Lucene search
K

124 matches found

Vulnrichment
Vulnrichment
added 2026/04/17 9:57 p.m.4 views

CVE-2026-40478 Improper neutralization of specific syntax patterns for unauthorized expressions in Thymeleaf

Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it fails to properly...

9CVSS6AI score0.00776EPSS
Exploits0References1
Redos
Redos
added 2026/04/17 12:0 a.m.8 views

ROS-20260417-73-0045

Vulnerability in glpi is related to failure to take measures to neutralize special elements in the template creation mechanism. Exploitation of the vulnerability may allow an attacker to execute arbitrary code...

9.1CVSS6.2AI score0.0037EPSS
Exploits1
Snyk
Snyk
added 2026/03/26 8:33 p.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the web page generation process. An attacker can execute arbitrary scripts in the context of a user's browser by supplying crafted input that is not properly neutralized. Details Cross-site scripting or XSS i...

6.1CVSS6.4AI score0.00226EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/26 8:33 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the web page generation process. An attacker can execute arbitrary scripts in the context of a user's browser by supplying crafted input that is not properly neutralized. Details Cross-site scripting or XSS i...

6.1CVSS6.4AI score0.00226EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.11 views

PT-2026-3968

Name of the Vulnerable Software and Affected Versions highwarden Super Interactive Maps versions through 2.3 Description The software contains a flaw related to improper handling of user-supplied data during web page creation, which can lead to Reflected Cross-site Scripting XSS. This allows an...

5.3AI score0.00237EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.2 views

WordPress plugin Easy Appointments 安全漏洞

WordPress Easy Appointments plugin is a free WordPress appointment management plugin, mainly used to create and manage service appointment system, support multi-location, multi-service, multi-staff appointment function. A cross-site scripting vulnerability exists in the WordPress Easy Appointment...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/30 12:0 a.m.3 views

Polska Akademia Dostępności CMS SQL注入漏洞

Polska Akademia Dostępności CMS is an accessible web content management system from Polska Akademia Dostępności, Poland. Polska Akademia Dostępności CMS suffers from an SQL injection vulnerability that stems from improperly neutralized inputs to the article locator function, which could lead to a...

10CVSS7.4AI score0.00583EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/08/06 12:0 a.m.6 views

The vulnerability of the DDSH CLI interface for Dell EMC Data Domain Operating Systems allows a perpetrator to execute arbitrary commands.

The vulnerability of the DDSH CLI interface for Dell EMC Data Domain Operating Systems is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability can allow attackers to execute arbitrary commands...

6.8CVSS5.8AI score0.0045EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/08/04 12:0 a.m.5 views

The vulnerability of the GitK browser extension “gitk filename”, which allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the gitk browser extension exists because measures to neutralize special elements have not been taken. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and accessibility of protected information...

8.6CVSS7.7AI score0.00314EPSS
Exploits0References8Affected Software5
BDU FSTEC
BDU FSTEC
added 2025/07/30 12:0 a.m.4 views

The vulnerability of the PAN-OS operating system, related to the failure to take measures to neutralize special elements, allows a perpetrator to execute arbitrary commands.

The vulnerability of the PAN-OS operating system is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a perpetrator to execute arbitrary commands with root privileges...

6.8CVSS5.9AI score0.00558EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/10 12:0 a.m.6 views

The vulnerability of the operating environment for managing and maintaining the Dell Unity Operating Environment (DELL Unity Operating Environment) storage system lies in the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to enhance their privileges and execute arbitrary commands.

The vulnerability of the Dell Unity Operating Environment’s operating system for storing and managing data involves the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability can allow a malicious actor to increase their...

7.5CVSS5.8AI score0.01509EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/06/23 12:0 a.m.4 views

The vulnerability of the Tenda AX12 Wi-Fi router’s microprogramming software lies in the lack of measures to neutralize the special elements used in the operating system’s command set. This allows a hacker to execute arbitrary commands.

The vulnerability of the microprogrammed Wi-Fi router Tenda AX12 relates to the lack of measures taken to neutralize special elements used in the operating system’s command processing when handling the list parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

10CVSS8.1AI score0.02411EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/20 12:0 a.m.5 views

The vulnerability of the plugin “Export to Excel. Exporting product catalogs for 1C-Bitrix. Creating price lists” allows a perpetrator to execute arbitrary commands.

The vulnerability of the plugin “Export to Excel. Exporting product catalogs for 1C-Bitrix. Creating price lists” is related to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute...

9CVSS5.9AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/20 12:0 a.m.6 views

The vulnerability of the “Mass Processing of Infobox Elements (Products)” plugin, which arises from failing to take measures to neutralize special elements, allows a violator to execute arbitrary commands.

The vulnerability of the “Massive Processing of Infoblock Elements Products” plugin is related to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9CVSS5.9AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/18 12:0 a.m.5 views

The vulnerability of the iTop web tool for managing IT services arises from the lack of measures to neutralize special elements, allowing attackers to execute arbitrary code.

The vulnerability of the iTop IT service management web tool is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9CVSS5.9AI score0.00417EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/09 12:0 a.m.5 views

The vulnerability in the web interface for controlling microprogrammed IP phones of the Cisco Small Business SPA500 series allows attackers to perform cross-site scripting attacks.

The vulnerability in the web interface for managing microprogrammed IP phones of the Cisco Small Business SPA500 series is related to the lack of measures taken to neutralize HTML tags. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...

5.8CVSS6.1AI score0.00368EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 8:33 a.m.5 views

CVE-2024-50426

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This issue affects Survey Maker: from n/a through = 5.0.2...

5.9CVSS5.9AI score0.00255EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/04/01 12:0 a.m.4 views

The vulnerability of the GUI component of the FortiSandbox threat detection and mitigation system allows a perpetrator to execute arbitrary commands.

The vulnerability of the GUI component of the FortiSandbox threat detection and mitigation system exists because measures to neutralize its special elements have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9CVSS5.9AI score0.00494EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/03/31 12:0 a.m.7 views

The vulnerability of the operating environment for managing and maintaining the Dell Unity Operating Environment (DELL Unity OE) lies in the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to enhance their privileges and execute arbitrary commands.

The vulnerability of the Dell Unity Operating Environment’s operating environment for data storage management and operation is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability can allow attackers to enhance...

7.8CVSS5.8AI score0.0055EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/03/31 12:0 a.m.4 views

The vulnerability of the Dell Unity Operating Environment’s operating environment for managing and maintaining data storage allows attackers to gain access to, read, modify, and delete arbitrary files. This vulnerability arises from the lack of measures taken to neutralize special elements used in the operating system’s command set.

The vulnerability of the Dell Unity Operating Environment’s operating environment for data storage management and operation is related to the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability can allow a malicious actor, acting...

9.4CVSS5.4AI score0.01273EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder