Lucene search
K

1187051 matches found

CVE
CVE
added yesterday14 views

CVE-2026-54458

CVE-2026-54458 (AVideo YPTSocket XSS) affects WWBN’s AVideo with the YPTSocket plugin (versions prior to 29.0). The vulnerability is an unauthenticated stored DOM XSS: getWebSocket.json.php issues a signed WebSocket token; MessageSQLiteV2::onOpen reads webSocketSelfURI and page_title from the Web...

9.6CVSS6.3AI score
Exploits0References2
CVE
CVE
added yesterday19 views

CVE-2026-50183

CVE-2026-50183 refers to a stored XSS in WWBN/AVideo via the YouTubeAPI plugin (versions 29.0 and below). The vulnerability occurs because the plugin renders YouTube data API field snippet.title into the homepage gallery without HTML encoding, allowing an attacker who controls a YouTube video mat...

4.7CVSS6AI score0.00031EPSS
Exploits0References2
CVE
CVE
added yesterday17 views

CVE-2026-50182

Summary (CVE-2026-50182) WWBN AVideo (API + YouTubeAPI + Layout plugins) is affected. Versions prior to 29.0 contain an unauthenticated Reflected XSS via the $_GET['search'] parameter used in the YouTubeAPI gallery pagination. The payload is injected into the hrefs of the previous/next page links...

6.1CVSS6.3AI score0.00094EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added yesterday29 views

Security Bulletin: IBM QRadar SIEM is vulnerable to information diclosures and cross-site scripting

Summary Several potential Cross-Site Scripting and Information Disclosure issues addressed in IBM QRadar SIEM 7.5.0 UP15 Vulnerability Details CVEID:CVE-2025-13995 DESCRIPTION: IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostna...

6.2CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
CVE
CVE
added yesterday7 views

CVE-2026-49867

DataEase (open source data visualization tool) contains an authenticated stored XSS in template static resources prior to version 2.10.23. The flaw occurs when authenticated users submit TemplateManageRequest.staticResource via POST /de2api/templateManage/save or via DataVisualizationServer.decom...

6.3CVSS6.1AI score0.00032EPSS
Exploits0References3
CVE
CVE
added yesterday7 views

CVE-2026-54443

The CVE affects Dashy’s RSS Widget (src/components/Widgets/RssFeed.vue). From versions 1.9.4 through 3.2.0, RSS item link values are not sanitized before rendering titles and Read More links as anchor href attributes, allowing an attacker-controlled feed to provide a javascript: URI that executes...

5.9CVSS6.1AI score
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-20296

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the listdeploymentserver capability into running arbitrary...

8.3CVSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-62948

OpenWrt odhcpd/LuCI vulnerability CVE-2026-62948: Before 25.12.5, the DHCPv6 client FQDN option 39 hostname is written into /tmp/odhcpd.leases without escaping, allowing newline injection of forged lease lines. LuCI displays these lines in the Active DHCPv6 Leases page via rpcd-mod-luci getDHCPLe...

9.6CVSS6.1AI score
Exploits0References5
CVE
CVE
added yesterday10 views

CVE-2026-20296

The provided records identify CVE-2026-20296 as a CSRF-based bypass in Splunk Deployment Server within Splunk Enterprise and Splunk Cloud Platform. Affected versions are Splunk Enterprise below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform below 10.5.2605.0, 10.4.2604.7, 10.3.2512...

8.3CVSS6.2AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-20296

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the listdeploymentserver capability into running arbitrary...

8.3CVSS6.2AI score
Exploits0References2Affected Software2
NVD
NVD
added yesterday4 views

CVE-2026-62378

RustFS Console is a web management console for the RustFS distributed file system. From 0.1.7 until 0.1.10, the RustFS Console components/object/preview-modal.tsx and components/object/pdf-viewer.tsx extension-based PDF preview path can render HTML content uploaded as .pdf, allowing stored...

9CVSS
Exploits0References3
NVD
NVD
added yesterday4 views

CVE-2026-1562

Pega Platform versions 8.1.0 through 25.1.2 are affected by an Stored Cross-site scripting XSS vulnerability in a user interface component. Requires a high privileged user with a developer role...

4.6CVSS
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-62378

RustFS Console is affected in versions 0.1.7–0.1.10. The vulnerability lies in the components/object/preview-modal.tsx and components/object/pdf-viewer.tsx extension-based PDF preview path, which can render HTML content uploaded as .pdf, enabling a stored XSS in the management console. This can l...

9CVSS6AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-1563

Pega Platform versions 8.1.0 through 25.1.2 are affected by an Reflected Cross-site scripting XSS vulnerability in a user interface component. Requires a high privileged user with a developer role...

4.8CVSS6.1AI score
Exploits0References2Affected Software1
EUVD
EUVD
added yesterday3 views

EUVD-2026-44727

Pega Platform versions 8.1.0 through 25.1.2 are affected by an Reflected Cross-site scripting XSS vulnerability in a user interface component. Requires a high privileged user with a developer role...

4.8CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added yesterday13 views

CVE-2026-1563 Pega Platform versions 8.1.0 through 25.1.2 are affected by an Reflected Cross-site scripting (XSS) vulnerability in a user interface component. Requires a high privileged user with a developer role.

Pega Platform versions 8.1.0 through 25.1.2 are affected by an Reflected Cross-site scripting XSS vulnerability in a user interface component. Requires a high privileged user with a developer role...

4.8CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-1562

Pega Platform versions 8.1.0 through 25.1.2 are affected by an Stored Cross-site scripting XSS vulnerability in a user interface component. Requires a high privileged user with a developer role...

4.6CVSS6.1AI score
Exploits0References2Affected Software1
EUVD
EUVD
added yesterday3 views

EUVD-2026-44726

Pega Platform versions 8.1.0 through 25.1.2 are affected by an Stored Cross-site scripting XSS vulnerability in a user interface component. Requires a high privileged user with a developer role...

4.6CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-44706

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in HCL Notes from HCL Software allows reflected Cross-Site Scripting XSS. Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of another user. This issue affects...

5.5CVSS6.3AI score
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-9007

CVE-2026-9007 is a reflected cross-site scripting (XSS) vulnerability in HCL Notes from HCL Software. The issue stems from improper neutralization of input during web page generation, allowing an attacker to execute arbitrary JavaScript in the context of another user. Affected product/version: HC...

5.5CVSS6.3AI score
Exploits0References1
Rows per page
Query Builder