Lucene search
+L

1501 matches found

Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.16 views

PT-2026-40818

Name of the Vulnerable Software and Affected Versions CVAT versions 2.5.0 through 2.63.0 Description An attacker with permissions to create or edit an annotation guide on a task can inject malicious JavaScript code. This code executes in the browser of any user who opens the affected guide,...

8.5CVSS5.9AI score0.00266EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/11 8:26 p.m.12 views

CVE-2021-47948

WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Attackers can inject malicious HTML including image tags and scripts into the Help Text field during paymen...

5.4CVSS6AI score0.00169EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/10 3:31 p.m.36 views

EUVD-2021-34808

WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Attackers can inject malicious HTML including image tags and scripts into the Help Text field during paymen...

5.4CVSS6AI score0.00169EPSS
Exploits0References4
CVE
CVE
added 2026/05/10 12:44 p.m.30 views

CVE-2021-47948

The CVE-2021-47948 entry concerns WordPress GetPaid Plugin 2.4.6 with an HTML-injection vulnerability. It allows authenticated attackers to inject arbitrary HTML via the Help Text field in payment forms, with the injected HTML stored in the database and executed in the browser when the form is vi...

5.4CVSS6AI score0.00169EPSS
Exploits0References3
OSV
OSV
added 2026/04/22 10:22 p.m.11 views

GHSA-FFQ5-QPVF-XQ7X OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender

Summary The Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when sending a command. This creates a self-XSS risk because an attacker can trigger their own script execution in the victim’s session, if...

4.6CVSS6.1AI score0.002EPSS
Exploits1References5
RubySec
RubySec
added 2026/04/22 12:0 a.m.10 views

OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender

Summary The Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when sending a command. This creates a self-XSS risk because an attacker can trigger their own script execution in the victim’s session, if...

4.6CVSS5.9AI score0.002EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/15 7:23 a.m.5 views

CVE-2026-27674

Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java Web Dynpro Java, an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affected functionality, th...

6.1CVSS6.1AI score0.00192EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/15 4:19 a.m.3 views

CVE-2026-26291

Stored cross-site scripting vulnerability exists in GROWI v7.4.6 and earlier. If this vulnerability is exploited, an arbitrary script may be executed in a user's web browser...

5.4CVSS5.8AI score0.00183EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/04/14 12:16 a.m.5 views

CVE-2026-27683

SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a victim accesses the URL, the script executes in the user�s browser, potentially exposing restricted information. This results in a low impact...

4.1CVSS0.00185EPSS
Exploits0References2
NVD
NVD
added 2026/04/14 12:16 a.m.4 views

CVE-2026-0512

Due to a Cross-Site Scripting XSS vulnerability in the SAP Supplier Relationship Management SICF Handler in SRM Catalog, an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browser. This could allow t...

6.1CVSS0.00226EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/14 12:8 a.m.16 views

EUVD-2026-22156

SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a victim accesses the URL, the script executes in the user�s browser, potentially exposing restricted information. This results in a low impact...

4.1CVSS5.8AI score0.00185EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/14 12:6 a.m.1 views

CVE-2026-27674 Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java)

Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java Web Dynpro Java, an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affected functionality, th...

6.1CVSS6.1AI score0.00192EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/14 12:6 a.m.29 views

CVE-2026-27674 Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java)

Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java Web Dynpro Java, an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affected functionality, th...

6.1CVSS0.00192EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-32554

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server Java Web Dynpro Java affected versions not specified Description A code injection issue in the Web Dynpro Java component allows an unauthenticated attacker to provide crafted input that the application interpre...

6.4CVSS5.8AI score0.00192EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-32561

SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a victim accesses the URL, the script executes in the user�s browser, potentially exposing restricted information. This results in a low impact...

4.1CVSS5.8AI score0.00185EPSS
Exploits0References3
OSV
OSV
added 2026/04/13 7:23 p.m.4 views

GHSA-9PR4-RF97-79QH Note Mark has Stored XSS via Unrestricted Asset Upload

Summary A stored same-origin XSS vulnerability allows any authenticated user to upload an HTML, SVG, or XHTML file as a note asset and have it executed in a victim’s browser under the application’s origin. Because the application serves these files inline without a safe content type and without...

8.7CVSS5.8AI score0.00309EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/13 2:27 a.m.2 views

CVE-2026-6179 Stored Cross Site Scripting in NightWolf Penetration Testing Platform

Stored Cross Site Scripting in NightWolf Penetration Testing Platform allows attack trigger and run malicious script in user's browser...

6.3CVSS5.8AI score0.00173EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/13 2:27 a.m.3 views

CVE-2026-6179

Stored Cross Site Scripting in NightWolf Penetration Testing Platform allows attack trigger and run malicious script in user's browser...

6.3CVSS5.8AI score0.00173EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/13 2:27 a.m.14 views

CVE-2026-6179

CVE-2026-6179 concerns a stored cross-site scripting (XSS) vulnerability in NightWolf Penetration Testing Platform. The affected entry states that an attacker can trigger and run malicious script in a user’s browser due to a stored XSS flaw, enabling impact on user-side confidentiality and integr...

6.3CVSS5.8AI score0.00173EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.7 views

Totara LMS 安全漏洞

Totara LMS is an learning management system provided by the Totara company. Versions of Totara LMS prior to v19.1.5 contained security vulnerabilities. These vulnerabilities were caused by HTML injection, which could allow attackers to send malicious HTML code to all users, thereby hijacking...

8CVSS5.9AI score0.00302EPSS
Exploits0References3
Rows per page
Query Builder