Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

28 matches found

NVD
NVDadded 2025/05/23 4:15 p.m.10 views

CVE-2025-48378

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue...

6.1CVSS0.00055EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2023/09/08 12:0 a.m.4 views

PT-2023-27903 · Unknown · Matrix Media Repo

Name of the Vulnerable Software and Affected Versions: matrix-media-repo versions prior to 1.3.0 Description: The issue allows an attacker to upload malicious media to the media repository, which is then served with Content-Disposition: inline upon download. This can be leveraged to execute scrip...

5.4CVSS7.4AI score0.00623EPSS
Exploits0References13
SUSE CVE
SUSE CVEadded 2023/02/15 5:22 a.m.2 views

SUSE CVE-2015-1218

Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger movement of a SCRIPT element to different documents,...

7.5CVSS9.7AI score0.01214EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2022/09/23 7:55 a.m.4 views

CVE-2022-39239 nefly-ipx subject to Server-Side Request Forgery and Stored Cross-Site Scripting via Cache Poisoning and Improper Host Validation

netlify-ipx is an on-Demand image optimization for Netlify using ipx. In versions prior to 1.2.3, an attacker can bypass the source image domain allowlist by sending specially crafted headers, causing the handler to load and return arbitrary images. Because the response is cached globally, this...

6.1CVSS6.2AI score0.00179EPSS
Exploits0References1
Mozilla
Mozillaadded 2022/06/28 12:0 a.m.429 views

Security Vulnerabilities fixed in Firefox 102 — Mozilla

A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. This bug only affects Firefox for Linux. Other operating systems are unaffected. Session history navigations may...

9.8CVSS0.6AI score0.00645EPSS
Exploits0References25Affected Software1
CNNVD
CNNVDadded 2021/04/27 12:0 a.m.3 views

Kirby 跨站脚本漏洞

Kirby is a file-based content management system CMS. Kirby suffers from a cross-site scripting vulnerability that allows a write-access editor to upload SVG files containing harmful content such as "script" tags...

7.6CVSS6.2AI score0.0112EPSS
Exploits4References7
Positive Technologies
Positive Technologiesadded 2018/03/20 12:0 a.m.4 views

PT-2018-18636 · Opencms · Opencms

Name of the Vulnerable Software and Affected Versions: OpenCMS version 10.5.3 Description: A cross-site request forgery CSRF issue allows remote attackers to hijack the authentication of administrative users for requests that perform privilege escalation. The system stores uploaded content, such ...

8.8CVSS9.4AI score0.00157EPSS
Exploits5References5
OSV
OSVadded 2016/12/15 6:59 a.m.2 views

CVE-2016-6844

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within SVG files is maintained when opening such files "in browser" based on our Mail or Drive app. In case of "a" tags, this may include link targets with base64 encoded "data" references. Malicious script code c...

6.1CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder