Lucene search
K

1290 matches found

Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.12 views

PT-2026-43990

IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection named "Long Term Retention" LTR can expose sensitive credentials in debug mode...

6.5CVSS5.8AI score0.00228EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

IBM Guardium Data Protection 信息泄露漏洞

IBM Guardium Data Protection is a comprehensive data security platform developed by the American company International Business Machines IBM. Versions 12.2.1 and 12.2.2 of IBM Guardium Data Protection contain information leakage vulnerabilities. These vulnerabilities stem from the Long Term...

6.5CVSS5.8AI score0.00228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 11:16 a.m.19 views

CVE-2026-4093

A flaw was found in the Drupal 7 Term Reference Tree module. This vulnerability, a type of stored Cross-Site Scripting XSS, allows an authenticated attacker with permissions to edit or create taxonomy terms to inject malicious scripts. These scripts can execute when a user views a form containing...

5.4CVSS5.8AI score0.00172EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.13 views

Debian dla-4600 : python3-django-postorius - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4600 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4600-1 [email protected] https://www.debian.org/lts/security/...

7.2CVSS5.8AI score0.00237EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/22 12:31 a.m.10 views

EUVD-2026-31381

Simple Hierarchical Select SHS for Drupal 7 contains cross-site scripting risk due to improper output escaping of term-derived text. Confirmed affected paths include field formatter output shsfieldformatterview and term-tree child-term data generation shstermgetchildren. Malicious taxonomy term...

5.1CVSS5.6AI score0.00205EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/22 12:31 a.m.10 views

EUVD-2026-31377

In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter rendering pipeline. Vector A token display templates: When the Token module is enabled and token display templates are configured, attacker-controlled token output e.g., term description is rendered...

5.1CVSS5.8AI score0.00172EPSS
Exploits1References3
NVD
NVD
added 2026/05/21 10:16 p.m.13 views

CVE-2026-4929

Simple Hierarchical Select SHS for Drupal 7 contains cross-site scripting risk due to improper output escaping of term-derived text. Confirmed affected paths include field formatter output shsfieldformatterview and term-tree child-term data generation shstermgetchildren. Malicious taxonomy term...

5.4CVSS0.00205EPSS
Exploits1References3
NVD
NVD
added 2026/05/21 10:16 p.m.14 views

CVE-2026-4093

In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter rendering pipeline. Vector A token display templates: When the Token module is enabled and token display templates are configured, attacker-controlled token output e.g., term description is rendered...

5.4CVSS0.00172EPSS
Exploits1References2
CVE
CVE
added 2026/05/21 9:50 p.m.20 views

CVE-2026-4093

CVE-2026-4093 is a stored XSS in the Drupal 7 Term Reference Tree module affecting versions up to and including 7.x-1.11. Two vectors are described: Vector A (token display templates): attacker-controlled token output (e.g., term description) is rendered without proper sanitization when the Token...

5.4CVSS5.8AI score0.00172EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/05/21 9:50 p.m.32 views

CVE-2026-4093 Stored XSS in Drupal 7 Term Reference Tree module (token display templates and term labels)

In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter rendering pipeline. Vector A token display templates: When the Token module is enabled and token display templates are configured, attacker-controlled token output e.g., term description is rendered...

5.1CVSS0.00172EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/21 9:50 p.m.7 views

CVE-2026-4093 Stored XSS in Drupal 7 Term Reference Tree module (token display templates and term labels)

In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter rendering pipeline. Vector A token display templates: When the Token module is enabled and token display templates are configured, attacker-controlled token output e.g., term description is rendered...

5.1CVSS5.8AI score0.00172EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/21 9:50 p.m.6 views

CVE-2026-4093

In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter rendering pipeline. Vector A token display templates: When the Token module is enabled and token display templates are configured, attacker-controlled token output e.g., term description is rendered...

5.1CVSS5.8AI score0.00172EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/21 9:48 p.m.6 views

CVE-2026-4929 Simple Hierarchical Select (Drupal 7) XSS in term-derived output

Simple Hierarchical Select SHS for Drupal 7 contains cross-site scripting risk due to improper output escaping of term-derived text. Confirmed affected paths include field formatter output shsfieldformatterview and term-tree child-term data generation shstermgetchildren. Malicious taxonomy term...

5.1CVSS5.6AI score0.00205EPSS
Exploits1References2
CVE
CVE
added 2026/05/21 9:48 p.m.30 views

CVE-2026-4929

The CVE concerns Simple Hierarchical Select (SHS) for Drupal 7, where cross-site scripting is possible due to improper output escaping of term-derived text. Affected code paths include field formatter output (shs_field_formatter_view) and term-tree child-term data generation (shs_term_get_childre...

5.4CVSS5.6AI score0.00205EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/05/21 9:48 p.m.33 views

CVE-2026-4929 Simple Hierarchical Select (Drupal 7) XSS in term-derived output

Simple Hierarchical Select SHS for Drupal 7 contains cross-site scripting risk due to improper output escaping of term-derived text. Confirmed affected paths include field formatter output shsfieldformatterview and term-tree child-term data generation shstermgetchildren. Malicious taxonomy term...

5.1CVSS0.00205EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 2:44 p.m.13 views

Security Bulletin: IBM Guardium Data Protection is affected by Exposure of Sensitive Information vulnerability (CVE-2026-8405)

Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2026-8405 DESCRIPTION: IBM Guardium Data Protection's add-on feature of Guardium Data Protection named "Long Term Retention" LTR can expose sensitive credentials in debug mode...

6.5CVSS5.8AI score0.00228EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.13 views

PT-2026-42578

Name of the Vulnerable Software and Affected Versions Drupal 7 Term Reference Tree versions 7.x-1.x through 7.x-1.11 Description Two stored Cross-Site Scripting XSS vectors exist in the widget/formatter rendering pipeline. The first vector occurs when the Token module is enabled and token display...

5.4CVSS5.8AI score0.00172EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.12 views

Drupal 跨站脚本漏洞

Drupal is an open-source content management system developed using the PHP language by the Drupal community. Versions of Drupal 7.x-1.11 and earlier, including 7.x-1.x, have a cross-site scripting vulnerability. This vulnerability stems from the rendering pipeline of the Term Reference Tree...

5.4CVSS5.7AI score0.00172EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.12 views

PT-2026-42579

Name of the Vulnerable Software and Affected Versions Simple Hierarchical Select SHS for Drupal 7 versions 7.x-1.0 through 7.x-1.10 Description Cross-site scripting risk exists due to improper output escaping of term-derived text. Malicious taxonomy term names can be rendered unsafely depending o...

5.4CVSS5.8AI score0.00205EPSS
Exploits1References7
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Avoid scheduling in rtasosterm. It is unsafe to use rtasbusydelay to handle a busy status from the IBM,os-term RTAS function in rtasosterm: Kernel Panic – Not Syncing: Attempted to kill init! Exitcode=0x0000000b BUG...

5.5CVSS5.9AI score0.00149EPSS
Exploits0References2
Rows per page
Query Builder