Lucene search
K

2002 matches found

NVD
NVD
added 4 hours ago2 views

CVE-2026-57732

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows DOM-Based XSS.This issue affects tagDiv Opt-In Builder: from n/a through = 1.7.4...

7.1CVSS
Exploits0References1
CVE
CVE
added 6 hours ago3 views

CVE-2026-57382

CVE-2026-57382 is a reflected XSS vulnerability in the WordPress plugin Simple File List (version range: affected up to 6.3.8). The issue arises in the plugin’s web page generation and input handling, enabling a reflected cross-site scripting payload. CVSSv3.1 metrics indicate Network attack vect...

7.1CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-43077

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Siteimprove Analytics allows Cross-Site Scripting XSS. This issue affects Siteimprove Analytics versions: from 0.0.0 to 2.0.1...

6.1AI score0.00186EPSS
Exploits0References2
NVD
NVD
added 3 days ago4 views

CVE-2026-3251

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Webremium Istanbul Web Design Mezunum Satiyorum allows Stored XSS. This issue affects Mezunum Satiyorum: from 1.2.504 through 10072026. NOTE: The vendor was contacted early about this disclosure bu...

6.4CVSS0.00148EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago4 views

EUVD-2026-42649

An improper input handling vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 causes the device to abruptly terminate the TCP connection with a RST packet when a request containing an oversized field value is received, without returning any RFC 2326-compliant error response...

7.5CVSS6AI score0.00324EPSS
Exploits0References2
CVE
CVE
added 4 days ago11 views

CVE-2026-5793

BiEticaret (Inrove Software and Internet Services) contains a reflected XSS due to improper input neutralization during web page generation. Affected: BiEticaret prior to v3.3.57. CVSSv3.1 metrics indicate Network attack vector, Low attack complexity, Privileges None, User Interaction Required, C...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42491

Improper neutralization of input during web page generation 'cross-site scripting' in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network...

9.3CVSS6AI score0.00274EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-51606

An improper input handling vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 causes the device to abruptly terminate the TCP connection with a RST packet when a request containing an oversized field value is received, without returning any RFC 2326-compliant error response...

0.00324EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-11903

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Progress MOVEit Transfer Ad Hoc module. This issue affects MOVEit Transfer: from 2026.0.0 before 2026.0.1, from 2025.1.0 before 2025.1.4, from 2025.0.0 before 2025.0.8...

8CVSS0.00232EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-11903 Stored XSS in MOVEit Transfer Ad Hoc module

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Progress MOVEit Transfer Ad Hoc module. This issue affects MOVEit Transfer: from 2026.0.0 before 2026.0.1, from 2025.1.0 before 2025.1.4, from 2025.0.0 before 2025.0.8...

8CVSS0.00232EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-42224

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Webbeyaz Web Design Mediküm Web allows Reflected XSS. This issue affects Mediküm Web: through 08072026. NOTE: The vendor was contacted and it was learned that the product is not supported...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-8310 Reflected XSS in Webbeyaz's Mediküm Web

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Webbeyaz Web Design Mediküm Web allows Reflected XSS. This issue affects Mediküm Web: through 08072026. NOTE: The vendor was contacted and it was learned that the product is not supported...

6.1CVSS0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-6371 Stored XSS in Limatek's LimRAD NAC

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Limatek System Inc. LimRAD NAC allows Stored XSS. This issue affects LimRAD NAC: through 08072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

4.8CVSS0.00148EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56412

Name of the Vulnerable Software and Affected Versions Mediküm Web versions through 08072026 Description Improper neutralization of input during web page generation allows for Stored Cross-Site Scripting XSS, a condition where malicious scripts are permanently stored on the target server and serve...

5.4CVSS6.1AI score0.00133EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56456

Name of the Vulnerable Software and Affected Versions MOVEit Transfer versions 2026.0.0 through 2026.0.0 MOVEit Transfer versions 2025.1.0 through 2025.1.3 MOVEit Transfer versions 2025.0.0 through 2025.0.7 Description Stored cross-site scripting XSS occurs in the Ad Hoc module due to improper...

8CVSS5.8AI score0.00232EPSS
Exploits0References4
NVD
NVD
added 6 days ago11 views

CVE-2026-8309

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Reflected XSS. This issue affects Access Control System GKS: before Version 2...

5.4CVSS0.00133EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56203

Name of the Vulnerable Software and Affected Versions Jastow affected versions not specified Description Jastow is susceptible to Cross-Site Scripting XSS, a flaw where malicious scripts are injected into trusted websites. This occurs due to improper input handling of unsanitized URIs when a...

6.5CVSS6.1AI score0.00246EPSS
Exploits0References11
NVD
NVD
added last week9 views

CVE-2025-53831

DrawIO for ownCloud is an application for using DrawIO with the file storage, synchronization, and sharing application ownCloud Classic. In DrawIO for ownCloud prior to version 1.0.2, which corresponds to ownCloud 10 prior to version 10.15.3, attackers with access to the DrawIO app can leverage...

8.2CVSS0.00164EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:35 p.m.7 views

CVE-2026-58524

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

5.4CVSS6AI score0.0024EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/03 8:54 a.m.8 views

EUVD-2026-41526

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows SQL Injection. This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the produ...

9.8CVSS6AI score0.00266EPSS
Exploits0References1
Rows per page
Query Builder