Lucene search
K

362469 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/08 7:3 p.m.6 views

CVE-2026-47344

When ALLOWINSECURERAWTEXT is enabled, whitespace-variant closing tags e.g., are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitiz...

2.1CVSS5.2AI score0.00282EPSS
Exploits0References3
OSV
OSV
added 2026/05/13 11:8 a.m.12 views

CLSA-2026-1778670534 php: Fix of CVE-2026-6735

CVE-2026-6735: HTML-encode proc.requesturi and tighten querystring entity flags in sapi/fpm/fpm/fpmstatus.c to fix XSS in PHP-FPM status endpoint...

8.8CVSS5.8AI score0.0021EPSS
Exploits1References1
OSV
OSV
added 2026/04/17 1:3 p.m.11 views

OESA-2026-1977 golang security update

. Security Fixes: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.CVE-2026-25679 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the valu...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References3
OSV
OSV
added 2026/03/24 12:16 a.m.7 views

UBUNTU-CVE-2026-33170

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and th...

6.1CVSS5.8AI score0.00327EPSS
Exploits0References9
CVE
CVE
added 2026/03/06 9:28 p.m.82 views

CVE-2026-27142

CVE-2026-27142 is disclosed as an issue where URLs inserted into the content attribute of HTML meta tags were not escaped, potentially enabling XSS when the meta tag has http-equiv="refresh". Public advisories (ALAS2-2026-3310, ALAS2-2026-3313, ALAS2-2026-3311, ALAS2023-2026-1771, etc.) link this...

6.1CVSS5.7AI score0.00328EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2025/12/18 1:14 p.m.12 views

CVE-2025-40891

The CVE-2025-40891 issue affects Nozomi Networks Guardian/CMC Time Machine Snapshot Diff functionality. An unauthenticated attacker can send crafted network packets at two different times to inject HTML into asset attributes across two snapshots. When a user interacts with the affected snapshots ...

4.7CVSS6.1AI score0.00143EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-1222

Malware in sbrugna...

6.1CVSS6.1AI score0.01245EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-0312

Malware in sbrugna...

4.3CVSS7.3AI score0.01962EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-38613

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.01192EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-15853

Malicious code in bioql PyPI...

6.1CVSS7.9AI score0.00545EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.16 views

EUVD-2022-1356

Malicious code in bioql PyPI...

6.1CVSS6.9AI score0.01157EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 4:45 a.m.5 views

CVE-2023-22461

The sanitize-svg package, a small SVG sanitizer to prevent cross-site scripting attacks, uses a deny-list-pattern to sanitize SVGs to prevent XSS. In doing so, literal...

7.6CVSS6.1AI score0.00571EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:36 a.m.15 views

CVE-2022-4898

In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different approach was take...

5.4CVSS6.3AI score0.00389EPSS
Exploits0References1
Openbugbounty
Openbugbounty
added 2025/04/24 12:56 p.m.16 views

carnicasmulas.com Cross Site Scripting vulnerability OBB-4049104

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2025/04/24 9:3 a.m.18 views

medicine.karazin.ua Cross Site Scripting vulnerability OBB-4049079

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2025/04/23 4:11 p.m.17 views

manuall.cz Cross Site Scripting vulnerability OBB-4048836

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2025/04/21 6:9 a.m.17 views

krucemburk.shm.cz Cross Site Scripting vulnerability OBB-4047889

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2025/04/21 2:55 a.m.15 views

keyw.com Cross Site Scripting vulnerability OBB-4047760

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2025/04/11 11:34 a.m.11 views

freebirdnutrition.ca Cross Site Scripting vulnerability OBB-4043643

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2025/04/11 10:45 a.m.11 views

forum56.com Cross Site Scripting vulnerability OBB-4043620

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Rows per page
Query Builder