Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CVE
CVEadded 2024/06/06 6:39 p.m.59 views

CVE-2024-1880

CVE-2024-1880 concerns the significant-gravitas/autogpt project, where the MacOSTTS component (MacOS Text-To-Speech) in the _speech method uses os.system to run the say command with user-supplied text. This allows OS command injection and potential arbitrary code execution when AutoGPT is run wit...

7.8CVSS7.9AI score0.00185EPSS
Exploits1References2Affected Software1
NVD
NVDadded 2017/10/19 8:29 p.m.16 views

CVE-2016-8748

In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM...

5.4CVSS5.2AI score0.00406EPSS
Exploits1References2
Drupal
Drupaladded 2015/02/25 12:0 a.m.13 views

SA-CONTRIB-2015-054 - SMS Framework - Cross Site Scripting (XSS)

SMS Framework module enables you to send and receive SMS messages from and into Drupal. The module doesn't sufficiently sanitize user supplied text in message previews, thereby exposing a reflected Cross Site Scripting vulnerability. An attacker could exploit this vulnerability by getting the...

2.6CVSS6AI score0.00285EPSS
Exploits0References9
RubySec
RubySecadded 2013/12/03 12:0 a.m.21 views

XSS Vulnerability in simple_format helper

There is a vulnerability in the simpleformat helper in Ruby on Rails. The simpleformat helper converts user supplied text into html text which is intended to be safe for display. A change made to the implementation of this helper means that any user provided HTML attributes will not be escaped...

4.3CVSS1AI score0.00236EPSS
Exploits0References1Affected Software1
exploitpack
exploitpackadded 2012/08/02 12:0 a.m.14 views

Mahara 1.4.1 - Multiple Cross-Site Scripting HTML Injection Vulnerabilities

Mahara 1.4.1 - Multiple Cross-Site Scripting HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/54776/info Mahara is prone to multiple cross-site scripting vulnerabilities and an HTML-injection vulnerability because it fails to properly sanitize user-supplied text. Successfu...

0.4AI score
Exploits0
Drupal
Drupaladded 2012/05/02 12:0 a.m.12 views

SA-CONTRIB-2012-070 - Taxonomy Grid : Catalog - Cross Site Scripting (XSS) - Unsupported

CVE: CVE-2012-2308 This module provides a page where you can see each content types you've selected under terms from vocabularies you've selected. This module does not properly filter user supplied text resulting in a Cross Site scripting bug. This vulnerability is mitigated by the fact that an...

3.5CVSS6AI score0.00175EPSS
Exploits0References8
Drupal
Drupaladded 2012/02/29 12:0 a.m.21 views

SA-CONTRIB-2012-029 - Taxonomy Views Integrator - Cross Site Scripting (XSS)

CVE: CVE-2012-1653 The Taxonomy Views Integrator allows selective overriding of taxonomy terms and/or vocabulary with the view of your choice. Using TVI you can easily create custom views to output all terms in X vocabulary. The module doesn't sufficiently filter user supplied text on views pages...

3.5CVSS6.3AI score0.00335EPSS
Exploits0References11
Rows per page
Query Builder