|Max CVSS||7.5||Min CVSS||2.6||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may ex
|25-07-2022 - 18:15||29-04-2020 - 21:15|
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by defa
|25-07-2022 - 18:15||20-08-2019 - 21:15|
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This prob
|25-07-2022 - 18:15||29-04-2020 - 22:15|
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
|07-06-2022 - 18:40||15-10-2019 - 14:15|
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
|16-05-2022 - 19:52||20-02-2019 - 16:29|
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
|25-04-2022 - 18:43||26-07-2019 - 19:15|
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.
|22-04-2022 - 19:02||11-03-2020 - 23:15|
An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.
|06-04-2022 - 17:54||25-09-2019 - 23:15|
||01-10-2020 - 00:15||29-04-2020 - 21:15|
||25-09-2020 - 20:15||29-04-2020 - 22:15|
An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser,
|04-09-2020 - 14:57||24-08-2020 - 17:15|
A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML p
|23-03-2020 - 16:44||19-03-2020 - 14:15|