Lucene search
K

113 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/22 1:18 p.m.4 views

CVE-2026-9029

A user with Editor permissions can place a malicious script in the attribution field of a Geomap panel's XYZ tile layer via a template variable. The script then executes in the browser of any user who views the affected dashboard stored cross-site scripting...

7.3CVSS6AI score0.0025EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/22 1:18 p.m.6 views

CVE-2026-9029

A user with Editor permissions can place a malicious script in the attribution field of a Geomap panel's XYZ tile layer via a template variable. The script then executes in the browser of any user who views the affected dashboard stored cross-site scripting...

7.3CVSS6AI score0.0025EPSS
Exploits0
CVE
CVE
added 2026/06/22 1:18 p.m.77 views

CVE-2026-9029

CVE-2026-9029 affects Grafana’s Geomap panel (XYZ tile layer) where sanitizeTextPanelContent() runs on the raw template string before variable substitution via getTemplateSrv().replace(), allowing an Editor to inject an XSS payload into a textbox variable default value that executes for all dashb...

7.3CVSS6AI score0.0025EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/22 1:18 p.m.7 views

EUVD-2026-38243

The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent runs on the raw template string before getTemplateSrv.replace substitutes the variable value, which uses the glob format with no HTML escaping. The result is passed to OpenLayers via...

7.3CVSS6.7AI score0.1546EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/05 9:30 p.m.4 views

EUVD-2019-20065

River Past Ringtone Converter 2.7.6.1601 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to activation fields. Attackers can paste 300 bytes of data into the Email textbox and Activation code textarea via the Help menu's...

6.9CVSS6.2AI score0.00191EPSS
Exploits1References4
NVD
NVD
added 2026/04/05 9:16 p.m.4 views

CVE-2019-25665

River Past Ringtone Converter 2.7.6.1601 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to activation fields. Attackers can paste 300 bytes of data into the Email textbox and Activation code textarea via the Help menu's...

6.9CVSS0.00191EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/05 8:45 p.m.3 views

CVE-2019-25661 Remote Process Explorer 1.0.0.16 Local Buffer Overflow DoS

Remote Process Explorer 1.0.0.16 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by sending a crafted payload to the Add Computer dialog. Attackers can paste a malicious string into the computer name textbox and trigger a crash by connecting to th...

6.9CVSS6.2AI score0.00146EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.13 views

PT-2026-30474

River Past Ringtone Converter 2.7.6.1601 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to activation fields. Attackers can paste 300 bytes of data into the Email textbox and Activation code textarea via the Help menu's...

6.9CVSS6.2AI score0.00191EPSS
Exploits1References4
OSV
OSV
added 2026/02/12 11:16 p.m.4 views

CVE-2019-25321

FTP Navigator 8.03 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler SEH registers. Attackers can craft a malicious payload that triggers a buffer overflow when pasted into the Custom Command textbox, enabling remot...

9.8CVSS6.8AI score0.00669EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/12 10:48 p.m.3 views

CVE-2019-25321

FTP Navigator 8.03 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler SEH registers. Attackers can craft a malicious payload that triggers a buffer overflow when pasted into the Custom Command textbox, enabling remot...

9.8CVSS7.1AI score0.00669EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/02/12 10:48 p.m.14 views

CVE-2019-25321

CVE-2019-25321 affects FTP Navigator 8.03, where a stack overflow can be triggered by crafting a payload into the Custom Command textbox, allowing an attacker to overwrite Structured Exception Handler (SEH) registers and execute arbitrary code. The PoC demonstrates remote code execution, with a c...

9.8CVSS7.1AI score0.00669EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/12 10:48 p.m.2 views

CVE-2019-25321 FTP Navigator 8.03 - Stack Overflow (SEH)

FTP Navigator 8.03 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler SEH registers. Attackers can craft a malicious payload that triggers a buffer overflow when pasted into the Custom Command textbox, enabling remot...

9.8CVSS7.1AI score0.00669EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/12 10:48 p.m.30 views

CVE-2019-25321 FTP Navigator 8.03 - Stack Overflow (SEH)

FTP Navigator 8.03 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler SEH registers. Attackers can craft a malicious payload that triggers a buffer overflow when pasted into the Custom Command textbox, enabling remot...

9.8CVSS0.00669EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.9 views

PT-2026-7921

FTP Navigator 8.03 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler SEH registers. Attackers can craft a malicious payload that triggers a buffer overflow when pasted into the Custom Command textbox, enabling remot...

9.8CVSS7.1AI score0.00669EPSS
Exploits1References5
EUVD
EUVD
added 2026/02/01 12:56 p.m.5 views

EUVD-2022-55945

Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the TextBox Name Profile input. Attackers can inject malicious script code through a POST request that executes on application review without user interaction...

6.4CVSS5.9AI score0.00243EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:54 a.m.9 views

CVE-2020-23710

Cross Site Scripting XSS vulneraiblity in LimeSurvey 4.2.5 on textbox via the Notifications & data feature...

5.4CVSS6.1AI score0.00552EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-16451

Malware in sbrugna...

5.4CVSS5.5AI score0.00552EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-17830

Malware in sbrugna...

4.8CVSS5.1AI score0.0067EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 9:53 a.m.8 views

CVE-2011-1845

Multiple memory leaks in the DataGrid control implementation in Microsoft Silverlight 4 before 4.0.60310.0 allow remote attackers to cause a denial of service memory consumption via an application involving 1 subscriptions to an INotifyDataErrorInfo.ErrorsChanged event or 2 a TextBlock or TextBox...

7.8CVSS6.9AI score0.12218EPSS
Exploits0References1
Veracode
Veracode
added 2024/09/25 6:56 a.m.11 views

Cross-site Scripting (XSS)

aim is vulnerable to Cross-site Scripting XSS. The vulnerability is due to its us of dangerouslySetInnerHTML in the textbox component of the web UI. An attacker can inject scripts which will be executed when a user accesses the text explorer feature...

5.4CVSS6.2AI score0.0047EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder