Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

UbuntuCve
UbuntuCveadded 2026/05/14 6:16 a.m.4 views

CVE-2026-7481

GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to execute arbitrary JavaScript in other users' browsers due to improper input...

8.7CVSS5.9AI score0.00039EPSS
Exploits0References4
CVE
CVEadded 2026/01/15 1:10 p.m.4 views

CVE-2026-22637

CVE-2026-22637 is associated with Grafana XY Chart Plugin. The Red Hat entry and PT--security advisory describe a DOM-based XSS vulnerability where a user with Editor permissions can modify a panel to execute arbitrary JavaScript. Affected component: Grafana XY Chart Plugin; attack vector involve...

6.3AI score0.00035EPSS
Exploits0
NVD
NVDadded 2026/01/14 10:15 p.m.3 views

CVE-2026-0601

A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring user interaction...

5.1CVSS0.0029EPSS
Exploits0References2
Snyk
Snykadded 2025/12/18 8:46 p.m.3 views

Cross-site Scripting (XSS)

Overview Kentico.Xperience.AspNetCore.WebApp is an assemblies and content items required to integrate Kentico Xperience into ASP.NET Core applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper processing of page preview URLs. An authenticated...

6.1CVSS5.3AI score0.00027EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/09/29 12:0 a.m.1 views

PT-2025-39860

Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions 11.4 and below Description A reflected cross site scripting issue exists in Esri Portal for ArcGIS. A remote attacker with administrative access can potentially execute arbitrary JavaScript code in a user's...

4.8CVSS6.3AI score0.00028EPSS
Exploits0References5
NVD
NVDadded 2025/08/21 8:15 p.m.4 views

CVE-2025-55103

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in th...

4.8CVSS0.00041EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/06/11 1:21 p.m.4 views

CVE-2025-48877

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, Codepen is present in the default allowediframes site setting, and it can potentially auto-run arbitrary JS...

9.8CVSS6.7AI score0.0069EPSS
Exploits0References1
Rows per page
Query Builder