Lucene search
K

6 matches found

EUVD
EUVD
added 2026/06/10 8:21 p.m.11 views

EUVD-2026-36126

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state across SSHMSGUSERAUTHREQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user nam...

5.3CVSS5.4AI score0.00218EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/04/22 12:0 a.m.5 views

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in versions prior to phpMyFAQ 3.1.12, which can be exploited by an attacker to bypass XSS protection by changing the name of the phpmyfaq user...

5.4CVSS6AI score0.00476EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/12/28 3:30 p.m.21 views

usememos/memos Improper Access Control vulnerability

usememos/memos 0.9.0 and prior is vulnerable to full account takeover via changing user name, email address, and display name...

8.8CVSS8.4AI score0.00911EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/12/28 3:30 p.m.18 views

GHSA-6W5W-WX8W-2CQ9 usememos/memos Improper Access Control vulnerability

usememos/memos 0.9.0 and prior is vulnerable to full account takeover via changing user name, email address, and display name...

8.8CVSS8.4AI score0.00911EPSS
Exploits1References4
PyPA
PyPA
added 2014/06/16 6:55 p.m.7 views

PYSEC-2014-78

Cross-site scripting XSS vulnerability in util/templatetags/djbletsjs.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user na...

4.3CVSS6AI score0.02392EPSS
Exploits1References9Affected Software1
UbuntuCve
UbuntuCve
added 2014/06/16 6:55 p.m.22 views

CVE-2014-3994

Cross-site scripting XSS vulnerability in util/templatetags/djbletsjs.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user na...

4.3CVSS6AI score0.02392EPSS
Exploits1References2
Rows per page
Query Builder