Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Vulnrichment
Vulnrichmentadded 2026/01/22 2:41 a.m.2 views

CVE-2026-24034 Horilla has File Upload XSS

Horilla is a free and open source Human Resource Management System HRMS. In versions prior to 1.5.0, a cross-site scripting vulnerability can be triggered because the extension and content-type are not checked during the profile photo update step. Version 1.5.0 fixes the issue...

5.4CVSS5.1AI score0.00016EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/01/22 2:41 a.m.15 views

CVE-2026-24034 Horilla has File Upload XSS

Horilla is a free and open source Human Resource Management System HRMS. In versions prior to 1.5.0, a cross-site scripting vulnerability can be triggered because the extension and content-type are not checked during the profile photo update step. Version 1.5.0 fixes the issue...

5.4CVSS0.00016EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2025/10/10 12:0 a.m.4 views

Kibana 7.0.x <= 7.17.29 / 8.0.x <= 8.18.7 / 8.19.x <= 8.19.4 / 9.0.x <= 9.0.7 / 9.1.x <= 9.1.4 Multiple XSS (ESA-2025-17, ESA-2025-20)

The version of Kibana running on the remote host is prior to 7.0 prior to 7.17.29, 8.0 prior to 8.18.7, 8.19 prior to 8.19.4, 9.0 prior to 9.0.7 and 9.1 prior to 9.1.4. It is, therefore, affected by a cross-site scripting vulnerability as referenced in the ESA-2025-17, ESA-2025-20 advisory. -...

8.7CVSS7.5AI score0.00028EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/05/22 10:31 a.m.8 views

CVE-2019-14748

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer or no mitigations implemented for file content checks; also, the output is not handled...

5.4CVSS6AI score0.00383EPSS
Exploits5References1
NVD
NVDadded 2025/05/15 8:15 p.m.3 views

CVE-2023-6541

The Allow SVG WordPress plugin before 1.2.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

6.1CVSS0.00388EPSS
Exploits2References1
Vulnrichment
Vulnrichmentadded 2024/12/20 12:0 a.m.7 views

CVE-2024-55342

A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS...

6AI score0.00112EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2023/11/13 12:0 a.m.3 views

PT-2023-29743 · Gibbon · Gibbon

Name of the Vulnerable Software and Affected Versions: GibbonEdu Gibbon versions through 25.0.0 Description: The issue allows file upload with resultant XSS through the /modules/Planner/resources addQuick ajaxProcess.php file. The imageAsLinks parameter must be set to 'Y' to return HTML code. The...

6.1CVSS5.9AI score0.00259EPSS
Exploits1References5
0day.today
0day.todayadded 2021/10/01 12:0 a.m.265 views

Phpwcms 1.9.30 - File Upload to XSS Vulnerability

Exploit Title: Phpwcms 1.9.30 - File Upload to XSS Exploit Author: Okan Kurtulus | okankurtulus.com.tr Software Link: http://www.phpwcms.org/ Version: 1.9.30 Tested on: Ubuntu 16.04 Steps: 1- You need to login to the system. http://target.com/phpwcms/login.php 2- Creating payload with SVG...

7.4AI score
Exploits0
Rows per page
Query Builder