Lucene search
K

393 matches found

CVE
CVE
added 6 hours ago7 views

CVE-2026-15677

The CVE-2026-15677 entry concerns code-projects Online Job Portal 1.0. Affected component: /JobSeekerInsert.php. Issue: manipulating the argument txtFile allows unrestricted upload, with the attack executable remotely and the exploit publicly available. Impact is described as unrestricted file up...

7.5CVSS6.8AI score
Exploits0References6
NVD
NVD
added 2026/07/01 5:16 p.m.8 views

CVE-2026-34097

Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in textfile.php lines 94, 101, 323, 403, 826, 852. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...

4.8CVSS0.00147EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 4:11 p.m.7 views

EUVD-2026-41058

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in textfile.php line 17: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:11 p.m.14 views

CVE-2026-34101

Guardian Language-System is affected by an unauthenticated-looking but described as requiring authentication in the text: it passes the id GET parameter directly into an unsanitized SQL query in text_file.php (line 17), enabling error-based SQL injection to extract database contents. The vulnerab...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 4:11 p.m.30 views

CVE-2026-34101 Guardian Language-System Unauthenticated SQL Injection via id Parameter in text_file.php

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in textfile.php line 17: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract...

9.8CVSS0.00373EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 4:2 p.m.31 views

CVE-2026-34097 Guardian Language-System XSS via id Parameter in text_file.php

Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in textfile.php lines 94, 101, 323, 403, 826, 852. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...

4.8CVSS0.00147EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 4:2 p.m.8 views

EUVD-2026-41053

Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in textfile.php lines 94, 101, 323, 403, 826, 852. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:2 p.m.7 views

CVE-2026-34097

Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in textfile.php lines 94, 101, 323, 403, 826, 852. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 4:2 p.m.19 views

CVE-2026-34097

CVE-2026-34097 concerns Guardian Language-System. The vulnerability arises because text_file.php fails to sanitize the GET parameter id before it is inserted into multiple HTML form action attributes (lines 94, 101, 323, 403, 826, 852). This allows an authenticated attacker to craft a URL that in...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:13 p.m.9 views

EUVD-2026-38439

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is process...

5.8AI score0.00257EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49350

Unauthenticated Cross Site Scripting XSS in iRobots.txt SEO = 1.1.2 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of the view/update.php script, which read $POSTupdateFile as a relative path under the...

6.9CVSS5.8AI score0.00469EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/25 2:15 p.m.9 views

CVE-2018-25378 Notebook Pro 2.0 Denial of Service via Notebook Name Field

Notebook Pro 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the notebook name field. Attackers can create a malicious text file containing 500 or more characters, paste the content into the New Noteboo...

6.9CVSS5.8AI score0.00136EPSS
Exploits0References2
CVE
CVE
added 2026/05/25 2:15 p.m.28 views

CVE-2018-25378

Notebook Pro 2.0 is affected by a local denial-of-service vulnerability in the New Notebook Name field. An attacker can crash the application by supplying a string of 500+ characters, e.g., via a crafted text file pasted into the name field and attempting to create/save the notebook. The vulnerab...

6.9CVSS5.8AI score0.00136EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 6:31 p.m.7 views

GHSA-FVHG-P4HF-79X3 @cyntler/react-doc-viewer's TXTRenderer fails to sanitize file content and explicitly casts raw data as a ReactNode

Cross-Site Scripting XSS vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize file content and explicitly casts raw data as a ReactNode...

6.1CVSS5.9AI score0.00298EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/20 6:31 p.m.10 views

@cyntler/react-doc-viewer's TXTRenderer fails to sanitize file content and explicitly casts raw data as a ReactNode

Cross-Site Scripting XSS vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize file content and explicitly casts raw data as a ReactNode...

6.1CVSS5.9AI score0.00298EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.10 views

react-doc-viewer 跨站脚本漏洞

react-doc-viewer is a React documentation viewer component developed by Damian Cyntler. Version 1.17.1 of react-doc-viewer contains a cross-site scripting vulnerability. This vulnerability arises from the TXTRenderer component failing to clean up file content and explicitly converting raw data in...

6.1CVSS5.9AI score0.00298EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.11 views

PT-2026-42214

Name of the Vulnerable Software and Affected Versions @cyntler/react-doc-viewer version 1.17.1 Description A Cross-Site Scripting XSS issue exists where remote attackers can execute arbitrary JavaScript by using a crafted .txt file. This occurs because the TXTRenderer component does not sanitize...

6.1CVSS6AI score0.00298EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/20 12:0 a.m.9 views

CVE-2026-30691

Cross-Site Scripting XSS vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize file content and explicitly casts raw data as a ReactNode...

6.1CVSS6.1AI score0.00298EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/20 12:0 a.m.40 views

CVE-2026-30691

Cross-Site Scripting XSS vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize file content and explicitly casts raw data as a ReactNode...

0.00298EPSS
Exploits0References2
Rows per page
Query Builder