Lucene search
K

696 matches found

GithubExploit
GithubExploit
added 2026/01/28 7:5 a.m.160 views

Exploit for Argument Injection in Gnu Inetutils

Tell Me Root Batch Scanning Tool for the CVE-2026-24061 Telne...

9.8CVSS7.3AI score0.98871EPSS
Exploits62
Vulnrichment
Vulnrichment
added 2026/01/26 12:0 a.m.3 views

CVE-2025-70368

Worklenz version 2.1.5 contains a Stored Cross-Site Scripting XSS vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript may be executed in a...

5.9AI score0.00224EPSS
Exploits2References2
CNVD
CNVD
added 2026/01/19 12:0 a.m.4 views

Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05118)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of user-supplied data by a form component, which can be exploited by an attacker to execute arbitrary web...

9.4CVSS6AI score0.00145EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/17 7:15 p.m.18 views

CVE-2021-47844

Xmind 2020 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into mind mapping files or custom headers. Attackers can craft malicious files with embedded JavaScript that execute system commands when opened, enabling remote code execution through mous...

6.1CVSS7.7AI score0.00347EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/16 7:9 p.m.21 views

CVE-2021-47841 SnipCommand 0.1.0 - Persistent Cross-Site Scripting

SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs...

6.1CVSS0.00378EPSS
Exploits0References4
NVD
NVD
added 2026/01/16 12:16 a.m.7 views

CVE-2021-47805

Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries to inject malicious executables that will be run with elevated...

8.5CVSS0.00217EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.5 views

WordPress plugin WP-Members Membership Plugin 跨站脚本漏洞

WordPress WP-Members Membership plugin is an open source membership plugin for WordPress that is mainly used to create membership sites with restricted content. WordPress WP-Members Membership plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...

5.4CVSS5.9AI score0.00187EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.9 views

PT-2026-2417

Name of the Vulnerable Software and Affected Versions Zippy CRM version 6.5.4 Description The software contains a reflected cross-site scripting issue that enables attackers to inject malicious scripts via unvalidated input parameters. Attackers can submit crafted payloads in manual insertion...

6.1CVSS6.3AI score0.00238EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/01/09 10:42 a.m.10 views

CVE-2022-26174

A remote code execution RCE vulnerability in Beekeeper Studio v3.2.0 allows attackers to execute arbitrary code via a crafted payload injected into the display fields...

9.8CVSS8.4AI score0.02269EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:41 a.m.7 views

CVE-2022-26156

An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places...

6.1CVSS7.1AI score0.00713EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:53 a.m.6 views

CVE-2020-10440

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/report-article-mailed.php by adding a question mark ? followed by the payload...

4.8CVSS6.1AI score0.00611EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:51 a.m.6 views

CVE-2020-10403

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/edit-comment.php by adding a question mark ? followed by the payload...

4.8CVSS6.1AI score0.00611EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:32 a.m.5 views

CVE-2024-39248

A cross-site scripting XSS vulnerability in SimpCMS v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field at /admin.php...

5.4CVSS5.8AI score0.00743EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/08 3:15 a.m.5 views

CVE-2025-66686

A stored Cross-Site Scripting XSS vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The injected payload is stored and executed when any...

6.1CVSS5.7AI score0.00187EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/06 6:51 a.m.9 views

CVE-2025-67397

An issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific payload injection...

9.1CVSS7.6AI score0.00692EPSS
Exploits0References1
OSV
OSV
added 2026/01/05 7:15 p.m.4 views

CVE-2025-67397

An issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific payload injection...

9.1CVSS6.2AI score0.00692EPSS
Exploits0References2
NVD
NVD
added 2026/01/05 7:15 p.m.3 views

CVE-2025-67397

An issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific payload injection...

9.1CVSS0.00692EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/05 12:0 a.m.2 views

CVE-2025-67397

An issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific payload injection...

7.2AI score0.00692EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/05 12:0 a.m.4 views

EUVD-2026-0804

An issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific payload injection...

9.1CVSS7.1AI score0.00692EPSS
Exploits0References4
CNVD
CNVD
added 2025/12/30 12:0 a.m.4 views

WordPress Hostel plugin cross-site scripting vulnerability

WordPress Hostel plugin refers to a plugin designed specifically for WordPress websites. WordPress Hostel plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacke...

5.9CVSS7.9AI score0.00164EPSS
Exploits0References1
Rows per page
Query Builder