Lucene search
K

4 matches found

Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.4 views

PT-2026-32490

Name of the Vulnerable Software and Affected Versions KubePlus version 4.14 Description The '/registercrd' endpoint in the kubeconfiggenerator component is susceptible to command injection. The issue occurs because the component utilizes the subprocess.Popen function with the shell=True parameter...

8.8CVSS6AI score0.02183EPSS
Exploits1References5
Snyk
Snyk
added 2026/01/13 7:57 p.m.4 views

Arbitrary Command Injection

Overview renovate is a dependency updater. Affected versions of this package are vulnerable to Arbitrary Command Injection due to the improper sanitazation of user-supplied chart name in the helmRepositoryArgs function of kustomize manager. An attacker can execute arbitrary commands on the host...

8.4CVSS7.7AI score
Exploits0References2
Veracode
Veracode
added 2025/09/05 7:17 a.m.5 views

Cross-site Scripting (XSS)

apachesuperset is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of chart column labels, which allows an attacker to inject malicious payloads that execute in a victim’s browser and potentially lead to session hijacking or arbitrary command...

5.4CVSS6.3AI score0.00617EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/17 3:28 a.m.18 views

CVE-2025-8867

The Graphina - Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple chart widget parameters in version 3.1.3 and below. This is due to insufficient input sanitization and output escaping on user supplied attributes such as chart categories,...

6.4CVSS6.1AI score0.00374EPSS
Exploits0References1
Rows per page
Query Builder