Lucene search
K

733 matches found

Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.5 views

PT-2026-34520

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.10 through 18.10.3 GitLab CE/EE versions 18.11 through 18.11.0 Description An issue exists where improper path validation under certain conditions could allow an unauthenticated user to execute arbitrary JavaScript in ...

8.1CVSS5.6AI score0.00407EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/14 3:5 a.m.9 views

CVE-2026-40289 PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge praisonai browser start is vulnerable to unauthenticated remote session hijacking due to missing authentication and a bypassable origin check on its /ws WebSocket...

9.1CVSS5.8AI score0.00356EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 3:5 a.m.2 views

CVE-2026-40289

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge praisonai browser start is vulnerable to unauthenticated remote session hijacking due to missing authentication and a bypassable origin check on its /ws WebSocket...

9.1CVSS5.8AI score0.00356EPSS
Exploits1References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.8 views

PT-2026-32594

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.139 praisonaiagents versions prior to 1.5.140 Description The browser bridge is susceptible to unauthenticated remote session hijacking. This occurs due to a lack of authentication and a bypassable origin check ...

9.1CVSS5.8AI score0.00356EPSS
Exploits1References17
EUVD
EUVD
added 2026/04/01 9:30 p.m.4 views

EUVD-2026-18067

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows certificate listings retrieved via a browser session to return a...

5.4CVSS5.7AI score0.00092EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.4 views

CVE-2026-33912

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated attacker could craft a malicious form that, when submitted by a victim, executes arbitrary JavaScript in the victim's browser session. Version 8.0.0....

5.4CVSS5.9AI score0.00219EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/16 3:30 p.m.4 views

EUVD-2016-10809

ZKTeco ZKBioSecurity 3.0 contains multiple reflected cross-site scripting vulnerabilities that allow attackers to execute arbitrary HTML and script code by injecting malicious payloads through unsanitized parameters in multiple scripts. Attackers can craft malicious URLs with XSS payloads in...

6.1CVSS5.9AI score0.00248EPSS
Exploits1References6
EUVD
EUVD
added 2026/03/16 3:30 p.m.6 views

EUVD-2015-9409

Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers can craft requests with injected script payloads...

6.1CVSS6AI score0.00274EPSS
Exploits1References4
OSV
OSV
added 2026/03/05 8:43 p.m.6 views

GHSA-HCFF-QV74-7HR4 Gokapi has CSRF in Login Endpoint

Summary The login flow accepts credential-bearing requests without CSRF protection mechanisms tied to the browser session context. The handler parses form values directly and creates a session on successful credential validation. Issue found by aisafe.io Impact An attacker can force a victim...

4.6CVSS5.9AI score0.00076EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/19 12:2 p.m.5 views

CVE-2019-25425

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the VIRUSADMIN parameter. Attackers can send POST requests to the smtpconfig endpoint with script payloads to execute arbitrary...

6.1CVSS5.6AI score0.00344EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/02/03 8:37 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the SVG file upload process. An attacker can execute arbitrary scripts in the context of a user's browser session by uploading a specially crafted SVG file. Details Cross-site scripting or XSS is a code...

6.1CVSS5.6AI score0.00251EPSS
Exploits1References3
OSV
OSV
added 2026/01/12 10:14 p.m.5 views

CVE-2026-22804 Termix has a Stored XSS in File Manager leading to Local File Inclusion (LFI) in Electron and Session Hijacking in Browser

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting XSS vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. Thi...

8CVSS5.4AI score0.00172EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/01/09 10:40 a.m.8 views

CVE-2022-35224

SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. This attack can be used to non-permanently deface or modify portal content. The execution of script content by a...

6.1CVSS6AI score0.00664EPSS
Exploits0References1
CVE
CVE
added 2026/01/07 11:11 p.m.12 views

CVE-2019-25284

CVE-2019-25284 concerns the V-SOL GPON/EPON OLT Platform. Connected sources confirm multiple reflected cross-site scripting vulnerabilities caused by improper input sanitization in various script parameters. The issues affect V-SOL GPON/EPON OLT Platform version 2.03 (and related entries citing 2...

6.1CVSS6.4AI score0.0023EPSS
Exploits1References5
The Hacker News
The Hacker News
added 2025/12/09 8:7 a.m.12 views

Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data

Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code VS Code Marketplace that are designed to infect developer machines with stealer malware. The VS Code extensions masquerade as a premium dark theme and an artificial intelligence AI-powered coding assistan...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/10/14 7:42 a.m.7 views

CVE-2025-10557

A stored Cross-site Scripting XSS vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

8.7CVSS6.5AI score0.00188EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/13 9:30 a.m.7 views

EUVD-2025-34047

A stored Cross-site Scripting XSS vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

8.7CVSS6AI score0.00188EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/13 12:0 a.m.7 views

PT-2025-41768

Name of the Vulnerable Software and Affected Versions 3DSearch on 3DSwymer versions prior to 3DEXPERIENCE R2025x Description A stored Cross-site Scripting XSS issue exists in 3DSearch within 3DSwymer. This allows an attacker to execute arbitrary script code within a user’s browser session...

8.7CVSS6.4AI score0.0019EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-26896

Malware in sbrugna...

5.4CVSS5.6AI score0.00622EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-9986

Malware in sbrugna...

6.1CVSS6.3AI score0.00854EPSS
Exploits0References3
Rows per page
Query Builder