Lucene search
K

4652 matches found

Nuclei
Nuclei
added yesterday32 views

JoomlaUX JUX Real Estate 3.4.0 - Reflected XSS

A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the argument Itemid/jpyearbuilt leads to cross...

6.1CVSS3.7AI score0.0097EPSS
Exploits2References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in OpenCV

A out-of-bounds read was discovered in OpenCV prior to version 4.1.1. Specifically, the variable coarsestscale is assumed to be greater than or equal to finestscale within the calc/oclcalc functions in disflow.cpp. However, this assumption is incorrect when dealing with small images, resulting in...

6.5CVSS6.1AI score0.01742EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-51123

Description The ux:install console command installs files from a recipe kit by copying paths listed in a copy-files map. The only guard against malicious paths was Path::isRelative, which returns true for paths like ../../../etc. Path::join then resolves the .. segments without complaint, so the...

7.8CVSS6.1AI score
Exploits0References5
EUVD
EUVD
added 2026/06/09 6:30 p.m.9 views

EUVD-2026-35685

Out-of-bounds read in Microsoft UxTheme Library uxtheme.dll allows an authorized attacker to deny service locally...

5.5CVSS5.4AI score0.00383EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.10 views

PT-2026-47995

Out-of-bounds read in Microsoft UxTheme Library uxtheme.dll allows an authorized attacker to deny service locally...

5.5CVSS5.4AI score0.00383EPSS
Exploits0References2
Friends Of PHP
Friends Of PHP
added 2026/05/29 8:0 a.m.15 views

symfony/ux-live-component Denial of service via unbounded batch action requests

Description Symfony\UX\LiveComponent\Controller\BatchActionController::invoke iterates over the client-supplied actions array and issues a full HttpKernel sub-request for each entry event subscribers, validators, Doctrine, rendering. The array size is never bounded, so an authenticated client can...

5.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/05/29 8:0 a.m.18 views

symfony/ux-autocomplete XSS via unescaped AJAX response data

Description The Stimulus controller shipped with symfony/ux-autocomplete renders AJAX response items into the dropdown by interpolating the text field directly into HTML template literals $itemlabelField inside createAutocompleteWithRemoteData. The value is parsed as HTML rather than text, so any...

5.8AI score
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/05/27 2:34 a.m.66 views

CVE-2026-48961 IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID

IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...

0.00262EPSS
Exploits0References2
CVE
CVE
added 2026/05/14 7:52 p.m.17 views

CVE-2026-8539

CVE-2026-8539 describes a script injection (UXSS) in Chrome on Android via the SanitizerAPI, exploitable through a crafted HTML page. Affected software: Google Chrome for Android (Chromium-based). Vulnerable component: SanitizerAPI. Root cause: insufficient input handling in SanitizerAPI leading ...

5.4CVSS6AI score0.00159EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.10 views

UI UX Pro Max 注入漏洞

UI UX Pro Max is Next Level Builder open source a cross-platform UI/UX intelligent design system generation tool. UI UX Pro Max 2.5.0 and earlier versions of the injection vulnerability , the vulnerability stems from the Tailwind Config Generator component in the...

6.5CVSS6.7AI score0.00242EPSS
Exploits0References2
Fedora
Fedora
added 2026/04/16 11:42 p.m.8 views

[SECURITY] Fedora 44 Update: kf6-kirigami-6.25.0-1.fc44

QtQuick plugins to build user interfaces based on the KDE UX guidelines...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/01 11:1 p.m.4 views

CVE-2026-32607

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, when the hidden prioritizefullnameinux site setting is enabled defaults to false, requires console access to change, user...

5.4CVSS5.8AI score0.00167EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.7 views

Discourse 跨站脚本漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a cross-site scripting vulnerability that stems from the user and group display names not being HTML escaped in...

5.4CVSS5.7AI score0.00167EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/13 9:31 p.m.8 views

EUVD-2026-11788

Missing Authorization vulnerability in UX-themes Flatsome flatsome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flatsome: from n/a through = 3.19.6...

5.3CVSS5.8AI score0.00242EPSS
Exploits0References2
OSV
OSV
added 2026/02/26 9:20 p.m.7 views

CVE-2026-27154 Discourse has XSS when editing a malicious post

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, a user full name can be evaluated as raw HTML when the following settings are set: displaynameonposts = true; and prioritizeusernameinux = false. Editing a post of a malicious user would trigger ...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References3
NVD
NVD
added 2026/02/26 9:16 a.m.6 views

CVE-2026-28083

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UX-themes Flatsome flatsome allows Stored XSS.This issue affects Flatsome: from n/a through = 3.20.5...

6.5CVSS0.0013EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/10 4:35 p.m.5 views

Malicious Package

Overview @ux-foundry/palette is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2026/01/28 4:33 p.m.4 views

Malicious Package

Overview docs-ux is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/24 3:18 p.m.5 views

CVE-2026-24576

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through = 5.4.0...

6.5CVSS5.4AI score0.00198EPSS
Exploits0References1
NVD
NVD
added 2026/01/23 3:16 p.m.3 views

CVE-2026-24576

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through = 5.4.0...

6.5CVSS0.00198EPSS
Exploits0References1
Rows per page
Query Builder