Lucene search
K

29 matches found

CNNVD
CNNVD
added 2026/04/22 12:0 a.m.11 views

Spring Security 访问控制错误漏洞

Spring Security is a security framework developed by Spring OpenSource that includes authentication and authorization features. In versions 7.0.0 to 7.0.4 of Spring Security, there was an access control vulnerability. This vulnerability occurred when the servlet path defined using the tag did not...

7.5CVSS5.8AI score0.00266EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/12 12:0 a.m.3 views

Fedora 42 : tuxanci (2026-c76c93c411)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-c76c93c411 advisory. This release removes bad URL tag from the package. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note tha...

5.6AI score
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-3263

Malware in sbrugna...

6.1CVSS6.3AI score0.00671EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2006-1023

Malware in sbrugna...

4.3CVSS6.4AI score0.0094EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-0317

Malware in sbrugna...

4.3CVSS6.4AI score0.02076EPSS
Exploits1References9
OpenVAS
OpenVAS
added 2025/05/26 12:0 a.m.6 views

Fedora: Security Advisory (FEDORA-2024-ae2925c3ae)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.7CVSS7.9AI score0.02507EPSS
Exploits4References29
OSV
OSV
added 2022/05/13 1:16 a.m.4 views

GHSA-7GHM-RPC7-P7G5 Code injection in Apache Struts

A vulnerability introduced by forcing parameter inclusion in the URL and Anchor Tag allows remote command execution, session access and manipulation and XSS attacks. both the s:url and s:a tag provide an includeParams attribute. The main scope of that attribute is to understand whether includes...

8.1CVSS7.6AI score0.72778EPSS
Exploits9References12
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.19 views

Apache Struts Remote Code Execution Vulnerability

Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defined in underlying configurations and in same time, its upper package configuration have no or...

9.3CVSS8.5AI score0.99993EPSS
In wildExploits41
OSV
OSV
added 2018/10/18 7:24 p.m.5 views

GHSA-CR6J-3JP9-RW65 Apache Struts vulnerable to remote command execution (RCE) due to improper input validation

Apache Struts contains a Remote Code Execution when using results with no namespace and it's upper actions have no or wildcard namespace. The same flaw exists when using a url tag with no value, action set, and it's upper actions have no or wildcard namespace...

8.1CVSS7.2AI score0.99993EPSS
Exploits41References27
Openbugbounty
Openbugbounty
added 2018/08/30 2:28 a.m.8 views

dille-kamille.be XSS vulnerability

Open Bug Bounty ID: OBB-671063 Description| Value ---|--- Affected Website:| dille-kamille.be Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Veracode
Veracode
added 2018/08/22 5:36 p.m.64 views

Remote Code Execution (RCE)

struts2-core is vulnerable to remote code execution RCE attacks. These attacks are possible when using a namespace or url tag which doesn't have a value and action set and where its upper action configuration is using a wildcard namespace or has no namespace...

8.1CVSS8.4AI score0.99993EPSS
Exploits41References22Affected Software3
OSV
OSV
added 2018/08/22 1:29 p.m.38 views

CVE-2018-11776

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true either by user or a plugin like Convention Plugin and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace...

8.1CVSS7.6AI score0.99993EPSS
Exploits41References20
Cvelist
Cvelist
added 2018/08/22 1:0 p.m.32 views

CVE-2018-11776

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true either by user or a plugin like Convention Plugin and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace...

8.5AI score0.99993EPSS
Exploits41References19
OSV
OSV
added 2017/07/26 8:29 a.m.10 views

CVE-2017-11651

NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag...

6.1CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 2017/07/26 8:0 a.m.28 views

CVE-2017-11651

NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag...

6AI score0.00671EPSS
Exploits1References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

Koobi 5.0 BBCode URL Tag Script Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16078/info Koobi is prone to a script injection vulnerability. An attacker can nest BBCode URL tags to trigger this issue and execute arbitrary code in a user's browser. Attacker-supplied HTML and script code would be abl...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/10/17 12:0 a.m.37 views

openSUSE 10 Security Update : opera (opera-2181)

This update fixes the RSA signature checking problem found in openssl in the Opera webbrowser which is statically linked against openssl. CVE-2006-4339 A URL tag parsing heap overflow in Opera could be used to potentially execute code. CVE-2006-4819 %NASLMINLEVEL 70300 C Tenable Network Security,...

5.1CVSS7.2AI score0.04894EPSS
Exploits1References2
securityvulns
securityvulns
added 2006/06/28 12:0 a.m.52 views

[KAPDA]MyBB 1.1.4~function_post.php~XSS Attack In URL tag

ORIGINAL ADVISORY: http://kapda.ir/page-advisory.html http://myimei.com/security/2006-06-22/mybb-114-functionpostphpxss-attack-in-url-tag.html ——————–Summary—————- Software: MyBB Sowtware’s Web Site: http://www.mybboard.com Versions: 1.1.3 Class: Remote Status: Patched Exploit: Available Discover...

1AI score
Exploits0
Prion
Prion
added 2006/03/07 12:2 a.m.23 views

Cross site scripting

Cross-site scripting XSS vulnerability in fce.php in UKiBoard 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a BBCode url tag when using the showpost function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

4.3CVSS6AI score0.0094EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2006/03/07 12:0 a.m.25 views

CVE-2006-1019

Cross-site scripting XSS vulnerability in fce.php in UKiBoard 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a BBCode url tag when using the showpost function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

5.6AI score0.0094EPSS
Exploits0References2
Rows per page
Query Builder