Lucene search
K

14 matches found

Cvelist
Cvelist
added 2025/10/22 8:22 a.m.6 views

CVE-2025-11952 Stored Cross-Site Scripting (XSS) in Oct8ne Chatbot

Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...

5.3CVSS0.00177EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2003-1239

Malware in sbrugna...

7.5CVSS6.4AI score0.0259EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-17448

Malicious code in bioql PyPI...

5.1CVSS6.5AI score0.00195EPSS
Exploits0References2
CVE
CVE
added 2025/05/07 3:29 p.m.76 views

CVE-2025-46827

Graylog has a vulnerability (CVE-2025-46827) where an HTML form in an Event Definition Remediation Step can leak user session cookies if an attacker has create-event-definition rights and the victim can view alerts, with an active input to receive form data. Affected versions are before 6.0.14, 6...

8CVSS7.7AI score0.00229EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2025/05/07 3:27 p.m.24 views

Graylog Allows Session Takeover via Insufficient HTML Sanitization

Impact It is possible to obtain user session cookies by submitting an HTML form as part of an Event Definition Remediation Step field. For this attack to succeed, the attacker needs a user account with permissions to create event definitions, while the user must have permissions to view alerts...

8CVSS7.6AI score0.00229EPSS
Exploits0References3Affected Software1
Metasploit
Metasploit
added 2025/04/04 6:54 p.m.435 views

CrushFTP AWS4-HMAC Authentication Bypass

This module leverages an authentication bypass in CrushFTP 11 use auxiliary/gather/crushftpauthbypasscve20252825 msf auxiliarycrushftpauthbypasscve20252825 show actions ...actions... msf auxiliarycrushftpauthbypasscve20252825 set ACTION msf auxiliarycrushftpauthbypasscve20252825 show options...

9.8CVSS7.5AI score
Exploits8
F5 Networks
F5 Networks
added 2024/08/14 1:22 p.m.37 views

K000140111: BIG-IP Next Central Manager vulnerability CVE-2024-39809

Security Advisory Description The BIG-IP Next Central Manager user session refresh token does not expire when a user logs out. CVE-2024-39809 Impact An attacker with access to obtain a user's session cookies can continue to use that session to access BIG-IP Next Central Manager and systems manage...

8.9CVSS6.7AI score0.00413EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2024/07/18 4:22 p.m.8 views

Acronis: Potential XSS Vulnerability in Acronis Login Callback URL

The Acronis login callback URL was found to be vulnerable to cross-site scripting XSS attacks. The redirectUrl parameter in the URL was not properly sanitized, allowing an attacker to inject arbitrary JavaScript code. This could have been exploited to steal user session cookies...

6AI score
Exploits0
OSV
OSV
added 2024/03/06 11:4 a.m.54 views

BIT-RESOURCESPACE-2021-41765

A SQL injection issue in pages/editfields/9ajax/addkeyword.php of ResourceSpace 9.5 and 9.6 rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user...

9.8CVSS10AI score0.67845EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/09/25 12:0 a.m.22 views

CVE-2023-43326

A reflected cross-site scripting XSS vulnerability exisits in multiple url of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL...

6AI score0.01615EPSS
Exploits2References2
Prion
Prion
added 2021/11/15 4:15 p.m.11 views

Sql injection

A SQL injection issue in pages/editfields/9ajax/addkeyword.php of ResourceSpace 9.5 and 9.6 rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user...

7.5CVSS10AI score0.67845EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/09/16 12:0 a.m.33 views

IBM Rational License Key Server Administration and Reporting Tool 8.1.4.x < 8.1.4.4 Multiple Vulnerabilities

The remote host is running a version 8.1.4.x of IBM Rational License Key Server Administration and Reporting Tool RLKS that is prior to 8.1.4.4. It is, therefore, affected by multiple vulnerabilities : - The secure flag for session cookies is not properly set when in SSL mode. An attacker can...

5CVSS5.7AI score0.02072EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2013/12/18 12:0 a.m.37 views

Mandriva Linux Security Advisory : mediawiki (MDVSA-2013:290)

Updated mediawiki packages fix security vulnerabilities : Kevin Israel Wikipedia user PleaseStand identified and reported two vectors for injecting JavaScript in CSS that bypassed MediaWiki's blacklist CVE-2013-4567, CVE-2013-4568. Internal review while debugging a site issue discovered that...

7.5CVSS7.2AI score0.02142EPSS
Exploits0References4
NVD
NVD
added 2003/12/31 5:0 a.m.13 views

CVE-2003-1249

WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions...

7.5CVSS6.7AI score0.0259EPSS
Exploits0References6
Rows per page
Query Builder