Lucene search
K

10776 matches found

NVD
NVD
added 4 hours ago2 views

CVE-2026-57732

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows DOM-Based XSS.This issue affects tagDiv Opt-In Builder: from n/a through = 1.7.4...

7.1CVSS
Exploits0References1
CVE
CVE
added 6 hours ago3 views

CVE-2026-57382

CVE-2026-57382 is a reflected XSS vulnerability in the WordPress plugin Simple File List (version range: affected up to 6.3.8). The issue arises in the plugin’s web page generation and input handling, enabling a reflected cross-site scripting payload. CVSSv3.1 metrics indicate Network attack vect...

7.1CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added 10 hours ago57 views

Citrix ADC/Gateway - Cross-Site Scripting

Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 contain a cross-site scripting vulnerability due to improper input validation. id: CVE-2020-8191 info: name: Citrix...

6.1CVSS6.6AI score0.22941EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43070

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting XSS. This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1...

6.1AI score0.00204EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43073

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox allows Cross-Site Scripting XSS. This issue affects Colorbox versions: from 0.0.0 to 2.1.5, from 0.0.0 to 2.2.0...

6.1AI score0.00204EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-43077

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Siteimprove Analytics allows Cross-Site Scripting XSS. This issue affects Siteimprove Analytics versions: from 0.0.0 to 2.0.1...

6.1AI score0.00186EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-43085

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0....

6.1AI score0.0015EPSS
Exploits0References2
CVE
CVE
added 3 days ago447 views

CVE-2026-55808

Drupal core is affected by CVE-2026-55808, a Cross-Site Scripting (XSS) vulnerability caused by improper validation in content uploads. The JSON:API and REST modules allow image files to be uploaded to image fields; validation checks only file extensions and not MIME types, which could let a non-...

6.1AI score0.0015EPSS
Exploits0References1
NVD
NVD
added 3 days ago4 views

CVE-2026-3251

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Webremium Istanbul Web Design Mezunum Satiyorum allows Stored XSS. This issue affects Mezunum Satiyorum: from 1.2.504 through 10072026. NOTE: The vendor was contacted early about this disclosure bu...

6.4CVSS0.00148EPSS
Exploits0References1
Veracode
Veracode
added 3 days ago5 views

Improper Input Validation

github.com/coder/coder is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of the scheme and host in external workspace application URLs before substituting the $SESSIONTOKEN placeholder, which allows an attacker controlling a malicious workspace templa...

7.7CVSS6.1AI score0.00336EPSS
Exploits0References9Affected Software2
NVD
NVD
added 3 days ago7 views

CVE-2026-21053

Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox...

5.1CVSS0.00111EPSS
Exploits0References1
NVD
NVD
added 3 days ago8 views

CVE-2026-15288

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 2.2.1. This is due to the plugin accepting the payment amount directly from user-controlled POST data in the 'createpaymentintent' and...

7.5CVSS0.00333EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 3 days ago7 views

CVE-2026-21053

Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox...

5.1CVSS6AI score0.00111EPSS
Exploits0References2
CVE
CVE
added 3 days ago7 views

CVE-2026-21053

CVE-2026-21053 describes an inability to properly validate input in Samsung Email before 6.2.13.1, allowing local attackers to create arbitrary files inside the app sandbox. Affected product/version: Samsung Email prior to 6.2.13.1. Root cause: improper input validation in the application. Impact...

5.1CVSS6AI score0.00111EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-21053

Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox...

5.1CVSS0.00111EPSS
Exploits0References1
CVE
CVE
added 3 days ago8 views

CVE-2026-15288

CVE-2026-15288 affects the SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress. All versions up to and including 2.2.1 are vulnerable to Improper Input Validation: the plugin accepts the payment amount directly from user-controlled POST data in the create_payment_intent and ...

7.5CVSS6.1AI score0.00333EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42706

An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service DoS. When a specific packet is received from device in the same broadcast...

7.1CVSS6AI score0.00269EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago4 views

EUVD-2026-42649

An improper input handling vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 causes the device to abruptly terminate the TCP connection with a RST packet when a request containing an oversized field value is received, without returning any RFC 2326-compliant error response...

7.5CVSS6AI score0.00324EPSS
Exploits0References2
NVD
NVD
added 4 days ago7 views

CVE-2026-12879

An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior to 2026-06-12 on Google Cloud Platform allows an authenticated attacker to exfiltrate cross-tenant data. This vulnerability was patched on 12 June 2026 on the Apigee Servers, and no customer action is...

5.9CVSS0.00188EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42584

An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior to 2026-06-12 on Google Cloud Platform allows an authenticated attacker to exfiltrate cross-tenant data. This vulnerability was patched on 12 June 2026 on the Apigee Servers, and no customer action is...

5.9CVSS6AI score0.00188EPSS
Exploits0References1
Rows per page
Query Builder