Lucene search
K

11 matches found

EUVD
EUVD
added 2026/07/07 4:18 p.m.6 views

EUVD-2025-210439

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/12 5:30 p.m.47 views

CVE-2026-44170 MariaDB: Argument injection in CONNECT REST Xcurl on Windows via unsanitized URL

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated table HTTP...

6.3CVSS0.00797EPSS
Exploits0References2
Amazon
Amazon
added 2026/03/27 12:0 a.m.10 views

Medium: golang

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS7AI score0.00728EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.9 views

PT-2026-23468

Name of the Vulnerable Software and Affected Versions Exploding Gradients RAGAS versions 0.2.3 through 0.2.14 Description An arbitrary file read issue exists in the ImageTextPromptValue class. This is due to insufficient validation and sanitization of URLs provided in the retrieved contexts...

8.7CVSS5.9AI score0.00534EPSS
Exploits1References17
OSV
OSV
added 2026/02/10 4:16 a.m.5 views

CVE-2026-24323

The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality a...

6.1CVSS5.8AI score0.00206EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.12 views

PT-2026-2815

Name of the Vulnerable Software and Affected Versions GetContentFromURL plugin for WordPress versions prior to 1.1 Description The GetContentFromURL plugin for WordPress is susceptible to Server-Side Request Forgery in versions up to and including 1.0. The issue stems from the plugin utilizing wp...

7.2CVSS5.6AI score0.00302EPSS
Exploits0References7
OSV
OSV
added 2025/11/12 9:24 p.m.4 views

GHSA-4C3J-3H7V-22Q9 changedetection.io: Stored XSS in Watch update via API

Summary A Stored Cross Site Scripting is present in the changedetection.io Watch update API due to unsufficient security checks. Details Tested on changedetection.io version v0.50.24 console REPOSITORY TAG IMAGE ID CREATED SIZE ghcr.io/dgtlmoon/changedetection.io latest 0367276509a0 23 hours ago...

3.5CVSS6AI score0.00441EPSS
Exploits1References7
Cvelist
Cvelist
added 2025/11/07 5:29 a.m.17 views

CVE-2025-12520 WP Airbnb Review Slider <= 4.2 - Authenticated (Admin+) Stored Cross-Site Scripting

The WP Airbnb Review Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2 due to insufficient URL validation that allows users to pull in a malicious HTML file. This makes it possible for authenticated attackers, wit...

4CVSS0.00213EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/08/23 12:0 a.m.5 views

Wordpress Plugin Broken Link Manager SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A SQL injection vulnerability exists in Wordpress Plugin Brok...

7.2CVSS7.3AI score0.01578EPSS
Exploits2References2
OSV
OSV
added 2019/06/03 5:29 p.m.1 views

DEBIAN-CVE-2019-12308

An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provid...

6.1CVSS6.8AI score0.02563EPSS
Exploits0References1
OSV
OSV
added 2018/11/18 5:29 p.m.1 views

DEBIAN-CVE-2018-19352

Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely...

6.1CVSS5.7AI score0.01323EPSS
Exploits0References1
Rows per page
Query Builder