Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5912 matches found

EUVD
EUVDadded 6 days ago10 views

EUVD-2026-33874

Cross-Site Scripting XSS in GeniexWebView component in Transsion AI Assistant Lifestyle application com.transsion.aiassistantlifestyle all versions on Android allows remote attacker to execute arbitrary JavaScript in the WebView context via crafted webactiondata URL parameter...

6.1CVSS6.1AI score0.00035EPSS
Exploits0References1
NVD
NVDadded last week11 views

CVE-2026-24754

Kiteworks is a private data network PDN. Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

5.4CVSS0.0003EPSS
Exploits0References1
CVE
CVEadded last week11 views

CVE-2026-24754

CVE-2026-24754 affects Kiteworks, where a stored XSS vulnerability exists in Secure Data Forms prior to version 9.3.0. An authenticated attacker could execute arbitrary JavaScript in other users’ sessions. The issue is mitigated by upgrading to Kiteworks version 9.3.0 or later, which provides a p...

5.4CVSS6.1AI score0.0003EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2026/06/01 1:16 p.m.12 views

CVE-2026-9308

Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. This vulnerability was...

5.4CVSS0.00041EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/06/01 11:24 a.m.6 views

CVE-2026-9309

Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in arbitrary JavaScrip...

5.4CVSS6AI score0.00041EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/06/01 11:24 a.m.7 views

CVE-2026-9309 Arbitrary JavaScript execution in internal pages via Reader View JSON-LD injection

Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in arbitrary JavaScrip...

6AI score0.00041EPSS
Exploits0References2
CVE
CVEadded 2026/06/01 11:24 a.m.11 views

CVE-2026-9309

CVE-2026-9309 affects Firefox for iOS Reader View. The issue is improper escaping of HTML tags in JSON-LD metadata, enabling a malicious page to inject markup that leaks sensitive URL parameters and could lead to arbitrary JavaScript execution in an internal origin. Impact is described as access ...

5.4CVSS6AI score0.00041EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/06/01 11:24 a.m.26 views

CVE-2026-9309 Arbitrary JavaScript execution in internal pages via Reader View JSON-LD injection

Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in arbitrary JavaScrip...

0.00041EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/06/01 11:24 a.m.7 views

CVE-2026-9308

Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. This vulnerability was...

5.4CVSS5.9AI score0.00041EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/06/01 11:24 a.m.8 views

CVE-2026-9308 Arbitrary JavaScript execution in Reader View due to wrong HTML replacement order

Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. This vulnerability was...

5.9AI score0.00041EPSS
Exploits0References2
EUVD
EUVDadded 2026/06/01 11:24 a.m.5 views

EUVD-2026-33629

Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. This vulnerability was...

5.4CVSS5.9AI score0.00041EPSS
Exploits0References2
CVE
CVEadded 2026/06/01 11:24 a.m.14 views

CVE-2026-9308

CVE-2026-9308 affects Firefox for iOS Reader View. The issue occurs when HTML templates are processed before internal placeholders are replaced, allowing a malicious page to substitute a placeholder with JSON-LD data and potentially execute arbitrary JavaScript. The fix is in Firefox for iOS 151....

5.4CVSS5.9AI score0.00041EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/06/01 11:24 a.m.26 views

CVE-2026-9308 Arbitrary JavaScript execution in Reader View due to wrong HTML replacement order

Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. This vulnerability was...

0.00041EPSS
Exploits0References2
AlpineLinux
AlpineLinuxadded 2026/06/01 11:24 a.m.6 views

CVE-2026-9308

Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. This vulnerability was...

5.4CVSS5.9AI score0.00041EPSS
Exploits0References2
RedHat Linux
RedHat Linuxadded 2026/06/01 3:18 a.m.10 views

PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation

A flaw was found in PHP, specifically within the PHP-FPM status page. Due to improper sanitation of user data, a remote attacker can craft a malicious URL. When a user views the PHP-FPM status page with this crafted URL, it can lead to the execution of arbitrary JavaScript code Cross-Site Scripti...

8.8CVSS6.1AI score0.00076EPSS
Exploits1References5
Mozilla
Mozillaadded 2026/06/01 12:0 a.m.15 views

Security Vulnerabilities fixed in Firefox for iOS 151.2 — Mozilla

Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. Firefox for iOS Reader Vi...

5.4CVSS6AI score0.00041EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2026/06/01 12:0 a.m.11 views

PT-2026-45411

Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in arbitrary JavaScrip...

5.4CVSS6AI score0.00041EPSS
Exploits0References3
NVD
NVDadded 2026/05/29 6:17 p.m.10 views

CVE-2026-45627

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, the unauthenticated GET /api/app-images/logo endpoint reflects a user-supplied color query parameter into the body of an SVG document via strings.ReplaceAll with no escaping. The substitution...

8.2CVSS0.00035EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/29 1:14 p.m.9 views

CVE-2026-45580

WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a stored cross-site scripting vulnerability. The Live plugin's "YouTube-style" view renders the live transmission's stream key into an HTML class attribute by raw echo, without htmlspecialchars. A canStream user can persi...

5.4CVSS5.6AI score0.00035EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/05/29 8:34 a.m.11 views

EUVD-2026-33267

ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...

4.8CVSS5.8AI score0.00036EPSS
Exploits0References2
Rows per page
Query Builder