Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

87 matches found

EUVD
EUVDadded 2026/04/20 6:31 p.m.0 views

EUVD-2026-23929

GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFTReport::Create without HTML sanitization. Attackers can inject arbitrary JavaScript into the report title field when creating or editing a...

5.4CVSS5.7AI score0.00034EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/04/20 5:27 p.m.22 views

CVE-2026-23757 GFI HelpDesk < 4.99.10 Stored XSS via Reports Module

GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFTReport::Create without HTML sanitization. Attackers can inject arbitrary JavaScript into the report title field when creating or editing a...

5.4CVSS0.00034EPSS
Exploits0References2
CVE
CVEadded 2026/04/20 5:27 p.m.3 views

CVE-2026-23757

GFI HelpDesk

5.4CVSS5.7AI score0.00034EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/20 5:27 p.m.0 views

CVE-2026-23757 GFI HelpDesk < 4.99.10 Stored XSS via Reports Module

GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFTReport::Create without HTML sanitization. Attackers can inject arbitrary JavaScript into the report title field when creating or editing a...

5.4CVSS5.7AI score0.00034EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/04/20 12:0 a.m.1 views

PT-2026-33822

GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFT Report::Create without HTML sanitization. Attackers can inject arbitrary JavaScript into the report title field when creating or editing a...

5.4CVSS5.7AI score0.00034EPSS
Exploits0References5
EUVD
EUVDadded 2026/03/19 10:37 p.m.2 views

EUVD-2026-13351

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, when creating or editing a report AORReports module, the fieldfunction parameter from POST data is saved directly into the aorfields table without any...

8.1CVSS6AI score0.00014EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/03/19 10:37 p.m.0 views

CVE-2026-29096 SuiteCRM vulnerable to Authenticated SQL Injection via unsanitized field_function in Report Fields

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, when creating or editing a report AORReports module, the fieldfunction parameter from POST data is saved directly into the aorfields table without any...

8.1CVSS6AI score0.00014EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/03/19 12:0 a.m.1 views

PT-2026-26430

Name of the Vulnerable Software and Affected Versions SuiteCRM versions prior to 7.15.1 SuiteCRM versions prior to 8.9.3 Description SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the field function parameter received...

8.1CVSS6.2AI score0.00014EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2026/03/16 12:0 a.m.2 views

PT-2026-25704

A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/mod reports/index.php. Executing a manipulation of the argument Home can lead to sql injection. The attack may be performed from remote. The exploit has been...

7.5CVSS6.9AI score0.00045EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/01/09 8:52 a.m.2 views

CVE-2021-2276

Vulnerability in the Oracle iSetup product of Oracle E-Business Suite component: General Ledger Update Transform, Reports. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

8.1CVSS6.6AI score0.01221EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/10/31 3:11 p.m.3 views

CVE-2025-5347

Zohocorp ManageEngine Exchange Reporter Plus versions before 5723 are vulnerable to Stored Cross Site Scripting in the reports module...

6.3CVSS6.2AI score0.0008EPSS
Exploits0References1
NVD
NVDadded 2025/10/30 3:15 p.m.2 views

CVE-2025-5347

Zohocorp ManageEngine Exchange Reporter Plus versions before 5723 are vulnerable to Stored Cross Site Scripting in the reports module...

6.3CVSS0.0008EPSS
Exploits0References1
OSV
OSVadded 2025/10/30 3:15 p.m.2 views

CVE-2025-5347

Zohocorp ManageEngine Exchange Reporter Plus versions before 5723 are vulnerable to Stored Cross Site Scripting in the reports module...

5.4CVSS5.8AI score0.0008EPSS
Exploits0References1
CVE
CVEadded 2025/10/30 2:31 p.m.11 views

CVE-2025-5347

CVE-2025-5347 affects Zohocorp ManageEngine Exchange Reporter Plus before version 5723. The vulnerability is a Stored Cross-Site Scripting flaw in the reports module, allowing injected scripts to be stored on the server and executed when users view affected reports. According to the connected adv...

6.3CVSS5.8AI score0.0008EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2025/10/30 2:31 p.m.2 views

EUVD-2025-37002

Zohocorp ManageEngine Exchange Reporter Plus versions before 5723 are vulnerable to Stored Cross Site Scripting in the reports module...

6.3CVSS5.7AI score0.0008EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/10/30 2:31 p.m.2 views

CVE-2025-5347 Stored XSS

Zohocorp ManageEngine Exchange Reporter Plus versions before 5723 are vulnerable to Stored Cross Site Scripting in the reports module...

6.3CVSS5.8AI score0.0008EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/10/30 2:31 p.m.5 views

CVE-2025-5347 Stored XSS

Zohocorp ManageEngine Exchange Reporter Plus versions before 5723 are vulnerable to Stored Cross Site Scripting in the reports module...

6.3CVSS0.0008EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/10/30 12:0 a.m.3 views

PT-2025-44414

Name of the Vulnerable Software and Affected Versions ManageEngine Exchange Reporter Plus versions prior to 5723 Description ManageEngine Exchange Reporter Plus versions before 5723 are susceptible to Stored Cross Site Scripting within the reports module. This allows for the injection of maliciou...

6.3CVSS6.2AI score0.0008EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-27624

Malicious code in bioql PyPI...

4.8CVSS3.8AI score0.00052EPSS
Exploits1References5
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-46755

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.01217EPSS
Exploits0References1
Rows per page
Query Builder