Lucene search
K

10 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-48524

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT wi...

3.7CVSS5.5AI score0.00222EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:11 p.m.6 views

CVE-2026-48525

PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option "b64": false, RFC 7797, PyJWT performs Base64URL decoding of the compact-serialization payload segment before enforcing the detached-payload rules. For...

5.3CVSS5.8AI score0.00288EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/03/07 8:16 a.m.3 views

CVE-2026-1071

The Carta Online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.4CVSS0.00193EPSS
Exploits0References3
CVE
CVE
added 2025/12/12 3:20 a.m.22 views

CVE-2025-14166

CVE-2025-14166 concerns the WordPress plugin WPMasterToolKit (WPMTK) up to version 2.13.0. The source documents confirm that an authenticated user with Contributor+ or Author+ roles can exploit Code Snippets via the plugin to inject PHP code on the server, enabling remote code execution and poten...

5.3CVSS7.1AI score0.00392EPSS
Exploits0References6
OSV
OSV
added 2025/10/28 9:34 p.m.5 views

CVE-2025-62800 FastMCP vulnerable to reflected XSS in client's callback page

FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0 have a reflected cross-site scripting vulnerability in the OAuth client callback page oauthcallback.py where unescaped user-controlled values are inserted into the generated HTML, allowing arbitrary JavaScri...

5.3CVSS6.4AI score0.0025EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/10/28 9:34 p.m.9 views

CVE-2025-62800 FastMCP vulnerable to reflected XSS in client's callback page

FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0 have a reflected cross-site scripting vulnerability in the OAuth client callback page oauthcallback.py where unescaped user-controlled values are inserted into the generated HTML, allowing arbitrary JavaScri...

5.3CVSS0.0025EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/07/23 12:0 a.m.3 views

Harbor 跨站脚本漏洞

Harbor is an open source registry from Harbor Open Source. Protects artifacts with policies and role-based access control, ensures images are scanned and free of vulnerabilities, and signs images as trusted. A cross-site scripting vulnerability exists in Harbor versions 2.11.2 and earlier,...

4.1CVSS5.3AI score0.00303EPSS
Exploits0References4
Amazon
Amazon
added 2025/06/23 12:0 a.m.2 views

Medium: aws-kinesis-agent

Issue Overview: Jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. Starting in version 2.0.0 and prior to version 2.13.0, a flaw in jackson-core's JsonLocation.appendSourceDesc method allows up to 500 bytes of unintended...

4CVSS6.4AI score0.00314EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/04/16 12:0 a.m.3 views

PT-2024-28165 · Mattermost · Mattermost Mobile

Name of the Vulnerable Software and Affected Versions: Mattermost Mobile app versions 2.13.0 and earlier Description: The issue allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted link, due to the use of a regular expression with polynomial complexi...

6.5CVSS7.2AI score0.00464EPSS
Exploits0References5
CNVD
CNVD
added 2020/10/28 12:0 a.m.1 views

chocolatey Boxstarter has an unspecified vulnerability

chocolatey Boxstarter is a virtual machine management software for installing virtual Windows environments from chocolatey, USA. A security vulnerability exists in Boxstarter installer versions prior to 2.13.0 that originates from configuring C:ProgramDataBoxstarter to be in the system-wide PATH...

8CVSS7.2AI score0.01487EPSS
Exploits0References1
Rows per page
Query Builder