Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5651 matches found

Positive Technologies
Positive Technologiesadded 2026/05/07 12:0 a.m.9 views

PT-2026-38358

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WProyal Royal Elementor Addons allows Stored XSS. This issue affects Royal Elementor Addons: from n/a before 1.7.1053...

6.5CVSS5.8AI score0.00127EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/07 12:0 a.m.11 views

PT-2026-38436

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through 1.9.2 to 2.2...

7.1CVSS5.8AI score0.00142EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/06 8:34 a.m.5 views

CVE-2026-42509 Apache Wicket: crafted strings can break out of the JavaScript sequence

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...

5.8AI score0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/29 1:43 a.m.3 views

CVE-2026-28040

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Magepeople inc. Taxi Booking Manager for WooCommerce allows Stored XSS.This issue affects Taxi Booking Manager for WooCommerce: from n/a through 2.0.0...

6.5CVSS5.2AI score0.00127EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/29 1:39 a.m.1 views

CVE-2025-62110

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS.This issue affects Rescue Shortcodes: from n/a through 3.3...

6.5CVSS5.2AI score0.00127EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/23 7:55 p.m.4 views

CVE-2025-58920

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zootemplate Cerato cerato allows Reflected XSS.This issue affects Cerato: from n/a through = 2.2.18...

7.1CVSS5.8AI score0.00196EPSS
Exploits0References1
CNVD
CNVDadded 2026/04/21 12:0 a.m.6 views

WordPress Plugin YouTube Showcase Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin YouTube Showcase, which ste...

6.5CVSS5.5AI score0.00156EPSS
Exploits0
ATTACKERKB
ATTACKERKBadded 2026/04/15 10:21 a.m.3 views

CVE-2026-40734

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zahlan Categories Images categories-images allows DOM-Based XSS.This issue affects Categories Images: from n/a through = 3.3.1...

5.8AI score0.00139EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/04/15 12:0 a.m.8 views

WordPress plugin YouTube Showcase 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin YouTube Showcase, which ste...

6.5CVSS5.5AI score0.00156EPSS
Exploits0References1
NVD
NVDadded 2026/04/14 6:17 p.m.1 views

CVE-2026-32196

Improper neutralization of input during web page generation 'cross-site scripting' in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network...

6.1CVSS0.00293EPSS
Exploits0References1
NVD
NVDadded 2026/04/14 4:16 p.m.2 views

CVE-2026-39812

A improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8,...

4.8CVSS0.00193EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/04/14 3:38 p.m.33 views

CVE-2025-61886

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability CWE-79 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests...

5.4CVSS0.00275EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/04/14 12:0 a.m.5 views

PT-2026-32720

Name of the Vulnerable Software and Affected Versions Microsoft Office SharePoint affected versions not specified Description Improper neutralization of input during web page generation leads to cross-site scripting, which allows an authorized attacker to perform spoofing over a network...

5.5CVSS6AI score0.25082EPSS
Exploits0References6
EUVD
EUVDadded 2026/04/13 6:30 p.m.2 views

EUVD-2026-21994

Improper Neutralization of Input During Web Page Generation vulnerability allows Stored Cross-Site Scripting via event comments. This issue affects Pandora FMS: from 777 through 800...

2.1CVSS5.8AI score0.00179EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/04/13 3:48 p.m.3 views

CVE-2026-30812 Stored Cross-Site Scripting in Event Comments via Filter Bypass

Improper Neutralization of Input During Web Page Generation vulnerability allows Stored Cross-Site Scripting via event comments. This issue affects Pandora FMS: from 777 through 800...

2.1CVSS5.8AI score0.00179EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/08 9:31 a.m.1 views

EUVD-2026-20389

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fesomia FSM Custom Featured Image Caption fsm-custom-featured-image-caption allows DOM-Based XSS.This issue affects FSM Custom Featured Image Caption: from n/a through = 1.25.1...

5.9AI score0.0014EPSS
Exploits0References2
NVD
NVDadded 2026/04/08 9:16 a.m.3 views

CVE-2026-39693

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fesomia FSM Custom Featured Image Caption fsm-custom-featured-image-caption allows DOM-Based XSS.This issue affects FSM Custom Featured Image Caption: from n/a through = 1.25.1...

5.9CVSS0.0014EPSS
Exploits0References1
NVD
NVDadded 2026/04/08 9:16 a.m.6 views

CVE-2026-39674

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Manoj Kumar MK Google Directions google-distance-calculator allows DOM-Based XSS.This issue affects MK Google Directions: from n/a through = 3.1.1...

6.5CVSS0.00161EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/08 8:30 a.m.4 views

CVE-2026-39683

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chief Gnome Garden Gnome Package garden-gnome-package allows DOM-Based XSS.This issue affects Garden Gnome Package: from n/a through = 2.4.1...

5.9AI score0.00172EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/04/08 8:30 a.m.3 views

CVE-2026-39674

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Manoj Kumar MK Google Directions google-distance-calculator allows DOM-Based XSS.This issue affects MK Google Directions: from n/a through = 3.1.1...

5.9AI score0.00161EPSS
Exploits0References2
Rows per page
Query Builder