Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

Positive Technologies
Positive Technologiesadded 2026/05/10 12:0 a.m.5 views

PT-2026-39505

Filterable Portfolio Gallery 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by entering payloads in the title field. Attackers can store JavaScript code like image tags with onerror handlers that execute when the gallery...

6.4CVSS5.8AI score0.00034EPSS
Exploits0References5
GithubExploit
GithubExploitadded 2026/02/07 6:52 p.m.177 views

Payload-XSS

Payload-XSS Daftar Isi 1. Payload Dasar 1-20payload-...

5.5AI score
Exploits0
Vulnrichment
Vulnrichmentadded 2026/01/21 8:54 p.m.4 views

CVE-2026-22792 5ire vulnerable to Remote Code Execution (RCE)

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...

9.6CVSS6AI score0.00623EPSS
Exploits1References2
EUVD
EUVDadded 2026/01/21 8:54 p.m.3 views

EUVD-2026-3778

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...

9.6CVSS6AI score0.00623EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2026/01/09 10:49 a.m.3 views

CVE-2022-37307

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature...

6.1CVSS6.2AI score0.01122EPSS
Exploits2References1
RedhatCVE
RedhatCVEadded 2025/12/16 8:44 p.m.1 views

CVE-2023-53887

Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...

5.4CVSS6.5AI score0.00024EPSS
Exploits1References1
OSV
OSVadded 2025/07/25 8:15 p.m.1 views

CVE-2025-46198

Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1.7.46 allows an attacker to execute arbitrary code via the onerror attribute of the img element...

8.8CVSS7.4AI score
Exploits0References2
SUSE CVE
SUSE CVEadded 2023/02/15 4:26 a.m.2 views

SUSE CVE-2018-13065

ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured...

6.1CVSS6.2AI score0.00284EPSS
Exploits3References3
Positive Technologies
Positive Technologiesadded 2021/05/25 12:0 a.m.2 views

PT-2021-20208 · Postbird +1 · Postbird +1

Name of the Vulnerable Software and Affected Versions: Postbird version 0.8.4 Description: The issue allows for stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/...

5.4CVSS5AI score0.00689EPSS
Exploits4References11
Rows per page
Query Builder