5 matches found
CVE-2026-42524
Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
JEESNS Cross-Site Scripting Vulnerability
JEESNS is an enterprise-level open source social management system building platform based on Java and MySQL, which includes microblogging module, group module and article module. JEESNS 1.3 version of the com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java file cross-site scripting...
CVE-2018-10119
sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service use-after-free with write access or possibly have unspecified other impact via a crafted...
openstack-nova: Sensitive information included in legacy notification exception contexts
An information exposure issue was discovered in OpenStack Compute's exceptionwrapper.py. Legacy notification exception contexts appearing in ERROR-level logs could include sensitive information such as account passwords and authorization tokens...
Dulwich buffer overflow vulnerability
Dulwich is a Python implementation of the file format and protocols of the Git version control system developed by software developer Jelmer Vernooij. A buffer overflow vulnerability exists in the C implementation of the 'applydelta' function in the pack.c file in versions of Dulwich prior to...