Lucene search
K

20085 matches found

CVE
CVE
added 2 hours ago7 views

CVE-2026-13733

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'nodatamsg' Shortcode Attribute in all versions up to, and including, 3.3.60 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score
Exploits0References8
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-40902

The Custom Payment Gateways for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'algwccpginputfields' parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS5.9AI score
Exploits0References8
EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-40889

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'conversation' parameter in all versions up to, and including, 8.4.9 due to insufficient input sanitization and output escaping. This makes it possible f...

7.2CVSS5.9AI score
Exploits0References7
EUVD
EUVD
added 9 hours ago4 views

EUVD-2026-40834

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

6AI score
Exploits0References3
EUVD
EUVD
added 9 hours ago4 views

EUVD-2026-40770

Insufficient validation of untrusted input in HTML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

6AI score
Exploits0References3
EUVD
EUVD
added 9 hours ago3 views

EUVD-2026-40689

Inappropriate implementation in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

6AI score
Exploits0References3
EUVD
EUVD
added 9 hours ago3 views

EUVD-2026-40688

Inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

6AI score
Exploits0References3
EUVD
EUVD
added 9 hours ago3 views

EUVD-2026-40634

Inappropriate implementation in ScriptInjections in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score
Exploits0References3
EUVD
EUVD
added 9 hours ago4 views

EUVD-2026-40522

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

6AI score
Exploits0References3
EUVD
EUVD
added 9 hours ago4 views

EUVD-2026-40498

Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

6AI score
Exploits0References3
CVE
CVE
added yesterday3 views

CVE-2026-14147

CVE-2026-14147 : This vulnerability affects Google Chrome’s CSS handling prior to version 150.0.7871.47, where an inappropriate implementation could allow a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. The root cause is an implementation issue in CSS process...

6AI score
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-14145

In Google Chrome, an inappropriate CSS implementation allows UXSS: a remote attacker can inject arbitrary scripts/HTML via a crafted HTML page. Affected product: desktop Chrome versions prior to 150.0.7871.47. Root cause: CSS handling vulnerability described as an improper implementation. Impact:...

6AI score
Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-14001

CVE-2026-14001 affects Google Chrome prior to 150.0.7871.47. The issue is an inappropriate implementation in the Network component that allows a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. This is described as a Medium severity vulnerability. A patch is ind...

6AI score
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-14000

CVE-2026-14000 affects Google Chrome versions prior to 150.0.7871.47 due to an inappropriate XML implementation. The flaw enables a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page, as documented in the NVD/CVELIST entries. Affected software is Google Chrome (Chr...

6AI score
Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-13977

CVE-2026-13977 describes an inappropriate implementation in Chrome’s HTMLParser that allows a remote attacker to perform UXSS (script/HTML injection) via a crafted HTML page, affecting Chrome versions prior to 150.0.7871.47. The vulnerability is driven by the HTMLParser handling vulnerabilities i...

6AI score
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-13836

CVE-2026-13836 : In Google Chrome, an inappropriate CSS implementation prior to version 150.0.7871.47 allows a remote attacker to perform UXSS by presenting a crafted HTML page. This affects Chrome’s rendering/CSS handling and could enable arbitrary script/HTML injection. The available connected ...

6AI score
Exploits0References2
Cvelist
Cvelist
added yesterday19 views

CVE-2026-48315 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gainin...

9.3CVSS
Exploits0References1
Nuclei
Nuclei
added yesterday12 views

WSO2 - Server Side Request Forgery

WSO2 products contain SSRF and reflected XSS vulnerabilities in the deprecated Try-It feature accessible only to administrative users, caused by improper URL validation and direct content reflection, letting attackers trick admins into executing arbitrary JavaScript and querying internal services...

5.9CVSS5.9AI score0.00583EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday36 views

osTicket < 1.10.2 - Cross-Site Scripting

Cross-site scripting XSS vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter. id: CVE-2018-7196 info: name: osTicket 1.10.2 - Cross-Site Scripting author: ritikchaddha severity: medium...

6.1CVSS6.6AI score0.02482EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday24 views

CandidATS 3.0.0 - Cross-Site Scripting

CandidATS 3.0.0 contains a cross-site scripting vulnerability via the page parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.4AI score0.01071EPSS
Exploits1References5
Rows per page
Query Builder