Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
๐Ÿ”ฅ Daily Hot!
๐Ÿ’ช๐Ÿฝ CPE Enhanced Advisories
๐Ÿ•ถ Shadow Exploits
๐Ÿ•ต๐Ÿผ Vulners CPE
๐Ÿ” Security news
๐Ÿ’ป Exploit updates
๐Ÿ“‘ Blogs review
๐Ÿง Linux vulnerabilities
๐Ÿž Bugbounty
๐Ÿค– AI High Score
๐Ÿ“ฐ CVE Feed
show all

7 matches found

ATTACKERKB
ATTACKERKBโ€ขadded 2026/05/27 5:31 a.m.โ€ข7 views

CVE-2026-8707

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6AI score0.00101EPSS
Exploits0References6
EUVD
EUVDโ€ขadded 2026/04/06 5:53 p.m.โ€ข4 views

EUVD-2026-19374

CI4MS: Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSS...

7.2CVSS5.9AI score0.00024EPSS
Exploits1References2
EUVD
EUVDโ€ขadded 2026/03/16 3:30 p.m.โ€ข4 views

EUVD-2016-10827

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like...

6.1CVSS5.9AI score0.00051EPSS
Exploits2References4
RedhatCVE
RedhatCVEโ€ขadded 2025/12/16 2:49 p.m.โ€ข3 views

CVE-2025-13608

The CC Child Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'childpages' shortcode in all versions up to, and including, 2.0.0. This is due to insufficient input sanitization and output escaping on four user-supplied attributes usecustomlink, usecustomlinktarget,...

6.4CVSS4.9AI score0.00032EPSS
Exploits0References1
Packet Storm
Packet Stormโ€ขadded 2025/06/03 12:0 a.m.โ€ข89 views

๐Ÿ“„ ERPNext 15.53.1 Cross Site Scripting

ERPNext version 15.53.1 suffers from multiple persistent cross site scripting vulnerabilities. An authenticated user can inject malicious JavaScript into the userimage field of the profile page using an XSS payload within the file path or HTML context. This field is rendered without sufficient...

6.8AI score
Exploits0
Positive Technologies
Positive Technologiesโ€ขadded 2025/02/26 12:0 a.m.โ€ข3 views

PT-2025-8671

Name of the Vulnerable Software and Affected Versions WP BASE Booking of Appointments, Services and Events WordPress plugin versions prior to 5.0.0 Description The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped...

6.1CVSS7.7AI score0.01485EPSS
Exploits1References5
Positive Technologies
Positive Technologiesโ€ขadded 2023/04/04 12:0 a.m.โ€ข2 views

PT-2023-17273 ยท WordPress ยท Spotify Play Button

Name of the Vulnerable Software and Affected Versions: The Sptify Play Button for WordPress plugin versions up to, and including, 2.07 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows...

4.8CVSS5.7AI score0.00242EPSS
Exploits0References5
Rows per page
Query Builder