Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4436 matches found

Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.7 views

PT-2026-39949

The iPOSpays Gateways WC plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.3.7. This is due to the plugin exposing a REST API endpoint /wp-json/ipospays/v1/save settings with 'permission callback' set to ' return true', which allows unauthenticated acce...

5.3CVSS5.8AI score0.00075EPSS
Exploits0References8
RedhatCVE
RedhatCVEadded 2026/05/11 8:27 p.m.8 views

CVE-2026-8221

A flaw has been found in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /inventory/item-save. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacte...

4.8CVSS4.2AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/11 8:27 p.m.9 views

CVE-2026-8220

A vulnerability was detected in Devs Palace ERP Online up to 4.0.0. This affects an unknown function of the file /inventory/customer-save. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted ear...

4.8CVSS4.2AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/11 8:27 p.m.6 views

CVE-2026-8219

A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. The impacted element is an unknown function of the file /inventory/supplier-save. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed publicl...

4.8CVSS4.2AI score0.00258EPSS
Exploits0References1
NVD
NVDadded 2026/05/11 5:16 p.m.10 views

CVE-2026-42845

The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0 , there is an unauthenticated page-content overwrite via file upload GHSA-w4rc-p66m-x6qq. Public form uploads now strip path components from the POST-supplied filename and hard-block page-content extensions md, yaml...

8.7CVSS0.00622EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/11 3:31 a.m.25 views

EUVD-2026-29018

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /accounts/chart-save. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was...

4.8CVSS4.1AI score0.00202EPSS
Exploits0References5
EUVD
EUVDadded 2026/05/11 3:31 a.m.29 views

EUVD-2026-29011

A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. This vulnerability affects unknown code of the file /accounts/mr-save. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. T...

4.8CVSS4.1AI score0.00202EPSS
Exploits0References5
NVD
NVDadded 2026/05/11 2:16 a.m.33 views

CVE-2026-8262

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /accounts/chart-save. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was...

4.8CVSS0.00202EPSS
Exploits0References4
NVD
NVDadded 2026/05/11 2:16 a.m.27 views

CVE-2026-8256

A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. This vulnerability affects unknown code of the file /accounts/mr-save. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. T...

4.8CVSS0.00202EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/11 1:45 a.m.3 views

CVE-2026-8262

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /accounts/chart-save. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was...

4.8CVSS4.1AI score0.00202EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2026/05/11 1:45 a.m.53 views

CVE-2026-8262 Devs Palace ERP Online chart-save cross site scripting

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /accounts/chart-save. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was...

4.8CVSS0.00202EPSS
Exploits0References4
CVE
CVEadded 2026/05/11 1:45 a.m.16 views

CVE-2026-8262

CVE-2026-8262 affects Devs Palace ERP Online up to version 4.0.0. The issue involves manipulation of the file/function /accounts/chart-save that leads to cross-site scripting (XSS). The vulnerability is exploitable remotely over the network; the exploit is publicly available. Affected component: ...

4.8CVSS4.1AI score0.00202EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/11 1:45 a.m.6 views

CVE-2026-8262 Devs Palace ERP Online chart-save cross site scripting

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /accounts/chart-save. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was...

4.8CVSS4.1AI score0.00202EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/11 12:31 a.m.28 views

EUVD-2026-29009

A security flaw has been discovered in Devs Palace ERP Online up to 4.0.0. Affected by this issue is some unknown functionality of the file /inventory/salessave. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the...

4.8CVSS4.2AI score0.00253EPSS
Exploits0References5
NVD
NVDadded 2026/05/11 12:16 a.m.54 views

CVE-2026-8253

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. Affected by this vulnerability is an unknown functionality of the file /inventory/purchasesave. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available a...

4.8CVSS0.00202EPSS
Exploits0References4
NVD
NVDadded 2026/05/11 12:16 a.m.11 views

CVE-2026-8254

A security flaw has been discovered in Devs Palace ERP Online up to 4.0.0. Affected by this issue is some unknown functionality of the file /inventory/salessave. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the...

4.8CVSS0.00253EPSS
Exploits0References4
CVE
CVEadded 2026/05/11 12:15 a.m.19 views

CVE-2026-8256

CVE-2026-8256 affects Devs Palace ERP Online up to version 4.0.0. The vulnerability occurs in unknown code within the file /accounts/mr-save and enables cross-site scripting (XSS) when the application is processed remotely. Public exploit information is present in the description, and the vendor ...

4.8CVSS4.1AI score0.00202EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/11 12:15 a.m.6 views

CVE-2026-8256 Devs Palace ERP Online mr-save cross site scripting

A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. This vulnerability affects unknown code of the file /accounts/mr-save. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. T...

4.8CVSS4.1AI score0.00202EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/05/11 12:0 a.m.12 views

PT-2026-39561

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /accounts/chart-save. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was...

4.8CVSS4.1AI score0.00202EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/05/11 12:0 a.m.6 views

Devs Palace ERP Online 跨站脚本漏洞

Devs Palace ERP Online is a cloud-based enterprise resource planning and business management system developed by Devs Palace. Versions of Devs Palace ERP Online 4.0.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from operations on unknown code located in...

4.8CVSS5.7AI score0.00202EPSS
Exploits0References1
Rows per page
Query Builder