Lucene search
K

59 matches found

OSV
OSV
added 2026/03/18 3:18 a.m.6 views

USN-8104-1 flask vulnerability

Shourya Jaiswal discovered that Flask did not correctly mark certain web responses as user-specific. A remote attacker could possibly use this issue to obtain sensitive information...

4.3CVSS6AI score0.00374EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/03/18 3:18 a.m.8 views

USN-8104-1: Flask vulnerability

Shourya Jaiswal discovered that Flask did not correctly mark certain web responses as user-specific. A remote attacker could possibly use this issue to obtain sensitive information...

4.3CVSS5.8AI score0.00374EPSS
Exploits0
Cvelist
Cvelist
added 2026/03/17 9:50 p.m.22 views

CVE-2025-14806 IBM Planning Analytics Information Disclosure

IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving sensitive, user-specific responses as publicly cacheable resources...

5.7CVSS0.00292EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/19 3:18 p.m.2 views

Origin Validation Error

Overview @sveltejs/adapter-vercel is an A SvelteKit adapter that creates a Vercel app Affected versions of this package are vulnerable to Origin Validation Error via the pathname query parameter. An attacker can cause sensitive user-specific responses to be cached and subsequently served to other...

5.3CVSS5.5AI score0.00258EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:24 a.m.6 views

CVE-2018-21201

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3...

6.8CVSS7.2AI score0.0057EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/01 12:17 p.m.8 views

CVE-2025-62749

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bainternet User Specific Content user-specific-content allows DOM-Based XSS.This issue affects User Specific Content: from n/a through = 1.0.6...

6.5CVSS5.9AI score0.00173EPSS
Exploits0References1
NVD
NVD
added 2025/12/31 12:16 p.m.4 views

CVE-2025-62749

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bainternet User Specific Content user-specific-content allows DOM-Based XSS.This issue affects User Specific Content: from n/a through = 1.0.6...

6.5CVSS0.00173EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/31 11:59 a.m.3 views

CVE-2025-62749 WordPress User Specific Content plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bainternet User Specific Content allows DOM-Based XSS.This issue affects User Specific Content: from n/a through 1.0.6...

6.5CVSS5.9AI score0.00173EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/31 11:59 a.m.25 views

CVE-2025-62749 WordPress User Specific Content plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bainternet User Specific Content user-specific-content allows DOM-Based XSS.This issue affects User Specific Content: from n/a through = 1.0.6...

6.5CVSS0.00173EPSS
Exploits0References1
CVE
CVE
added 2025/12/31 11:59 a.m.10 views

CVE-2025-62749

CVE-2025-62749 is a stored Cross‑Site Scripting (XSS) vulnerability in the WordPress plugin User Specific Content (Bainternet). The issue affects versions from n/a through 1.0.6 and is exploitable in a scenario where an authenticated user (at least a Contributor) with access to the plugin can inj...

6.5CVSS5.9AI score0.00173EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/31 11:59 a.m.3 views

EUVD-2025-205925

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bainternet User Specific Content allows DOM-Based XSS.This issue affects User Specific Content: from n/a through 1.0.6...

6.5CVSS5.9AI score0.00173EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/12/31 11:58 a.m.10 views

WordPress User Specific Content plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin User Specific Content versions = 1.0.6...

6.5CVSS5.9AI score0.00173EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/31 12:0 a.m.6 views

PT-2025-54308

Name of the Vulnerable Software and Affected Versions Bainternet User Specific Content versions through 1.0.6 Description The software contains a flaw related to improper input handling during web page generation, leading to a DOM-Based Cross-Site Scripting XSS condition. This allows for the...

6.5CVSS5.9AI score0.00173EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.4 views

WordPress plugin User Specific Content 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS5.8AI score0.00173EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/13 6:31 p.m.6 views

EUVD-2025-34071

llama-index has Insecure Temporary File...

7.1CVSS7AI score0.00168EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-51018

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00486EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-30945

Malicious code in bioql PyPI...

6.5CVSS7.6AI score0.0068EPSS
Exploits1References4
Packet Storm News
Packet Storm News
added 2025/08/06 12:0 a.m.2 views

From Split to Share: Private Inference with Distributed Feature Sharing

Cloud-based Machine Learning as a Service MLaaS raises serious privacy concerns when handling sensitive client data. Existing Private Inference PI methods face a fundamental trade-off between privacy and efficiency: cryptographic approaches offer strong protection but incur high computational...

6.5AI score
Exploits0
Huntr
Huntr
added 2025/07/15 4:14 p.m.5 views

World-Writable NLTK Cache Directory Enables Local Users to Tamper with or Delete NLP Data

Description The llamaindex library sets the NLTK data directory to a subdirectory of the codebase by default e.g., static/nltkcache inside the package directory. In multi-user environments or shared hosting, this directory is world-writable or accessible by multiple users. As a result, any user c...

7.8CVSS7.4AI score0.00168EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/07/13 3:20 p.m.13 views

CVE-2025-30661

An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processing of Juniper Networks Junos OS allows a local, low-privileged user to install scripts to be executed as root, leading to privilege escalation. A local user with access to the local file system can...

8.5CVSS7.4AI score0.00168EPSS
Exploits0References1
Rows per page
Query Builder