Lucene search
K

35 matches found

NVD
NVD
added 2026/06/23 9:16 p.m.6 views

CVE-2026-46547

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, a reflected XSS vulnerability exists in the Page Leaving Warning page. The ncRedirectUrl and ncBackUrl query parameters are used in window.location.href and tag bindings without validation, allowing javascript: URI...

6.1CVSS0.00156EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:42 p.m.26 views

CVE-2026-46547 NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, a reflected XSS vulnerability exists in the Page Leaving Warning page. The ncRedirectUrl and ncBackUrl query parameters are used in window.location.href and tag bindings without validation, allowing javascript: URI...

6.1CVSS0.00156EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.3 views

RHEL 8 : php:7.4 (RHSA-2026:2470)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2470 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap...

9.8CVSS6.2AI score0.02286EPSS
Exploits10References29
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-0146

Malware in sbrugna...

6.1CVSS6.8AI score0.02535EPSS
Exploits1References21
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2015-0214

Malware in sbrugna...

4.3CVSS4.8AI score0.01559EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-17832

Malware in sbrugna...

6.1CVSS6.3AI score0.007EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2003-1154

Malware in sbrugna...

4.3CVSS6.4AI score0.01793EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/07/08 6:23 p.m.26 views

CVE-2025-48385 Git alllows arbitrary file writes via bundle-uri parameter injection

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to...

8.6CVSS0.00785EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2024/12/03 9:8 a.m.3 views

Security update for php7

This update for php7 fixes the following issues: CVE-2024-11233: Single byte overread with convert.quoted-printable-decode filter bsc1233702. CVE-2024-11234: Configuring a proxy in a stream context might allow for CRLF injection in URIs bsc1233703. CVE-2024-8929: Leak partial content of the heap...

8.3CVSS6.8AI score0.02286EPSS
Exploits3References12
SUSE Linux
SUSE Linux
added 2024/12/02 12:26 p.m.2 views

Security update for php8

This update for php8 fixes the following issues: CVE-2024-11233: Single byte overread with convert.quoted-printable-decode filter bsc1233702. CVE-2024-11234: Configuring a proxy in a stream context might allow for CRLF injection in URIs bsc1233703. CVE-2024-8929: Leak partial content of the heap...

8.8CVSS6.8AI score0.02286EPSS
Exploits4References16
SUSE CVE
SUSE CVE
added 2023/02/15 6:4 a.m.4 views

SUSE CVE-2009-0796

Cross-site scripting XSS vulnerability in Status.pm in Apache::Status and Apache2::Status in modperl1 and modperl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI...

2.6CVSS6.1AI score0.29638EPSS
Exploits3References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:37 a.m.6 views

SUSE CVE-2013-3565

Multiple cross-site scripting XSS vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 command parameter to requests/vlmcmd.xml, 2 dir parameter to requests/browse.xml, or 3 URI in a request, which ...

6.1CVSS6.1AI score0.01583EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/11/11 9:45 p.m.37 views

CVE-2021-3907 Arbitrary filepath traversal via URI injection

OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa, which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine...

7.4CVSS9.9AI score0.04065EPSS
Exploits0References4
OSV
OSV
added 2021/11/10 8:8 p.m.20 views

GHSA-CQH2-VC2F-Q4FH Arbitrary filepath traversal via URI injection

OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa, which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine...

7.4CVSS9.7AI score0.04065EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2021/11/10 8:8 p.m.33 views

Arbitrary filepath traversal via URI injection

OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa, which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine...

9.8CVSS9.4AI score0.04065EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2021/03/24 1:15 p.m.11 views

CVE-2021-29029

A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/editpersonalpage.php URI...

4.8CVSS0.00786EPSS
Exploits1References1
Prion
Prion
added 2021/03/24 1:15 p.m.13 views

Cross site scripting

A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/myimages.php URI...

3.5CVSS4.9AI score0.00786EPSS
Exploits1References1Affected Software1
0day.today
0day.today
added 2019/08/30 12:0 a.m.45 views

Canon PRINT 2.5.5 - Information Disclosure Exploit

Exploit Title: Content Provider URI Injection on Canon PRINT 2.5.5 CVE-2019-14339 Date: 24th July, 2019 Exploit Author: 0x48piraj Vendor Homepage: https://www.usa.canon.com/internet/portal/us/home/explore/printing-innovations/mobile-printing/canon-print-app Software Link:...

5.5CVSS5.5AI score0.05393EPSS
Exploits6
Exploit DB
Exploit DB
added 2019/08/30 12:0 a.m.222 views

Canon PRINT 2.5.5 - Information Disclosure

Exploit Title: Content Provider URI Injection on Canon PRINT 2.5.5 CVE-2019-14339 Date: 24th July, 2019 Exploit Author: 0x48piraj Vendor Homepage: https://www.usa.canon.com/internet/portal/us/home/explore/printing-innovations/mobile-printing/canon-print-app Software Link:...

5.5CVSS5.8AI score0.05393EPSS
Exploits6
Packet Storm
Packet Storm
added 2019/08/30 12:0 a.m.249 views

Canon PRINT 2.5.5 URI Injection

Exploit Title: Content Provider URI Injection on Canon PRINT 2.5.5 CVE-2019-14339 Date: 24th July, 2019 Exploit Author: 0x48piraj Vendor Homepage: https://www.usa.canon.com/internet/portal/us/home/explore/printing-innovations/mobile-printing/canon-print-app Software Link:...

5.5AI score0.05393EPSS
Exploits6
Rows per page
Query Builder