Lucene search
K

19106 matches found

NVD
NVD
added 2026/04/02 7:21 p.m.2 views

CVE-2026-5429

Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version 0.8.140 allows a remote unauthenticated threat actor to execute arbitrary code via a potentially damaging crafted color theme name when a local user opens the workspace. This issue requires the user ...

7.8CVSS0.00158EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/02 6:37 p.m.1 views

CVE-2026-5429 Kiro IDE Webview Cross-Site Scripting via Workspace Color Theme

Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version 0.8.140 allows a remote unauthenticated threat actor to execute arbitrary code via a potentially damaging crafted color theme name when a local user opens the workspace. This issue requires the user ...

7.8CVSS6.2AI score0.00158EPSS
Exploits0References2
CVE
CVE
added 2026/04/02 6:37 p.m.11 views

CVE-2026-5429

The CVE concerns Kiro IDE’s Kiro Agent webview (pre-0.8.140). An unsanitized input path during web page generation permits a remote, unauthenticated attacker to execute arbitrary code by crafting a harmful color theme name when a local user opens a workspace. The issue relies on the user trusting...

7.8CVSS6.2AI score0.00158EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/02 6:37 p.m.19 views

CVE-2026-5429 Kiro IDE Webview Cross-Site Scripting via Workspace Color Theme

Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version 0.8.140 allows a remote unauthenticated threat actor to execute arbitrary code via a potentially damaging crafted color theme name when a local user opens the workspace. This issue requires the user ...

7.8CVSS0.00158EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/02 6:37 p.m.1 views

CVE-2026-5429

Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version 0.8.140 allows a remote unauthenticated threat actor to execute arbitrary code via a potentially damaging crafted color theme name when a local user opens the workspace. This issue requires the user ...

7.8CVSS6.2AI score0.00158EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/02 10:53 a.m.7 views

CVE-2026-1879

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

6.5CVSS6.2AI score0.00257EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.6 views

PT-2026-29886

Name of the Vulnerable Software and Affected Versions Kiro IDE versions prior to 0.8.140 Description An issue exists in the Kiro Agent webview within Kiro IDE, prior to version 0.8.140, where unsanitized input during web page generation can allow a remote, unauthenticated attacker to execute...

7.8CVSS5.8AI score0.00158EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/04/02 12:0 a.m.23 views

WPProbe Plugin Enumeration Tool 0.11.4

A fast WordPress plugin and theme scanner that detects installed plugins via REST API enumeration and themes from HTML discovery, then maps them to known vulnerabilities. Over 5,000 plugins detectable without brute-force, thousands more with it...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.5 views

Kiro IDE 安全漏洞

Kiro IDE is an integrated development environment developed by Kiro as open source. Versions of Kiro IDE prior to 0.8.140 contained security vulnerabilities. These vulnerabilities stemmed from uncleaned inputs during the webview generation in the Kiro Agent, which could allow remote, unverified...

7.8CVSS6.2AI score0.00158EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/01 10:3 p.m.7 views

EUVD-2026-18074

CI4MS: System Settings Company Information Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS...

4.7CVSS5.8AI score0.00274EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/01 12:31 p.m.5 views

EUVD-2026-17851

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

6.5CVSS6.2AI score0.00257EPSS
Exploits0References6
NVD
NVD
added 2026/04/01 10:16 a.m.6 views

CVE-2026-1879

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

6.5CVSS0.00257EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/01 10:0 a.m.31 views

CVE-2026-1879 Harvard University IQSS Dataverse Theme Customization ThemeAndWidgets.xhtml unrestricted upload

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

6.5CVSS0.00257EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/01 10:0 a.m.2 views

CVE-2026-1879

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

6.5CVSS6.2AI score0.00257EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/01 10:0 a.m.2 views

CVE-2026-1879 Harvard University IQSS Dataverse Theme Customization ThemeAndWidgets.xhtml unrestricted upload

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

6.5CVSS6.2AI score0.00257EPSS
Exploits0References5
CVE
CVE
added 2026/04/01 10:0 a.m.6 views

CVE-2026-1879

CVE-2026-1879 affects Harvard IQSS Dataverse (up to 6.8) in the Theme Customization component, specifically the ThemeAndWidgets.xhtml file. A manipulation of the argument uploadLogo enables unrestricted file upload, enabling remote exploitation. The exploit is public, and upgrading to version 6.1...

6.5CVSS6.2AI score0.00257EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/01 5:0 a.m.8 views

CVE-2026-30940

baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path...

7.2CVSS6.5AI score0.01049EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/01 12:9 a.m.7 views

EUVD-2026-17214

CI4MS: Methods Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS...

9.1CVSS5.8AI score0.00307EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.5 views

PT-2026-29634

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.0.0 Description The application does not immediately revoke active user sessions when an account is deleted. This is due to a logic flaw where account state changes are only enforced during login, not for existing...

10CVSS5.9AI score0.00502EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.8 views

PT-2026-29508

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

6.5CVSS5.5AI score0.00257EPSS
Exploits0References6
Rows per page
Query Builder