Lucene search
K

20 matches found

NVD
NVD
added 2026/03/04 11:16 p.m.12 views

CVE-2026-26002

Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain susceptible...

9.8CVSS0.00533EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/26 5:24 p.m.35 views

CVE-2026-1446 XSS issue is Esri ArcGIS Pro versions 3.6.0 and earlier

There is a Cross‑Site Scripting XSS issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop application, and exploitation is limited to local users interacting with the application; no privileged role or elevated permissions are required beyond standard local user access. A...

5CVSS0.0015EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/07 5:9 p.m.7 views

EUVD-2026-1405

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML tag parser. This issue has been patched in version 2.3.1.2...

5.5CVSS6.4AI score0.00155EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.3 views

ChurchCRM 跨站脚本漏洞

ChurchCRM is an open source church management system. ChurchCRM suffers from a cross-site scripting vulnerability that stems from insufficient cleanup and coding when storing user-entered HTML/JS, which can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a crafted...

6.2CVSS5.9AI score0.0017EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.6 views

LibreNMS 跨站脚本漏洞

LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments, and automatic updates. A cross-site scripting vulnerability exists in LibreNMS versions prior to 25.11.0, which...

6.2CVSS6AI score0.00221EPSS
Exploits0References2
NVD
NVD
added 2025/10/30 10:15 p.m.7 views

CVE-2016-15049

Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site scripting XSS in the Dashboards section when rendering log entries in the Logs table. Untrusted log content was not safely encoded for the output context, allowing attacker-controlled data present in logs to execute script in...

5.4CVSS0.00466EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/08 12:0 a.m.5 views

Fides 安全漏洞

Fides is an open source privacy engineering platform open-sourced by Ethyca to manage the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A security vulnerability exists in versions of Fides prior to 2.69.1 that stems from a...

6.5CVSS6.4AI score0.00277EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/18 12:0 a.m.6 views

JVN#46919949: PgManage vulnerable to injection

PgManage provided by Command Prompt, Inc. uses RestrictedPython module. The version of RestrictedPython module imported to PgManage contains vulnerabilities, which are inherited to PgManage CWE-477. Impact A user of the affected product may escape a sandbox and execute arbitrary code. Solution...

7.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/02/14 12:0 a.m.7 views

PT-2025-7076

Name of the Vulnerable Software and Affected Versions: Label Studio versions prior to 1.16.0 Description: Label Studio's S3 storage integration feature contains a Server-Side Request Forgery SSRF vulnerability in its endpoint configuration. When creating an S3 storage connection, the application...

8.6CVSS6.1AI score0.00617EPSS
Exploits1References17
CNNVD
CNNVD
added 2025/01/07 12:0 a.m.3 views

WordPress plugin jQuery TwentyTwenty 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS7.7AI score0.0034EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/16 12:0 a.m.6 views

Ivanti Connect Secure Security Vulnerability

Ivanti Connect Secure is a secure remote network connection tool from Ivanti Corporation, USA. A security vulnerability exists in versions prior to Ivanti Connect Secure 22.6R2 that stems from the presence of a Denial of Service DoS vulnerability...

7.5CVSS6.8AI score0.02376EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/12/13 12:0 a.m.6 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.7AI score0.00562EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/11/24 12:0 a.m.6 views

CodeIgniter Shield Security Vulnerabilities

CodeIgniter Shield is the authentication and authorization module for CodeIgniter 4 from CodeIgniter, Inc. A security vulnerability exists in CodeIgniter Shield versions prior to 1.0.0-beta.8 that stems from the use of plaintext to store sensitive information in HMAC SHA256 authentication...

6.5CVSS6.7AI score0.00284EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/11 12:0 a.m.4 views

Intel Driver and Support Assistant Cross-Site Scripting Vulnerability

Intel Driver and Support Assistant is an Intel Driver and Support Assistant application from Intel Corporation USA. The program is mainly used to detect and install system driver updates. A security vulnerability exists in Intel Driver and Support Assistant versions prior to 23.1.9. An attacker c...

9.6CVSS6.8AI score0.00491EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/10/31 12:0 a.m.6 views

M-Files Hubshare 授权问题漏洞

M-Files Hubshare is a collaboration solution from M-Files, Inc. designed to seamlessly share files, documents and collaborative content. A security vulnerability exists in versions of M-Files Hubshare prior to 3.3.11.3, which stems from imperfect access control of its PDFtron data allowing an...

8.2CVSS7.3AI score0.00384EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/05/07 12:0 a.m.5 views

Singularity Image Format 安全特征问题漏洞

Singularity is an open source container management platform from the Singularity team Singularity. The software supports building applications on their desktops and running hundreds or thousands of instances on any public cloud or at the compute edge. A security vulnerability exists in versions...

7.5CVSS5.6AI score0.00958EPSS
Exploits1References1
CNVD
CNVD
added 2020/09/22 12:0 a.m.2 views

Gradle Enterprise Export API Authentication Vulnerability

Gradle is a set of JVM-based project build tools , it supports maven, Ivy repository and so on. A security vulnerability exists in Gradle Enterprise prior to version 2020.2.4. The vulnerability stemmed from an unrestricted cross-domain request for read-only data in the Export API. An attacker...

6.5CVSS6.7AI score0.00422EPSS
Exploits0References1
CNVD
CNVD
added 2018/04/02 12:0 a.m.5 views

MetaIO SDK for Android Arbitrary Code Execution Vulnerability

MetaIO SDK for Android is a software development kit for building augmented reality applications based on the Android platform. A security vulnerability exists in versions of MetaIO SDK for Android prior to 6.0.2.1. The vulnerability can be exploited to execute arbitrary code via the finalize...

9.8CVSS7.7AI score0.02052EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/10 12:0 a.m.5 views

MantisBT Cross-Site Scripting Vulnerability (CNVD-2017-28224)

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. A cross-site scripting vulnerability exists in MantisBT versions prior to 1.2.19 and prior to 1.3.0-beta.2. A remote...

6.5CVSS6.4AI score0.02285EPSS
Exploits0References1
OwnCloud
OwnCloud
added 2012/12/20 5:4 p.m.69 views

XSS vulnerability in bookmarks - ownCloud

A cross-site scripting XSS vulnerability in ownCloud before 4.5.5 and 4.0.10 allow remote attackers to inject arbitrary web script or HTML via the PATH data to index.php in apps/bookmark/ Affected Software ownCloud Server 4.5.5 CVE-2013-5666 ownCloud Server 4.0.10 CVE-2013-5666 Action Taken It is...

4.7CVSS5.3AI score0.00306EPSS
Exploits0Affected Software1
Rows per page
Query Builder