Lucene search
K

1131353 matches found

CVE
CVE
added yesterday28 views

CVE-2026-47730

Twig: XSS in Twig\Profiler\Dumper\HtmlDumper allows attacker-controlled template/profile names to inject HTML in profiler output due to unescaped getTemplate()/getName() data. Affects Twig 3.0.0–3.26.0; fixed in 3.26.0 by escaping these values via htmlspecialchars(). No exploit details provided b...

5.1CVSS6.2AI score0.00037EPSS
Exploits0References3
EUVD
EUVD
added yesterday3 views

EUVD-2026-44554

ColdFusion is affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user...

8.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday34 views

CVE-2026-49978

CVE-2026-49978 affects DOMPurify, where IN_PLACE sanitization before version 3.4.7 could skip shadow contents inside a .content, allowing attacker-controlled markup (e.g., event handlers, JavaScript URLs, scripts) to survive during cloning and insertion of sanitized templates. The issue is fixed ...

6.3CVSS6.1AI score0.00038EPSS
Exploits0References3
CVE
CVE
added yesterday52 views

CVE-2026-49459

CVE-2026-49459 affects DOMPurify prior to 3.4.6, where IN_PLACE mode could retain event-handler attributes on an attacker‑controlled root DOM due to _isClobbered logic and incomplete removal paths. Affected component: DOMPurify.sanitize(root, { IN_PLACE: true }) with a clobbered root form. Conseq...

6.1CVSS6.1AI score0.00042EPSS
Exploits0References3
CVE
CVE
added yesterday5 views

CVE-2026-47999

CVE-2026-47999 describes a stored Cross-Site Scripting (XSS) flaw in Adobe Commerce . A high-privilege attacker can inject malicious scripts into vulnerable form fields, with JavaScript potentially executing in a victim’s browser when loading the page containing the affected field. The CVSS metri...

4.8CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-47995

Technical details such as affected versions, vulnerable components, exploit methods, or remediation steps are not provided in the supplied documents. Monitor for updates from Adobe/NVD for concrete technical information.

8.1CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-48371

Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability. The issue allows a low-privilege attacker to inject malicious scripts into vulnerable form fields, with malicious JavaScript potentially executing in a victim’s browser when visiting the page containing the vulnerabl...

5.4CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-47994

Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability (CVE-2026-47994). The issue allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, with malicious JavaScript potentially executing in a victim’s browser when visiting the page contai...

8.7CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-48263

CVE-2026-48263 : Adobe Experience Manager is affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. The issue allows a low-privileged attacker to inject malicious scripts, which may execute in a victim’s browser when visiting a page containing the vulnerable fiel...

5.4CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-48260

Adobe Experience Manager is affected by a DOM-based XSS vulnerability (CVE-2026-48260). The issue allows an attacker to manipulate the DOM to execute malicious JavaScript in the victim’s browser. Exploitation requires user interaction (victim visits a crafted page). CVSS v3.1: AV:N/AC:L/PR:L/UI:R...

5.4CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-48355

Adobe Experience Manager is affected by a stored XSS vulnerability (CVE-2026-48355) that allows a low-privileged attacker to inject JavaScript into vulnerable form fields, with victim browsers executing the script when visiting the affected page. The CVSS v3.1 base score is 5.4 (Medium) with netw...

5.4CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-48261

Adobe Experience Manager is affected by a DOM-based XSS vulnerability. An attacker could manipulate the DOM to execute JavaScript in the victim’s browser, with user interaction required (victim visits a crafted page). The vulnerability is scope-changed; CVSS 3.1 base score 5.4 (MEDIUM) with NETWO...

5.4CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-48253

CVE-2026-48253 affects Adobe Experience Manager and describes a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could cause malicious JavaScript to execute in the victim’s browser by manipulating the DOM; exploitation requires user interaction (the victim visits a crafted page). T...

5.4CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-48262

Adobe Experience Manager is affected by a DOM-based XSS vulnerability (CVE-2026-48262). The issue involves manipulating the DOM to execute malicious JavaScript in the victim’s browser, with exploitation requiring user interaction (victim visits a crafted page). CVSS 3.1 base score 5.4 (Medium): A...

5.4CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-48255

CVE-2026-48255 affects Adobe Experience Manager with a DOM-based Cross-Site Scripting (XSS) vulnerability. The issue arises from manipulating the DOM to execute malicious JavaScript in the victim’s browser, requiring user interaction (victim visits a crafted webpage). CVSS 3.1 metrics indicate Ne...

5.4CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-48257

CVE-2026-48257 : Adobe Experience Manager is affected by a DOM-based XSS vulnerability. An attacker could manipulate the DOM to run malicious JavaScript in the victim’s browser, with exploitation requiring the user to visit a crafted webpage. The CVSS v3.1 base score is 5.4 (Medium) with network ...

5.4CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-48254

Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2026-48254.

5.4CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday23 views

CVE-2026-45072

Summary: CVE-2026-45072 affects Symfony (PHP framework) via the WebProfiler/CodeExtension::fileExcerpt() in the profiler. The vulnerability arises because the profiler’s file_excerpt filter escapes PHP files with highlight_string() but injects non-PHP file lines directly into elements without es...

2CVSS6.1AI score0.00062EPSS
Exploits0References5
CVE
CVE
added yesterday4 views

CVE-2026-15715

CVE-2026-15715 affects SourceCodester Class and Exam Timetabling System 1.0. The vulnerability targets the file /exam.php where manipulating the argument day enables cross-site scripting. It can be exploited remotely, and a publicly available exploit exists. The available documents do not specify...

5.3CVSS4.7AI score
Exploits0References7
CVE
CVE
added yesterday13 views

CVE-2026-23573

Technical details for CVE-2026-23573 are not publicly available in the provided documents. Monitor for updates from Fortinet PSIRTs and NVD for affected products and fixes.

6.1CVSS6.2AI score
Exploits0References1Affected Software3
Rows per page
Query Builder