Lucene search
+L

4699 matches found

Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-51051

Name of the Vulnerable Software and Affected Versions Symfony UX LiveComponent versions prior to 2.x Symfony UX LiveComponent versions prior to 3.x Description The createHtml function in SymfonyUXLiveComponentUtilChildComponentPartialRenderer interpolates the $childTag variable directly into the...

5.1CVSS6AI score0.00315EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-51050

Name of the Vulnerable Software and Affected Versions Symfony UX Live Component versions prior to 2.x Symfony UX Live Component versions prior to 3.x Description The BatchActionController:: invoke function iterates over a client-supplied actions array and issues a full HttpKernel sub-request for...

5.3CVSS5.9AI score0.00268EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.21 views

PT-2026-51123

Name of the Vulnerable Software and Affected Versions Symfony UX versions 2.32.0 through 2.36.0 Symfony UX versions 3.0.0 through 3.1.9 Description The ux:install console command installs files from a recipe kit by copying paths listed in a copy-files map. Due to improper validation in...

7.8CVSS6.1AI score0.00146EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.22 views

PT-2026-51055

Name of the Vulnerable Software and Affected Versions symfony/ux-autocomplete versions prior to 2.x symfony/ux-autocomplete versions prior to 3.x Description The Stimulus controller in the software renders AJAX response items into a dropdown by interpolating the text field directly into HTML...

5.1CVSS5.9AI score0.00315EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/09 6:30 p.m.12 views

EUVD-2026-35685

Out-of-bounds read in Microsoft UxTheme Library uxtheme.dll allows an authorized attacker to deny service locally...

5.5CVSS5.4AI score0.00383EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-47995

Out-of-bounds read in Microsoft UxTheme Library uxtheme.dll allows an authorized attacker to deny service locally...

5.5CVSS5.4AI score0.00383EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/29 10:41 a.m.6 views

Improper Verification of Cryptographic Signature

Overview symfony/ux-live-component is a Live components for Symfony Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via insufficient context binding in HMAC protection for Live Component properties. An attacker can modify read-only properties o...

9.1CVSS5.4AI score0.0018EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/29 10:41 a.m.6 views

Cross-site Request Forgery (CSRF)

Overview symfony/ux-live-component is a Live components for Symfony Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via insufficient CSRF protection for LiveAction methods in symfony/ux-live-component. An attacker can invoke server-side actions on behalf of an...

3.4CVSS5.4AI score0.00179EPSS
Exploits0References2
Friends Of PHP
Friends Of PHP
added 2026/05/29 8:0 a.m.21 views

symfony/ux-autocomplete XSS via unescaped AJAX response data

Description The Stimulus controller shipped with symfony/ux-autocomplete renders AJAX response items into the dropdown by interpolating the text field directly into HTML template literals $itemlabelField inside createAutocompleteWithRemoteData. The value is parsed as HTML rather than text, so any...

5.1CVSS5.8AI score0.00315EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/05/29 8:0 a.m.19 views

symfony/ux-live-component Denial of service via unbounded batch action requests

Description Symfony\UX\LiveComponent\Controller\BatchActionController::invoke iterates over the client-supplied actions array and issues a full HttpKernel sub-request for each entry event subscribers, validators, Doctrine, rendering. The array size is never bounded, so an authenticated client can...

5.3CVSS5.8AI score0.00268EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/05/27 2:34 a.m.118 views

CVE-2026-48961 IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID

IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...

0.00262EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in OpenCV

A out-of-bounds read was discovered in OpenCV prior to version 4.1.1. Specifically, the variable coarsestscale is assumed to be greater than or equal to finestscale within the calc/oclcalc functions in disflow.cpp. However, this assumption is incorrect when dealing with small images, resulting in...

6.5CVSS6.1AI score0.01742EPSS
Exploits1References2
CVE
CVE
added 2026/05/14 7:52 p.m.20 views

CVE-2026-8539

CVE-2026-8539 describes a script injection (UXSS) in Chrome on Android via the SanitizerAPI, exploitable through a crafted HTML page. Affected software: Google Chrome for Android (Chromium-based). Vulnerable component: SanitizerAPI. Root cause: insufficient input handling in SanitizerAPI leading ...

5.4CVSS6AI score0.00159EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.11 views

UI UX Pro Max 注入漏洞

UI UX Pro Max is Next Level Builder open source a cross-platform UI/UX intelligent design system generation tool. UI UX Pro Max 2.5.0 and earlier versions of the injection vulnerability , the vulnerability stems from the Tailwind Config Generator component in the...

6.5CVSS6.7AI score0.00242EPSS
Exploits0References2
Fedora
Fedora
added 2026/04/16 11:42 p.m.13 views

[SECURITY] Fedora 44 Update: kf6-kirigami-6.25.0-1.fc44

QtQuick plugins to build user interfaces based on the KDE UX guidelines...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/01 11:1 p.m.5 views

CVE-2026-32607

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, when the hidden prioritizefullnameinux site setting is enabled defaults to false, requires console access to change, user...

5.4CVSS5.8AI score0.00167EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.8 views

Discourse 跨站脚本漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a cross-site scripting vulnerability that stems from the user and group display names not being HTML escaped in...

5.4CVSS5.7AI score0.00167EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/13 9:31 p.m.9 views

EUVD-2026-11788

Missing Authorization vulnerability in UX-themes Flatsome flatsome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flatsome: from n/a through = 3.19.6...

5.3CVSS5.8AI score0.00242EPSS
Exploits0References2
OSV
OSV
added 2026/02/26 9:20 p.m.7 views

CVE-2026-27154 Discourse has XSS when editing a malicious post

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, a user full name can be evaluated as raw HTML when the following settings are set: displaynameonposts = true; and prioritizeusernameinux = false. Editing a post of a malicious user would trigger ...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References3
NVD
NVD
added 2026/02/26 9:16 a.m.8 views

CVE-2026-28083

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UX-themes Flatsome flatsome allows Stored XSS.This issue affects Flatsome: from n/a through = 3.20.5...

6.5CVSS0.0013EPSS
Exploits0References1
Rows per page
Query Builder