Lucene search
+L

33 matches found

OSV
OSV
added 2026/07/08 4:14 p.m.4 views

CVE-2026-59923 Mistune: XSS via percent-encoded javascript URI bypass in safe_url()

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, HTMLRenderer.safeurl does not block percent-encoded javascript URIs, allowing attacker-supplied Markdown links or images to bypass URL protections and execute script in rendered HTML. This issue is fixed in version...

6.1CVSS6.2AI score0.00199EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/07/01 11:20 p.m.35 views

CVE-2026-55792 Craft CMS: Sensitive File Disclosure / Server-Side File Read

Craft CMS is a content management system CMS. In versions starting from 4.0.0-RC1 and prior to 4.18.0, and 5.0.0-RC1 and above, prior to 5.10.0, the dataUrl Twig function is included in Craft’s Twig sandbox allowlist, allowing any control panel user granted the utility:system-messages permission ...

6CVSS0.00268EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 7:28 p.m.3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the rule ID path parameter of the alert-history endpoints. An attacker can execute arbitrary database queries and access sensitive data by injecting specially crafted input. This may also allow the attacker to perform...

8.5CVSS6.2AI score0.00235EPSS
Exploits0References2
OSV
OSV
added 2026/05/11 8:44 p.m.4 views

CVE-2026-43884 WWBN AVideo: SSRF Protection Bypass via HTTP Redirect and DNS Rebinding in isSSRFSafeURL()

WWBN AVideo is an open source video platform. In versions up to and including 29.0, two endpoints plugin/AI/receiveAsync.json.php and objects/EpgParser.php in AVideo call isSSRFSafeURL to validate user-supplied URLs, then fetch them using bare filegetcontents without disabling PHP's automatic...

7.7CVSS5.9AI score0.00348EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.13 views

WWBN AVideo 代码问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained code vulnerabilities. These vulnerabilities stemmed from the use of isSSRFSafeURL, which only verified the initial URL. This could allow attackers to bypass SSRF...

7.7CVSS5.9AI score0.00348EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/06 8:10 p.m.70 views

Improper Encoding or Escaping of Output

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the Utils::parseUrl function during comment rendering. An attacker can execute arbitrary JavaScript in the...

8.3CVSS6.1AI score0.00215EPSS
Exploits0References3
OSV
OSV
added 2026/04/27 4:0 a.m.3 views

CVE-2026-7085 HBAI-Ltd Toonflow-app downloadApp Endpoint downloadApp.ts z.url path traversal

A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects the function z.url of the file src/routes/setting/about/downloadApp.ts of the component downloadApp Endpoint. This manipulation of the argument url causes path traversal. It is possible to initiate the...

2.3CVSS5.4AI score0.00248EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/04/17 8:51 p.m.3 views

CVE-2026-40301 rhukster/dom-sanitizer: SVG <style> tag allows CSS injection via unfiltered url() and @import directives

DOMSanitizer is a DOM/SVG/MathML Sanitizer for PHP 7.3+. Prior to version 1.0.10, DOMSanitizer::sanitize allows elements in SVG content but never inspects their text content. CSS url references and @import rules pass through unfiltered, causing the browser to issue HTTP requests to...

4.7CVSS5.7AI score0.00271EPSS
Exploits0References3
CVE
CVE
added 2026/03/20 11:30 p.m.20 views

CVE-2026-33237

CVE-2026-33237 affects WWBN AVideo. The Scheduler plugin’s run() path in plugin/Scheduler/Scheduler.php uses callbackURL with isValidURL() (URL format check) but omits isSSRFSafeURL(), allowing SSRF to RFC-1918/private and cloud metadata endpoints. Concrete details show the vulnerable code at Sch...

5.5CVSS5.8AI score0.00338EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/07 9:54 a.m.12 views

CVE-2025-1211

Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery SSRF due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://[email protected]/, the URI function will parse and see the host as 127.0.0.1 which is correct, and hackney...

6.5CVSS6.5AI score0.00501EPSS
Exploits0References1
Hacker One
Hacker One
added 2025/11/27 8:51 p.m.16 views

Nextcloud: Roundcube Webmail Style Sanitizer can be bypassed using CSS Character Escapes

A vulnerability was discovered in the style sanitizer of Roundcube Webmail that allowed bypassing the sanitizer using CSS character escapes. This enabled the use of arbitrary inline CSS, such as the url function, which could be used to retrieve the IP address and user agent of the person reading...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:1 a.m.9 views

CVE-2019-8153

A mitigation bypass to prevent cross-site scripting XSS exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Successful exploitation of this vulnerability would result in an attacker being able to bypass the escapeURL function and execute a malicious XSS payload...

6.1CVSS5.3AI score0.01476EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/17 12:0 a.m.14 views

PT-2025-21783 · Totolink · Totolink A702R +1

Name of the Vulnerable Software and Affected Versions: TOTOLINK A702R, A3002R and A3002RU version 3.0.0-B20230809.1615 Description: A critical issue affects the submit-url function of the file /boafrm/formReflashClientTbl in the HTTP POST Request Handler component, leading to a buffer overflow...

9CVSS8.7AI score0.00695EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2023/10/24 12:0 a.m.7 views

PT-2023-29572 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: zzzCMS version 2.1.9 Description: The issue allows a remote attacker to execute arbitrary code via a crafted file to the down url function in the zzz.php file. This enables the attacker to potentially gain control over the system...

7.8CVSS7.8AI score0.00898EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/09/11 12:0 a.m.6 views

PT-2023-27996 · Couchcms · Couchcms

Name of the Vulnerable Software and Affected Versions: CouchCMS version 2.3 Description: An open redirect issue exists in the sanitize url parameter, allowing attackers to redirect users to arbitrary websites via crafted URLs. Recommendations: For CouchCMS version 2.3, consider disabling the...

6.1CVSS6.2AI score0.00358EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2023/09/05 12:0 a.m.6 views

The vulnerability of the input[url] function in the application development environment and the Angular platform allows attackers to trigger a service failure.

The vulnerability of the inputurl function in the application development environment and the Angular platform is related to the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability could allow an attacker to cause service failures remotely...

5.3CVSS6.5AI score0.01695EPSS
Exploits1References8Affected Software2
Positive Technologies
Positive Technologies
added 2023/04/29 12:0 a.m.10 views

PT-2023-19474 · Mlecms · Mlecms

Name of the Vulnerable Software and Affected Versions: MLECMS version 3.0 Description: A critical issue affects the get url function in the library /upload/inc/lib/admin of the file uploadincincludecommon.func.php. The manipulation of the argument $ SERVER'REQUEST URI' leads to SQL injection. The...

9.8CVSS7.5AI score0.00737EPSS
Exploits1References5
wpexploit
wpexploit
added 2022/06/02 12:0 a.m.592 views

WP Ultimate CSV Importer < 6.5.3 - Admin+ Blind SSRF

The plugin does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks Put an internal/LAN URL such as below in the file upload by URL function https://127.0.0.1:8080...

7.2CVSS1.3AI score0.01291EPSS
Exploits2
OSV
OSV
added 2022/02/10 11:45 p.m.2 views

GHSA-3HQ6-RMV7-39VH Injection in op-browser

op-browser through 1.0.9 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function...

9.8CVSS6.2AI score0.04118EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/02/10 11:45 p.m.49 views

Injection in op-browser

op-browser through 1.0.9 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function...

9.8CVSS9.3AI score0.04118EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder