Lucene search
K

7 matches found

OSV
OSV
added 2026/03/19 7:4 p.m.2 views

GHSA-HH8V-HGVP-G3F5 league/commonmark has an embed extension allowed_domains bypass

Impact The DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like youtube.com.evil passes the allowlist check when youtube.com is an allowed domain. This enabl...

6.3CVSS5.9AI score0.00241EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/09 2:52 p.m.2 views

CVE-2025-63009 WordPress WP Google Analytics Events plugin <= 2.8.2 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in yuvalo WP Google Analytics Events wp-google-analytics-events allows Retrieve Embedded Sensitive Data.This issue affects WP Google Analytics Events: from n/a through = 2.8.2...

5.3CVSS6.5AI score0.0024EPSS
Exploits0References1
NVD
NVD
added 2025/11/05 3:15 p.m.11 views

CVE-2025-47151

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

9.8CVSS0.00824EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/11/05 12:0 a.m.5 views

PT-2024-39474 · WordPress · Xt Floating Cart For Woocommerce

Name of the Vulnerable Software and Affected Versions: XT Floating Cart for WooCommerce plugin for WordPress version 2.8.2 and earlier Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows...

6.4CVSS6.4AI score0.00323EPSS
Exploits0References11
OSV
OSV
added 2024/07/02 9:32 p.m.4 views

GHSA-32JF-H775-G29H MongoDB Rust driver may issue unintended commands

Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2...

6.4CVSS7AI score0.00277EPSS
Exploits0References6
PyPA
PyPA
added 2024/03/01 11:15 a.m.6 views

PYSEC-2024-42

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view.With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by defaul...

4.7CVSS6.5AI score0.01856EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/03/24 12:0 a.m.8 views

PT-2022-16875 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions 2.8.2 and prior in the stable branch Discourse versions 2.9.0.beta3 and prior in the beta branch Discourse versions 2.9.0.beta3 and prior in the tests-passed branch Description: Discourse is an open source discussion...

4.3CVSS4.5AI score0.00927EPSS
Exploits0References9
Rows per page
Query Builder