Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CVE
CVEadded 2026/05/29 10:41 a.m.15 views

CVE-2026-9811

CVE-2026-9811 is a stored XSS vulnerability in Mautic 7, specifically in the project selector component. The issue arises when rendering AJAX-returned project names into DOM option fields without proper sanitization; an authenticated user with project creation rights can inject malicious script v...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/29 12:0 a.m.11 views

PT-2026-44823

A stored Cross-Site Scripting XSS vulnerability exists in the project selector component of Mautic 7. When rendering selection menus for associating projects with system entities, the application fails to sanitize project names returned via AJAX before injecting them into the DOM as option fields...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/03/10 7:59 p.m.2 views

CVE-2026-29176

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, A stored XSS vulnerability exists in the Commerce Settings - Inventory Locations page. The Name field is rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript. This XSS triggers when an...

4.8CVSS6AI score0.00234EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blogadded 2026/03/10 6:23 p.m.3 views

Craft Commerce has stored XSS in Inventory Location Name

Summary A stored XSS vulnerability exists in the Commerce Settings - Inventory Locations page. The Name field is rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript. This XSS triggers when an administrator or user with product editing permissions creates or...

4.8CVSS6AI score0.00234EPSS
Exploits0References4Affected Software1
EUVD
EUVDadded 2025/10/03 8:7 p.m.5 views

EUVD-2025-30476

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00236EPSS
Exploits1References3
OSV
OSVadded 2025/09/22 9:15 p.m.0 views

CVE-2025-57205

iNiLabs School Express SMS Express 6.2 is affected by a Stored Cross-Site Scripting XSS vulnerability in the content-management features available to authenticated admin users. The vulnerability resides in POSTed editor parameters submitted to the /posts/edit/id endpoint and similarly in Notice a...

5.4CVSS6.1AI score0.00236EPSS
Exploits1References2
Cvelist
Cvelistadded 2025/09/22 12:0 a.m.11 views

CVE-2025-57205

iNiLabs School Express SMS Express 6.2 is affected by a Stored Cross-Site Scripting XSS vulnerability in the content-management features available to authenticated admin users. The vulnerability resides in POSTed editor parameters submitted to the /posts/edit/id endpoint and similarly in Notice a...

0.00236EPSS
Exploits1References2
OSV
OSVadded 2025/08/22 4:50 p.m.5 views

GHSA-74RG-6F92-G6WX UnoPim has CSV Injection on Quick Export feature

Summary Description: CSV Injection or Formula Injection is a security vulnerability that occurs when malicious content is inserted into a CSV Comma-Separated Values file, which is then opened in a spreadsheet application like Microsoft Excel. This attack exploits the way spreadsheet software...

5.5CVSS8AI score0.00576EPSS
Exploits1References6
Rows per page
Query Builder