Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2025/04/30 4:53 p.m.16 views

org.xwiki.contrib.markdown:syntax-markdown-commonmark12 vulnerable to XSS via Markdown content

Impact The Markdown syntax is vulnerable to XSS through HTML. In particular, using Markdown syntax, it's possible for any user to embed Javascript code that will then be executed on the browser of any other user visiting either the document or the comment that contains it. In the instance that th...

9CVSS6AI score0.00392EPSS
Exploits1References5Affected Software1
AlmaLinux
AlmaLinux
added 2025/02/20 12:0 a.m.14 views

Important: libpq security update

The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Security Fixes: postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 For more details about the security...

8.1CVSS8.3AI score0.89472EPSS
Exploits10References4
FreeBSD
FreeBSD
added 2023/10/31 12:0 a.m.35 views

Gitlab -- Vulnerabilities

Gitlab reports: Disclosure of CI/CD variables using Custom project templates GitLab omnibus DoS crash via OOM with CI Catalogs Parsing gitlab-ci.yml with large string via timeout input leads to Denial of Service DoS - Blocking FIFO files in Tar archives Titles exposed by service-desk template...

8.5CVSS5.9AI score0.00643EPSS
Exploits1References1
Prion
Prion
added 2021/11/24 4:15 p.m.20 views

Input validation

Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive...

3.5CVSS5.2AI score0.00926EPSS
Exploits0References4Affected Software8
BDU FSTEC
BDU FSTEC
added 2021/04/21 12:0 a.m.4 views

The vulnerability of the syntax analysis function for domain name records in the Simotics Connect 400 software and hardware suite allows a perpetrator to cause service interruptions.

The vulnerability of the syntax analysis function for DNS domain names in the Simotics Connect 400 software and hardware suite is related to errors that occur when a line or array is terminated with the NULL character. Exploiting this vulnerability could allow an attacker to cause service...

6.5CVSS6.5AI score0.03572EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2019/06/07 5:29 p.m.17 views

Cross site scripting

admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to admin/admin.php...

3.5CVSS5.2AI score0.00933EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder