Lucene search
K

15 matches found

NVD
NVD
added 2026/06/15 6:16 p.m.13 views

CVE-2026-49294

Valhalla is an open source routing engine and accompanying libraries for use with OpenStreetMap data. Versions 3.6.3 and prior are vulnerable to reflected cross-site scripting XSS due to improper neutralization of input in the JSONP callback parameter. When a request specifies a JSONP callback, t...

6.1CVSS0.00149EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 4:28 p.m.10 views

CVE-2026-49294

Valhalla (open source routing engine) versions ≤ 3.6.3 are affected by a reflected XSS in the JSONP callback parameter. The input is reflected into the JavaScript response without validation or encoding, enabling an attacker to craft a URL whose callback contains arbitrary JavaScript. If a victim...

6.1CVSS5.1AI score0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 4:28 p.m.30 views

CVE-2026-49294 Valhalla has reflected XSS via unsanitized JSONP callback parameter

Valhalla is an open source routing engine and accompanying libraries for use with OpenStreetMap data. Versions 3.6.3 and prior are vulnerable to reflected cross-site scripting XSS due to improper neutralization of input in the JSONP callback parameter. When a request specifies a JSONP callback, t...

6.1CVSS0.00149EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 4:28 p.m.6 views

EUVD-2026-36741

Valhalla is an open source routing engine and accompanying libraries for use with OpenStreetMap data. Versions 3.6.3 and prior are vulnerable to reflected cross-site scripting XSS due to improper neutralization of input in the JSONP callback parameter. When a request specifies a JSONP callback, t...

6.1CVSS5.1AI score0.00149EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.17 views

PT-2026-49261

Name of the Vulnerable Software and Affected Versions Valhalla versions prior to 3.6.4 Description Reflected cross-site scripting XSS occurs due to improper neutralization of input in the JSONP callback parameter. When a request specifies a JSONP callback, the value is reflected directly into the...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References3
Spring Security Advisories
Spring Security Advisories
added 2025/09/09 12:0 a.m.6 views

This Week in Spring - September 9th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! I am home, ensconced in my studio here in somewhat sunny San Francisco, California, relaxing and trying to catch up on stuff I missed. As always, there's a ton! So let's dive right into it. Some of the amazing features that...

6.8AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/09/03 12:0 a.m.8 views

This Week in Spring - September 3rd, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's September 3rd, and I'm still buzzing from the last week's SpringOne extravaganza! Also: I'm tired. Last week was nuts. I'm super glad it happened, but I'm tired. And also buzzing. You know? Surely you don't. I hope not...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/05/05 12:0 a.m.14 views

Fedora 40 : clamav (2024-34474f346b)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-34474f346b advisory. ClamAV 1.0.6 is a critical patch release with the following fixes: Updated select Rust dependencies to the latest versions. This resolved Cargo audit...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/05/05 12:0 a.m.9 views

Fedora 38 : clamav (2024-92b8ac25a5)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-92b8ac25a5 advisory. ClamAV 1.0.6 is a critical patch release with the following fixes: Updated select Rust dependencies to the latest versions. This resolved Cargo audit...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/05/04 12:0 a.m.22 views

Fedora 39 : clamav (2024-1a79c2ef63)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-1a79c2ef63 advisory. ClamAV 1.0.6 is a critical patch release with the following fixes: Updated select Rust dependencies to the latest versions. This resolved Cargo audit...

5.8AI score
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2023/04/06 12:0 a.m.22 views

A Bootiful Podcast: José Paumard, Java Champion alumnus and Java legend, on Project Loom, Valhalla, and more, from Devnexus 2023!

Hi, Spring fans! Welcome to another installment of A Bootiful Podcast. In this installment I'll talk to legendary Oracle Java Champion alumnus, Java advocate, professor emeritus, and all around amiable fellow José Paumard, recorded at the amazing Devnexus 2023 event! José's English-language Youtu...

6.5AI score
Exploits0
HackRead
HackRead
added 2019/05/09 12:51 a.m.93 views

DeepDotWeb, Wall St and Valhalla markets seized by authorities

By Uzair Amir Arrests have been made in Israel, Europe, Brazil, and the United States. The popular dark web news and index website DeepDotWeb DDW has been seized by the Federal Bureau of Investigation FBI. Those visiting the website can see a message left by the FBI on its homepage stating that...

1.2AI score
Exploits0
The Hacker News
The Hacker News
added 2019/05/03 7:22 p.m.1 views

Europol Shuts Down Two Major Illegal 'Dark Web' Trading Platforms

Europol announced the shut down of two prolific dark web marketplaces—Wall Street Market and Silkkitie also known as Valhalla—in simultaneous global operations against underground websites for trading drugs, stolen credit card numbers, malicious software, and other illegal goods. Police in wester...

6.6AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/06/11 4:35 a.m.17 views

valhallaschools.org XSS vulnerability

Vulnerable URL: http://valhallaschools.org/apps/search/index.jsp Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1015510 VIP website status:| No Coordinated Disclosure Timeline:...

6.3AI score
Exploits0
hackapp
hackapp
added 2016/04/01 9:50 a.m.6 views

Valhalla Lost - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Valhalla Lost published at the 'play' market has multiple vulnerabilities...

0.8AI score
Exploits0References1Affected Software1
Rows per page
Query Builder