Lucene search
+L

56 matches found

RedHat Linux
RedHat Linux
added 2026/07/07 6:14 p.m.6 views

jastow: Jastow Cross-Site Scripting attack due to unsanitized URI

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/07 6:2 p.m.6 views

jastow: Jastow Cross-Site Scripting attack due to unsanitized URI

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/07 4:18 p.m.7 views

CVE-2025-12799

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling. Mitigation It is possible to contruct...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.11 views

PT-2026-56203

Name of the Vulnerable Software and Affected Versions Jastow affected versions not specified Description Jastow is susceptible to Cross-Site Scripting XSS, a flaw where malicious scripts are injected into trusted websites. This occurs due to improper input handling of unsanitized URIs when a...

6.5CVSS6.1AI score0.00246EPSS
Exploits0References12
OSV
OSV
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-659 mailman Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page...

4.3CVSS6.1AI score0.01782EPSS
Exploits0References13
OSV
OSV
added 2026/06/25 10:34 p.m.5 views

GO-2026-5436 Anyquery: AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin in github.com/julien040/anyquery/plugins/brave

Anyquery: AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin in github.com/julien040/anyquery/plugins/brave...

5.9AI score0.00048EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 10:49 p.m.13 views

CVE-2026-42846 ClipBucket: Remote Play URL Command Injection

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 140, ClipBucket's Remote Play feature allows any authenticated user to add a video by importing an external URL as the source. Some shell commands are run with the URL as a parameter. The URL is concatenated directly...

9.8CVSS5.5AI score0.00603EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48790

Name of the Vulnerable Software and Affected Versions ClipBucket versions prior to 5.5.3 Description The Remote Play feature in ClipBucket v5 allows authenticated users to import external URLs as video sources. The application concatenates these URLs directly into shell commands without proper...

9.8CVSS5.8AI score0.00603EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 2:13 p.m.50 views

CVE-2026-48927

Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the build URL, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs or views...

0.00176EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.17 views

PT-2026-44020

Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the build URL, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs or views...

5.6AI score0.00176EPSS
Exploits0References2
OSV
OSV
added 2026/05/15 6:32 p.m.29 views

GHSA-XW67-CG5F-4M2R AVideo: OS command injection in on_publish.php execAsync via unescaped m3u8 URL

Summary Type: Classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/onpublish.php builds an execAsync command line by string concatenation, single-quoting each argument but never calling escapeshellarg. A ' in any of the three interpolated values $usersid, $m3u8,...

8.8CVSS6.3AI score0.00318EPSS
Exploits0References3
OSV
OSV
added 2026/05/07 8:16 p.m.7 views

DEBIAN-CVE-2026-39823

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS5.8AI score0.00314EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/29 1:31 p.m.5 views

CVE-2026-42524

Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

4.8AI score0.00281EPSS
Exploits0References1
CVE
CVE
added 2026/04/29 1:31 p.m.18 views

CVE-2026-42524

CVE-2026-42524 : Jenkins HTML Publisher Plugin 427 and earlier is vulnerable to a stored XSS due to not escaping the job name and URL in the legacy wrapper file. This can be exploited by attackers with Item/Configure permission. The public descriptions identify the affected component and the root...

8CVSS4.8AI score0.00281EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/22 4:29 p.m.29 views

CVE-2026-33319 AVideo Vulnerable to OS Command Injection via Unescaped URL in LinkedIn Video Upload Shell Command

WWBN AVideo is an open source video platform. Prior to version 26.0, the uploadVideoToLinkedIn method in the SocialMediaPublisher plugin constructs a shell command by directly interpolating an upload URL received from LinkedIn's API response, without sanitization via escapeshellarg. If an attacke...

5.9CVSS0.00323EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/19 12:45 p.m.10 views

AVideo has an OS Command Injection via Unescaped URL in LinkedIn Video Upload Shell Command

Summary The uploadVideoToLinkedIn method in the SocialMediaPublisher plugin constructs a shell command by directly interpolating an upload URL received from LinkedIn's API response, without sanitization via escapeshellarg. If an attacker can influence the LinkedIn API response via MITM, compromis...

7.5CVSS6.2AI score0.00323EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/01/08 9:49 a.m.36 views

CVE-2026-21871

Summary: NiceGUI (Python UI framework) versions 2.13.0–3.4.1 are affected by a DOM-based XSS vulnerability in ui.navigate.history.push() and ui.navigate.history.replace(). If an attacker-supplied string is embedded into generated JavaScript without proper escaping, it can escape the string contex...

6.1CVSS6.2AI score0.00243EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.11 views

EUVD-2012-3457

Malware in sbrugna...

5CVSS6.1AI score0.03333EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-11705

Malware in sbrugna...

4.8CVSS5.1AI score0.00622EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-1028

Malicious code in bioql PyPI...

7.4CVSS7.6AI score0.01209EPSS
Exploits1References11
Rows per page
Query Builder