Lucene search
+L

105 matches found

attackerkb
attackerkb
added 2026/03/25 11:37 p.m.8 views

CVE-2026-33932

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a stored cross-site scripting vulnerability in the CCDA document preview allows an attacker who can upload or send a CCDA document to execute arbitrary JavaScript in ...

7.6CVSS5.9AI score0.00187EPSS
Exploits0References4Affected Software1
nessus
nessus
added 2026/03/25 12:0 a.m.5 views

GitLab 17.7 < 18.8.7 / 18.9 < 18.9.3 / 18.10 < 18.10.1 (CVE-2026-2973)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to execute...

5.4CVSS6AI score0.00173EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/03/03 10:20 p.m.7 views

CVE-2026-26272

HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, a stored cross-site scripting XSS vulnerability exists in the item attachment upload functionality. The application does not properly validate or restrict uploaded file types, allowing an authenticated user to upload...

4.6CVSS5.8AI score0.00166EPSS
Exploits0References3Affected Software1
redhatcve
redhatcve
added 2026/02/11 7:30 a.m.7 views

CVE-2026-24323

The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality a...

6.1CVSS5.5AI score0.00206EPSS
Exploits0References1
redhat
redhat
added 2026/02/09 11:40 p.m.17 views

Important: Red Hat Security Advisory: Red Hat Web Terminal Operator 1.14.0 release.

Red Hat Web Terminal Operator 1.14.0 has been released. The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed...

7.5CVSS6.6AI score0.00459EPSS
Exploits2References2
redhat
redhat
added 2026/02/09 9:56 p.m.11 views

Important: Red Hat Security Advisory: Red Hat Web Terminal Operator 1.13.0 release.

Red Hat Web Terminal Operator 1.13.0 has been released. The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed...

7.5CVSS6.6AI score0.00459EPSS
Exploits2References2
redhat
redhat
added 2026/02/09 8:49 p.m.10 views

Important: Red Hat Security Advisory: Red Hat Web Terminal Operator 1.12.1 release.

Red Hat Web Terminal Operator 1.12.1 has been released. The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed...

7.5CVSS6.6AI score0.00459EPSS
Exploits2References2
wizblog
wizblog
added 2026/01/21 1:56 p.m.5 views

WizExtend is Here: AI and Cloud Security Insights in Your Daily Workflow

Get risk insights and take remediation actions right from your in-browser CSP portal, VCS console, or as you’re reading up on the latest threat research...

5.4AI score
Exploits0
cvelist
cvelist
added 2026/01/15 11:8 p.m.34 views

CVE-2026-1011 Stored Cross-Site Scripting in Altium Live Support Center Comment Endpoint

A stored cross-site scripting XSS vulnerability exists in the Altium Support Center AddComment endpoint due to missing server-side input sanitization. Although the client interface applies HTML escaping, the backend accepts and stores arbitrary HTML and JavaScript supplied via modified POST...

6.1CVSS0.00256EPSS
Exploits0References1
trellix
trellix
added 2026/01/12 12:0 a.m.11 views

The Unfriending Truth: How to Spot a Facebook Phishing Scam Before It's Too Late

The Unfriending Truth: How to Spot a Facebook Phishing Scam Before It's Too Late By Mark Joseph Marti · January 12, 2026 Introduction As one of the world's largest social media platforms, with over 3 billion active users, Facebook is a frequent target for phishing scams. Hackers aim to hijack use...

5.4AI score
Exploits0
redhatcve
redhatcve
added 2026/01/01 10:28 p.m.8 views

CVE-2025-67705

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

6.1CVSS6.7AI score0.00193EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/01 10:28 p.m.12 views

CVE-2025-67709

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

6.1CVSS6.7AI score0.00197EPSS
Exploits0References1
packetstormnews
packetstormnews
added 2025/12/10 12:0 a.m.22 views

Malicious GenAI Chrome Extensions: Unpacking Data Exfiltration and Malicious Behaviours

The rapid proliferation of AI and GenAI tools has extended to the Chrome Web Store. Cybercriminals are exploiting this trend, deploying malicious Chrome extensions posing as AI tools or impersonating popular GenAI models to target users. These extensions often appear legitimate while secretly...

6.7AI score
Exploits0
thn
thn
added 2025/11/18 6:31 p.m.8 views

Sneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address Bar

The malware authors associated with a Phishing-as-a-Service PhaaS kit known as Sneaky 2FA have incorporated Browser-in-the-Browser BitB functionality into their arsenal, underscoring the continued evolution of such offerings and further making it easier for less-skilled threat actors to mount...

6.6AI score
Exploits0
euvd
euvd
added 2025/10/24 5:17 a.m.4 views

EUVD-2025-35799

Pleasanter contains a stored cross-site scripting vulnerability in Preview for Attachments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser...

6.1CVSS6AI score0.00184EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/10/20 12:0 a.m.6 views

CVE-2025-61454

A Cross-Site Scripting XSS vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the search endpoint. Unsanitized input in the /search parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary JavaScript in the browser of a user who...

5.7AI score0.00238EPSS
Exploits0References1
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-0206

Malware in sbrugna...

3.3CVSS6.4AI score0.00391EPSS
Exploits1References7
euvd
euvd
added 2025/10/07 12:30 a.m.1 views

EUVD-2011-0104

Malware in sbrugna...

10CVSS9.2AI score0.05259EPSS
Exploits0References22
nvd
nvd
added 2025/10/01 5:15 p.m.5 views

CVE-2025-20368

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through the error messages and job inspection...

5.7CVSS0.00335EPSS
Exploits0References1
osv
osv
added 2025/09/15 9:23 p.m.6 views

GHSA-286P-VC9P-P5QV [email protected] contains malware after npm account takeover

Impact On 8 September 2025, the npm publishing account for color-string was taken over after a phishing attack. Version 2.1.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's...

8.8CVSS6.7AI score0.00378EPSS
Exploits0References7
Rows per page
Query Builder