Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

461 matches found

Nuclei
Nucleiadded 14 hours ago13 views

WordPress Varnish/Nginx Proxy Caching <= 1.8.3 - Information Exposure

Razvan Stanga Varnish/Nginx Proxy Caching = 1.8.3 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve sensitive information, exploit requires crafted requests. id: CVE-2025-62126 info: name:...

5.3CVSS5.8AI score0.0087EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/28 8:44 a.m.6 views

Malicious code in nemo-reporter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 42a43ec0a345170ad191fa1c25bdd4000595aa8ce733c6b9c69de6b65a1defb2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSVadded 2026/05/28 8:44 a.m.2 views

MAL-2026-4836 Malicious code in nemo-reporter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 42a43ec0a345170ad191fa1c25bdd4000595aa8ce733c6b9c69de6b65a1defb2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/27 8:13 p.m.4 views

CVE-2026-44668

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...

9.8CVSS5.8AI score0.00179EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/27 8:13 p.m.5 views

CVE-2026-44667

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and...

8.7CVSS5.8AI score0.00033EPSS
Exploits0References1
NVD
NVDadded 2026/05/26 6:16 p.m.8 views

CVE-2026-44667

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and...

8.7CVSS0.00033EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/26 5:43 p.m.5 views

EUVD-2026-31944

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...

9.8CVSS5.8AI score0.00179EPSS
Exploits0References2
CVE
CVEadded 2026/05/26 5:43 p.m.9 views

CVE-2026-44668

CVE-2026-44668 affects FACTION, a PenTesting Report Generation and Collaboration Framework. Prior to version 1.8.3, the authentication gate for all Struts2 actions is implemented by AccessControlInterceptor and unconditionally calls invocation.invoke() without validating a session. Four methods i...

9.8CVSS5.8AI score0.00179EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/26 5:43 p.m.3 views

CVE-2026-44668 Faction: Unauthenticated Read, Modify, and Delete of Boilerplate Templates

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...

9.8CVSS5.8AI score0.00179EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/26 5:43 p.m.23 views

CVE-2026-44668 Faction: Unauthenticated Read, Modify, and Delete of Boilerplate Templates

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...

9.8CVSS0.00179EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/26 5:43 p.m.6 views

EUVD-2026-31943

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts...

8.7CVSS5.8AI score0.00033EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/26 5:43 p.m.5 views

CVE-2026-44669

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts...

8.7CVSS5.8AI score0.00033EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2026/05/26 5:43 p.m.12 views

CVE-2026-44669

CVE-2026-44669 affects FACTION, a PenTesting Report Generation and Collaboration Framework. Before version 1.8.3, it is vulnerable to stored XSS in attachment filenames used in the assessment file preview flow. User-supplied filename values are persisted server-side and later rendered into HTML/a...

8.7CVSS5.8AI score0.00033EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/26 5:42 p.m.5 views

EUVD-2026-31942

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and...

8.7CVSS5.8AI score0.00033EPSS
Exploits0References2
CVE
CVEadded 2026/05/26 5:42 p.m.8 views

CVE-2026-44667

FACTION is a PenTesting Report Generation and Collaboration Framework. A stored XSS flaw exists prior to version 1.8.3 where user-supplied attachment filename values are persisted and rendered into HTML and attribute contexts without output encoding in remediation verification/file preview flows....

8.7CVSS5.8AI score0.00033EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/26 5:42 p.m.4 views

CVE-2026-44667 Faction: Stored XSS in Remediation Verification Attachment Filename Preview Rendering

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and...

8.7CVSS5.8AI score0.00033EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/26 12:0 a.m.5 views

PT-2026-43347

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts...

8.7CVSS5.8AI score0.00033EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/26 12:0 a.m.7 views

PT-2026-43346

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...

9.8CVSS5.8AI score0.00179EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/05/26 12:0 a.m.5 views

Faction 跨站脚本漏洞

Faction is an open-source collaborative framework for generating and evaluating penetration reports developed by Faction Security. Versions of Faction prior to 1.8.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of output encoding for attachment file nam...

8.7CVSS5.7AI score0.00033EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/05/26 12:0 a.m.5 views

Faction 安全漏洞

Faction is an open-source report generation and evaluation framework developed by Faction Security. Versions of Faction prior to 1.8.3 contained security vulnerabilities. These vulnerabilities stemmed from the lack of output encoding for attachment file names during the evaluation file preview...

8.7CVSS5.7AI score0.00033EPSS
Exploits0References2
Rows per page
Query Builder