Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.13 views

CVE-2026-44724

A flaw was found in systeminformation, a Node.js library. This vulnerability allows a local attacker on Linux to inject arbitrary commands. This occurs when an active NetworkManager connection profile name contains shell metacharacters, which are not properly sanitized before being used in shell...

7.8CVSS5.3AI score0.0062EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.9 views

CVE-2026-7457

The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profile update endpoint — where raw POST parameters firstname, lastname, phone, notes bypass sanitizati...

6.4CVSS5.7AI score0.00339EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/13 3:29 p.m.9 views

NPM: Systeminformation vulnerable to Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name

NPM: Systeminformation vulnerable to Linux command injection in networkInterfaces via unsanitized NetworkManager connection profile name vulnerability discovered by ? in WordPress Npm systeminformation versions = 4.17.0, = 5.31.5...

7.8CVSS5.8AI score0.0062EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/03 4:0 a.m.8 views

CI4MS: Profile & User Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability 1: Stored DOM XSS via Profile Name Update Persistent Payload Injection - Stored Cross-Site Scripting via Unsanitized User Name in Profile Management Description The application fails to properly sanitize user-controlled input when users update their profile name e.g., full...

9.4CVSS6AI score0.00297EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/11/23 3:15 p.m.4 views

UBUNTU-CVE-2022-45151

The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website...

5.4CVSS6.3AI score0.00655EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/03/23 2:41 p.m.3 views

pki-core: Stored XSS in TPS profile creation

A flaw was found in the pki-core's Token Processing Service TPS where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting XSS vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a...

5.4CVSS5.7AI score0.00764EPSS
Exploits0References4
Rows per page
Query Builder