Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

19 matches found

RedhatCVE
RedhatCVEadded yesterday3 views

CVE-2026-42887

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting XSS vulnerability exists in the Login Page due to improper sanitization of the authLoginCustomMessage field of the /api/auth-settings endpoint. An attacker with administrative privileges c...

4.5CVSS5.4AI score0.00032EPSS
Exploits0References1
NVD
NVDadded 2026/05/11 8:25 p.m.9 views

CVE-2026-42887

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting XSS vulnerability exists in the Login Page due to improper sanitization of the authLoginCustomMessage field of the /api/auth-settings endpoint. An attacker with administrative privileges c...

4.5CVSS0.00032EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/11 7:55 p.m.28 views

CVE-2026-42887 Audiobookshelf: Stored Cross-Site Scripting in Login Page Custom Message

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting XSS vulnerability exists in the Login Page due to improper sanitization of the authLoginCustomMessage field of the /api/auth-settings endpoint. An attacker with administrative privileges c...

4.5CVSS0.00032EPSS
Exploits0References1
CVE
CVEadded 2026/05/11 7:55 p.m.10 views

CVE-2026-42887

CVE-2026-42887 affects Audiobookshelf before version 2.33.0. The issue is a stored cross-site scripting (XSS) in the Login Page caused by improper sanitization of the authLoginCustomMessage field in the /api/auth-settings endpoint. An attacker with administrative privileges can inject arbitrary H...

4.5CVSS5.8AI score0.00032EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/20 6:31 a.m.3 views

EUVD-2026-23760

A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...

5.3CVSS5.3AI score0.00014EPSS
Exploits0References5
NVD
NVDadded 2026/04/20 4:16 a.m.1 views

CVE-2026-6598

A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...

5.3CVSS0.00014EPSS
Exploits0References4
CVE
CVEadded 2026/04/20 2:45 a.m.10 views

CVE-2026-6598

CVE-2026-6598 affects langflow-ai langflow up to 1.8.3. The vulnerability lies in the function create_project/encrypt_auth_settings (src/backend/base/Langflow/api/v1/projects.py), where manipulation of the auth_settings argument can cause cleartext storage on disk. The issue can be triggered remo...

5.3CVSS5.3AI score0.00014EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/04/20 2:45 a.m.2 views

CVE-2026-6598

A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...

5.3CVSS5.3AI score0.00014EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologiesadded 2026/04/20 12:0 a.m.4 views

PT-2026-33704

A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function create project/encrypt auth settings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument auth...

5.3CVSS5.3AI score0.00014EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/01/09 10:56 a.m.1 views

CVE-2022-38814

A stored cross-site scripting XSS vulnerability in the authsettings component of FiberHome AN5506-02-B vRP2521 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sncfgloid text field...

5.4CVSS5.1AI score0.00373EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2014-2987

Malware in sbrugna...

4.3CVSS6.4AI score0.00819EPSS
Exploits0References5
OSV
OSVadded 2022/09/15 8:15 p.m.0 views

CVE-2022-38814

A stored cross-site scripting XSS vulnerability in the authsettings component of FiberHome AN5506-02-B vRP2521 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sncfgloid text field...

5.4CVSS5.9AI score0.00373EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2022/09/15 8:15 p.m.1 views

CVE-2022-38814

A stored cross-site scripting XSS vulnerability in the authsettings component of FiberHome AN5506-02-B vRP2521 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sncfgloid text field...

5.4CVSS5.9AI score0.00373EPSS
Exploits1References2
Prion
Prionadded 2022/09/15 8:15 p.m.16 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in the authsettings component of FiberHome AN5506-02-B vRP2521 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sncfgloid text field...

4.9CVSS5.2AI score0.00373EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologiesadded 2022/09/15 12:0 a.m.0 views

PT-2022-24581 · Fiberhome · Fiberhome An5506-02-B

Name of the Vulnerable Software and Affected Versions: FiberHome AN5506-02-B version vRP2521 Description: A stored cross-site scripting XSS issue in the auth settings component allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sncfg loid text field...

5.4CVSS5.5AI score0.00373EPSS
Exploits1References4
Prion
Prionadded 2018/11/26 11:29 p.m.13 views

Command injection

System Command Injection in network.setauthsettings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters...

6.5CVSS7.4AI score0.09959EPSS
Exploits1References1Affected Software1
Prion
Prionadded 2014/07/03 2:55 p.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in auth-settings-x.php in SpamTitan before 6.04 allows remote attackers to inject arbitrary web script or HTML via the sortdir parameter...

4.3CVSS6.1AI score0.00819EPSS
Exploits0References4Affected Software1
CVE
CVEadded 2014/07/03 2:0 p.m.37 views

CVE-2014-2965

CVE-2014-2965 is a reflected XSS in SpamTitan’s management interface, affecting auth-settings-x.php prior to version 6.04. The vulnerability allows an attacker to inject arbitrary script via the sortdir parameter, executing in a user’s browser context. SpamTitan addressed this with a 6.04 patch; ...

4.3CVSS5.9AI score0.00819EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKBadded 2012/08/31 9:55 p.m.2 views

CVE-2011-5149

Multiple cross-site scripting XSS vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 testaddr or 2 testpass parameter to auth-settings.php; 3 hostname, 4 domainname, or 5 mailserver parameter to setup-relay.php; or 6 subnetmask or...

4.3CVSS5.4AI score0.03751EPSS
Exploits1References8
Rows per page
Query Builder