Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CVE
CVEadded 2026/03/16 11:53 a.m.6 views

CVE-2025-69241

Raytha CMS is affected by CVE-2025-69241, a Stored XSS in the profile editing flow via FirstName/LastName. An authenticated attacker can inject HTML/JS that executes when the edited page is viewed. The issue has been fixed in version 1.4.6. The CVSSv4 metrics indicate a Medium impact (base score ...

5.4CVSS5.8AI score0.00039EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVEadded 2026/02/06 7:7 a.m.4 views

CVE-2026-1953

Nukegraphic CMS v3.1.2 contains a stored cross-site scripting XSS vulnerability in the user profile edit functionality at /ngc-cms/user-edit-profile.php. The application fails to properly sanitize user input in the name field before storing it in the database and rendering it across multiple CMS...

8.2CVSS5.6AI score0.00023EPSS
Exploits0References1
NVD
NVDadded 2026/02/05 7:16 a.m.3 views

CVE-2026-1953

Nukegraphic CMS v3.1.2 contains a stored cross-site scripting XSS vulnerability in the user profile edit functionality at /ngc-cms/user-edit-profile.php. The application fails to properly sanitize user input in the name field before storing it in the database and rendering it across multiple CMS...

8.2CVSS0.00023EPSS
Exploits0References1
CVE
CVEadded 2026/02/05 6:33 a.m.11 views

CVE-2026-1953

Nukegraphic CMS v3.1.2 is affected by a stored XSS in the user profile edit endpoint (/ngc-cms/user-edit-profile.php). The vulnerability arises because the name field is not properly sanitized before storing to the database and rendering on multiple pages. An authenticated attacker with low privi...

8.2CVSS5.6AI score0.00023EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 5:31 a.m.2 views

CVE-2023-29527

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions a user without script or programming right may edit a user profile or any other document with the wiki editor and add groovy script content. Viewing the document after...

9.9CVSS7.5AI score0.09755EPSS
Exploits1References1
NVD
NVDadded 2025/05/10 10:15 p.m.18 views

CVE-2025-47817

In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit request can include a role parameter...

8.8CVSS0.00302EPSS
Exploits0References3
OSV
OSVadded 2024/05/23 12:15 p.m.4 views

PYSEC-2024-296

OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges can gain administrative privileges on the web...

8.1CVSS5.8AI score0.00158EPSS
Exploits0References1
OSV
OSVadded 2023/11/30 2:15 p.m.0 views

CVE-2023-6410

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via editprofile.php in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retriev...

7.5CVSS5.8AI score
Exploits0References1
Rows per page
Query Builder