Lucene search
K

10 matches found

RedHat Linux
RedHat Linux
added 6 days ago5 views

jastow: Jastow Cross-Site Scripting attack due to unsanitized URI

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 12:9 a.m.11 views

CVE-2025-67447

The network diagnosis ping module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does not properly sanitize user input in the IP address field before passing it to the system's ping command. An attacker can inject arbitrary OS commands,...

9.8CVSS6AI score0.01026EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 12:0 a.m.18 views

CVE-2025-67447

The CVE concerns the ping module in Neterbit NW-431F Router (versions up to 20241014-IR03) with OS command injection via unsanitized IP address input fed to the system ping. The input validation flaw allows an attacker to inject arbitrary commands, which would run with the web server’s privileges...

9.8CVSS6AI score0.01026EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/04 12:0 a.m.10 views

CVE-2025-67447

The network diagnosis ping module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does not properly sanitize user input in the IP address field before passing it to the system's ping command. An attacker can inject arbitrary OS commands,...

9.8CVSS6AI score0.01026EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/12 7:57 p.m.5 views

CVE-2026-25933

Arduino App Lab is a cross-platform IDE for developing Arduino Apps. Prior to 0.4.0, a vulnerability was identified in the Terminal component of the arduino-app-lab application. The issue stems from insufficient sanitization and validation of input data received from connected hardware devices,...

6.8CVSS5.4AI score0.00151EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.8 views

PT-2025-50213

Name of the Vulnerable Software and Affected Versions Coohom SaaS Platform version 1760060603897 2025-10-28 Description A stored Cross-Site Scripting XSS issue exists in the Account Settings module. The issue occurs because unsanitized user input in Address fields, specifically City, State, and...

5.4CVSS6.3AI score0.00169EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2025/02/11 4:42 p.m.12 views

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

9.8CVSS6.8AI score0.01331EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2025/02/11 3:54 p.m.26 views

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS6.8AI score0.01331EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2024/08/13 9:16 a.m.11 views

go-retryablehttp: url might write sensitive information to log file

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information...

6CVSS7.1AI score0.00358EPSS
Exploits0References4
OSV
OSV
added 2021/08/02 11:15 a.m.3 views

CVE-2021-24476

The Steam Group Viewer WordPress plugin through 2.1 does not sanitise or escape its "Steam Group Address" settings before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue...

5.4CVSS6.1AI score0.0062EPSS
Exploits2References1
Rows per page
Query Builder