Lucene search
K

1117044 matches found

CVE
CVE
added 2 hours ago6 views

CVE-2026-12731

The CVE-2026-12731 entry concerns the weDocs WordPress plugin (Docs, Documentation, Wiki & AI Chatbot). Affected: all versions up to 2.3.0. Issue: Stored Cross-Site Scripting via the Block Attributes sectionTitleTag and articleTitleTag, caused by insufficient input sanitization and output escapin...

6.4CVSS5.9AI score
Exploits0References5
CVE
CVE
added 2 hours ago7 views

CVE-2026-12734

The weDocs WordPress plugin (Authenticated access level: Contributor+) is vulnerable to Stored XSS via the connectorWidth Block Attribute in all versions up to and including 2.3.0. The root cause is insufficient input sanitization and output escaping. Impact: injected scripts can execute when use...

6.4CVSS5.9AI score
Exploits0References4
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-41466

The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks...

5.4CVSS5.6AI score
Exploits0References4
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-41449

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS ConnectWise Technology Integration module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13937. This issue affects Firewar...

6.1CVSS5.7AI score0.00151EPSS
Exploits0References2
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-41448

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Tigerpaw Technology Integration module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13936. This issue affects Fireware O...

6.1CVSS5.7AI score0.00151EPSS
Exploits0References2
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-41452

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS SIP Proxy module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-6947. This issue affects Fireware OS 12.0 up to and...

4.8CVSS5.7AI score0.00341EPSS
Exploits0References2
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-41450

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Autotask Technology Integration module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13938. This issue affects Fireware O...

6.1CVSS5.7AI score0.00151EPSS
Exploits0References2
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-41451

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS spamBlocker module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-1071. This issue affects Fireware OS 12.0 up to and...

4.8CVSS5.7AI score0.00225EPSS
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-54477

CVE-2026-54477 affects the Gardyn IoT Hub admin panel, where the absence of standard security headers allows clickjacking and cross-site scripting. The available data show an impact with low confidentiality and integrity impact (CVSS scores: 5.1/4.0 base metrics, MEDIUM), but no explicit details ...

5.4CVSS5.6AI score
Exploits0References3
CVE
CVE
added yesterday7 views

CVE-2026-13377

WatchGuard Fireware OS SIP Proxy module is affected by a Stored XSS via improper input neutralization during web page generation. The vulnerability affects Fireware OS versions 12.0–12.12, 12.5–12.5.18, and 2025.1–2026.2. Root cause: improper sanitization in the SIP Proxy configuration web interf...

4.8CVSS5.7AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-13375

WatchGuard Fireware OS Autotask Technology Integration module is affected by CVE-2026-13375, a Stored XSS vulnerability. Affected versions are Fireware OS 12.4–12.12, 12.5–12.5.18, and 2025.1–2026.2. Attack vector is NETWORK with low attack complexity and high privileges required; user interactio...

4.8CVSS5.7AI score
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-13374

CVE-2026-13374 is a stored XSS vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module). It affects Fireware OS versions 12.4–12.12, 12.5–12.5.18, and 2025.1–2026.2. The issue stems from improper neutralization of input during web page generation, allowing stored cross-...

4.8CVSS5.7AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-13373

WatchGuard Fireware OS Tigerpaw Technology Integration module is affected by CVE-2026-13373, exposing a Stored Cross-Site Scripting (XSS) vulnerability. The issue arises from improper neutralization of input during web page generation, enabling stored XSS in affected Fireware versions: 12.4–12.12...

4.8CVSS5.7AI score
Exploits0References1
RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-54265

A flaw was found in Angular's @angular/compiler package. When a native DOM property requiring sanitization is bound using two-way binding syntax, the template compiler fails to apply the appropriate sanitizer. An attacker who controls the bound value can bypass Angular's built-in sanitization,...

6.1CVSS5.5AI score0.00195EPSS
Exploits0References6
EUVD
EUVD
added yesterday14 views

EUVD-2026-33280

Mautic has Stored Cross-Site Scripting XSS in Project Option Selector...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-41433

Forgejo before 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by setting a full name containing an HTML payload and triggering an Actions run. When the DEFAULTSHOWFULLNAME option is enabled,...

5.4CVSS6AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-59102

Forgejo before 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by setting a full name containing an HTML payload and triggering an Actions run. When the DEFAULTSHOWFULLNAME option is enabled,...

5.4CVSS6AI score
Exploits0References5
NVD
NVD
added yesterday6 views

CVE-2026-8699

A stored Cross-Site Scripting XSS vulnerability has been identified in the web-based management interface of Archer C5 v6.8 routers, due to insufficient server-side validation and lack of proper output encoding of user-controlled input in a certain field. An attacker with administrative privilege...

7CVSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-8699

CVE-2026-8699 reports a stored Cross-Site Scripting (XSS) vulnerability in the Archer C5 web-based management interface (v6.8). Root cause: insufficient server-side validation and lack of proper output encoding for a specific input field, allowing an admin-level attacker to inject crafted HTML/JS...

7CVSS6AI score
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-41407

A stored Cross-Site Scripting XSS vulnerability has been identified in the web-based management interface of Archer C5 v6.8 routers, due to insufficient server-side validation and lack of proper output encoding of user-controlled input in a certain field. An attacker with administrative privilege...

7CVSS6AI score
Exploits0References1
Rows per page
Query Builder