Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

286 matches found

NVD
NVDadded 2 hours ago3 views

CVE-2026-47344

When ALLOWINSECURERAWTEXT is enabled, whitespace-variant closing tags e.g., are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitiz...

2.1CVSS
Exploits0References2
RedhatCVE
RedhatCVEadded 3 days ago5 views

CVE-2026-8139

Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName because updateCollectionAliasExternal bypasses being sanitized. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with vector...

5.4CVSS5.4AI score0.00022EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 3 days ago6 views

CVE-2026-23758

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the ticket subject field that allows authenticated staff members to inject malicious JavaScript by manipulating the editsubject POST parameter. Attackers can inject XSS payloads through inadequate sanitization in...

6.4CVSS5.6AI score0.00034EPSS
Exploits0References1
OSV
OSVadded 4 days ago5 views

GHSA-2FHX-Q92V-5FHV WWBN AVideo: Stored XSS via autoEvalCodeOnHTML Bypass in MessageSQLite WebSocket Handler (CVE-2026-43874 Bypass)

AVideo: Stored XSS via autoEvalCodeOnHTML in MessageSQLite WebSocket Handler Summary AVideo has a stored XSS vulnerability in the WebSocket messaging system. The MessageSQLite.php handler only strips autoEvalCodeOnHTML from $json'msg', but msgToResourceId reads from $msg'json' with higher priorit...

7.7CVSS6AI score
Exploits0References3
Github Security Blog
Github Security Blogadded 4 days ago7 views

WWBN AVideo: Stored XSS via autoEvalCodeOnHTML Bypass in MessageSQLite WebSocket Handler (CVE-2026-43874 Bypass)

AVideo: Stored XSS via autoEvalCodeOnHTML in MessageSQLite WebSocket Handler Summary AVideo has a stored XSS vulnerability in the WebSocket messaging system. The MessageSQLite.php handler only strips autoEvalCodeOnHTML from $json'msg', but msgToResourceId reads from $msg'json' with higher priorit...

7.2CVSS6AI score0.00023EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologiesadded 4 days ago9 views

PT-2026-46842

AVideo: Stored XSS via autoEvalCodeOnHTML in MessageSQLite WebSocket Handler Summary AVideo has a stored XSS vulnerability in the WebSocket messaging system. The MessageSQLite.php handler only strips autoEvalCodeOnHTML from $json'msg', but msgToResourceId reads from $msg'json' with higher priorit...

7.7CVSS6AI score
Exploits0References4
Positive Technologies
Positive Technologiesadded 4 days ago8 views

PT-2026-46893

AVideo: Stored XSS via autoEvalCodeOnHTML in MessageSQLite WebSocket Handler Summary AVideo has a stored XSS vulnerability in the WebSocket messaging system. The MessageSQLite.php handler only strips autoEvalCodeOnHTML from $json'msg', but msgToResourceId reads from $msg'json' with higher priorit...

7.7CVSS6AI score
Exploits0References4
GithubExploit
GithubExploitadded 5 days ago48 views

Exploit for Prototype Pollution in Cure53 Dompurify

DOMPurify re-clone bypass. Instead of relying on easily str...

9.8CVSS7AI score0.02592EPSS
Exploits2
SUSE CVE
SUSE CVEadded 6 days ago7 views

SUSE CVE-2026-25681

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00031EPSS
Exploits0References3
OSV
OSVadded 2026/06/01 2:7 p.m.3 views

GHSA-87XG-PXX2-7HVX DOMPurify XSS via selectedcontent re-clone

Summary DOMPurify 3.4.4 allows selectedcontent by default, allowing a chain in which browsers "re-clone" an XSS payload after sanitization, effectively bypassing DOMPurify. Details The chain is as follows: 1. The browser parses the input and creates a clone from the selected 2. DOMPurify walks an...

8.2CVSS5.8AI score
Exploits0References2
EUVD
EUVDadded 2026/05/29 6:58 a.m.8 views

EUVD-2026-33256

An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can bypass input filtering and inject arbitrary SQL commands...

7.1CVSS6AI score0.00033EPSS
Exploits0References1
Veracode
Veracodeadded 2026/05/29 4:37 a.m.7 views

Stored Cross-Site Scripting (XSS)

TinyMCE is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of forged mce:protected comments, which allows an attacker to bypass content sanitization and inject malicious scripts that execute when the protected content is restored...

8.7CVSS5.9AI score0.00032EPSS
Exploits0References4Affected Software2
Snyk
Snykadded 2026/05/28 4:50 p.m.5 views

Cross-site Scripting (XSS)

Overview tinymce/tinymce is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the mce:protected comments. An attacker can execute arbitrary scripts in the context of affected users by injecting malicious content th...

8.7CVSS5.9AI score0.00032EPSS
Exploits0References2
Snyk
Snykadded 2026/05/28 4:50 p.m.6 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:tinymce is a WebJar for tinymce. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the mce:protected comments. An attacker can execute arbitrary scripts in the context of affected users by injecting malicious content that bypasses sanitizati...

8.7CVSS5.9AI score0.00032EPSS
Exploits0References2
Snyk
Snykadded 2026/05/28 4:50 p.m.6 views

Cross-site Scripting (XSS)

Overview TinyMCE is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the mce:protected comments. An attacker can execute arbitrary scripts in the context of affected users by injecting malicious content that...

8.7CVSS5.9AI score0.00032EPSS
Exploits0References2
Snyk
Snykadded 2026/05/28 4:50 p.m.7 views

Cross-site Scripting (XSS)

Overview tinymce is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the mce:protected comments. An attacker can execute arbitrary scripts in the context of affected users by injecting malicious content that...

8.7CVSS5.9AI score0.00032EPSS
Exploits0References2
NVD
NVDadded 2026/05/28 4:16 p.m.11 views

CVE-2026-47762

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when content is restored. Impacts users who utilize the protect option. Thi...

8.7CVSS0.00032EPSS
Exploits0References3
OSV
OSVadded 2026/05/28 4:16 p.m.4 views

UBUNTU-CVE-2026-47762

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when content is restored. Impacts users who utilize the protect option. Thi...

8.7CVSS5.9AI score0.00032EPSS
Exploits0References5
CVE
CVEadded 2026/05/28 3:21 p.m.22 views

CVE-2026-47762

CVE-2026-47762 affects TinyMCE, a widely used open source rich text editor. The flaw is a stored XSS via forged mce:protected comments present before version 5.11.1, 7.9.3, and 8.5.1. An attacker could bypass sanitization and insert scripts that execute when content is restored, impacting users w...

8.7CVSS5.9AI score0.00032EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/28 3:21 p.m.13 views

CVE-2026-47762

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when content is restored. Impacts users who utilize the protect option. Thi...

8.7CVSS5.9AI score0.00032EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder