0References1
OSV
OSV
added 2024/11/06 6:46 p.m.3 views

MAL-2024-10730 Malicious code in sphinx-rdt-theme (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8397635bb7a7130efa3b0f3b924fbb3b61c66ab82baedef14452ded787f4e00a A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

7AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2024/09/06 7:51 p.m.6 views

andeplane-pyodide-kernel (>=0.0.7 <=0.0.12), here-search-demo (>=0.9.0 <=0.9.1) +8 more potentially affected by unknown CVE via jupyterlite-core (>=0.1.2 <=0.4.0rc0)

jupyterlite-core PYPI version =0.1.2, =0.0.7, =0.9.0, =0.0.4, =0.10.0, =0.1.0, =0.9.6, =0.3.0, =0.6.0, =0.6.1 Source cves: unknown CVE Source advisory: OSV:GHSA-GJ55-2XF9-67RQ...

5.8AI score
Exploits0
Redos
Redos
added 2024/06/26 12:0 a.m.25 views

ROS-20240626-12

A vulnerability in the Sphinx search engine is related to a path traversal error. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to the protected information using the CALL SNIPPETS statement or the loadfile function...

7.5CVSS7AI score0.02166EPSS
Exploits2
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:42 p.m.6 views

Malicious code in sphinx-rtd-theme-cilium (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/06/25 1:42 p.m.6 views

MAL-2024-6033 Malicious code in sphinx-rtd-theme-cilium (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/05/28 12:0 a.m.34 views

Oracle Linux 8 : python27:2.7 (ELSA-2024-2987)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2987 advisory. - Fix CVE-2021-20095 Resolves: rhbz1955615 - Fix CVE-2019-6446 - Fix CVE-2014-1858, CVE-2014-1859: 1062009, 1062359 - Security fix for CVE-2022-48560...

9.8CVSS7.3AI score0.17078EPSS
Exploits16References6
vulnersOsv
vulnersOsv
added 2024/01/16 8:48 p.m.4 views

django-ndr-core (>=0.8.0 <=0.22.2), nlpboost (=0.0.1) +1 more potentially affected by unknown CVE via readthedocs-sphinx-search (>=0.1.2 <=0.3.1)

readthedocs-sphinx-search PYPI version =0.1.2, =0.8.0, =0.22.2 - nlpboost =0.0.1 - sphinx-godot-theme =0.1.0 Source cves: unknown CVE Source advisory: OSV:GHSA-XGFM-FJX6-62MJ...

5.5AI score
Exploits0
OSV
OSV
added 2024/01/16 8:48 p.m.2 views

GHSA-XGFM-FJX6-62MJ readthedocs-sphinx-search vulnerable to cross-site scripting when including search results from malicious projects

Impact This vulnerability could have allowed an attacker to include arbitrary HTML content in search results by having a user search a malicious project. This was due to our search client not correctly escaping all user content from search results. You can find more information in the advisory...

6.3CVSS5.9AI score
Exploits0References3
Rows per page
Query Builder