Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1123454 matches found

Patchstack
Patchstackadded last week9 views

WordPress WP Nano AD plugin <= 1.31 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by siyuan shao in WordPress Plugin WP Nano AD versions = 1.31...

5.5CVSS5.8AI score0.00028EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded last week9 views

WordPress DeMomentSomTres Shortcodes plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin DeMomentSomTres Shortcodes versions = 1.1.1...

6.4CVSS5.8AI score0.00029EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded last week7 views

CVE-2026-24751 Kiteworks Secure Data Forms Vulnerable to Cross-site Scripting

Kiteworks is a private data network PDN. Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

8.2CVSS5.9AI score0.00037EPSS
Exploits0References1
CVE
CVEadded last week9 views

CVE-2026-24751

Kiteworks CVE-2026-24751 is a reflected XSS in Kiteworks Secure Data Forms present before version 9.3.0. An attacker could induce a user to execute arbitrary JavaScript via a crafted input, over a network, with user interaction required. The vulnerability’s impact includes high confidentiality ri...

8.2CVSS5.9AI score0.00037EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded last week7 views

EUVD-2026-33749

Kiteworks is a private data network PDN. Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

8.2CVSS5.9AI score0.00037EPSS
Exploits0References1
Cvelist
Cvelistadded last week22 views

CVE-2026-24751 Kiteworks Secure Data Forms Vulnerable to Cross-site Scripting

Kiteworks is a private data network PDN. Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

8.2CVSS0.00037EPSS
Exploits0References1
Debian
Debianadded last week7 views

[SECURITY] [DSA 6317-1] symfony security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6317-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 01, 2026 https://www.debian.org/security/faq -...

7.3CVSS7.4AI score0.85051EPSS
Exploits0
NVD
NVDadded last week10 views

CVE-2026-42676

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...

6.5CVSS0.00034EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletinsadded last week8 views

Security Bulletin: The Log Source Management App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Log Source Management App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2025-15599 DESCRIPTION: DOMPurify...

9.8CVSS7.2AI score0.0008EPSS
Exploits2Affected Software1
RedhatCVE
RedhatCVEadded last week8 views

CVE-2026-10153

A flaw has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is the function Search of the file org/springframework/cache/support/AbstractCacheManager.java. This manipulation of the argument s causes cross site scripting. Remote exploitation of the attack i...

5.3CVSS4.4AI score0.00035EPSS
Exploits0References1
EUVD
EUVDadded last week3 views

EUVD-2024-54949

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Akinsoft MyRezzta allows Cross-Site Scripting XSS. This issue affects MyRezzta: from s2.02.02 before v2.05.01...

4.3CVSS5.8AI score0.00043EPSS
Exploits0References3
EUVD
EUVDadded last week3 views

EUVD-2024-54947

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Akınsoft QR Menü allows Cross-Site Scripting XSS. This issue affects QR Menü: from s1.05.05 before v1.05.12...

4.3CVSS5.8AI score0.00043EPSS
Exploits0References3
CVE
CVEadded last week8 views

CVE-2026-42676

The CVE-2026-42676 entry documents a Stored XSS vulnerability in the WordPress myCred plugin, affecting versions from n/a through 3.0.4. The root cause is improper input neutralization during web page generation, enabling injected scripts to be stored and served in pages. Multiple connected sourc...

6.5CVSS5.8AI score0.00034EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded last week5 views

CVE-2026-42676 WordPress myCred plugin <= 3.0.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...

6.5CVSS5.8AI score0.00034EPSS
Exploits0References1
EUVD
EUVDadded last week6 views

EUVD-2026-33687

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...

6.5CVSS5.8AI score0.00034EPSS
Exploits0References1
NVD
NVDadded last week11 views

CVE-2026-48839

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs WP Statistics allows DOM-Based XSS. This issue affects WP Statistics: from n/a through 14.16.6...

7.1CVSS0.00036EPSS
Exploits0References1
NVD
NVDadded last week12 views

CVE-2026-48559

Lightweight Music Server LMS though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metadata tags such as GENRE, ARTIST, or ALBUM. Attackers can introduce a crafted media file into the...

5.4CVSS0.00031EPSS
Exploits1References4
NVD
NVDadded last week8 views

CVE-2026-42683

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.8...

7.1CVSS0.00036EPSS
Exploits0References1
NVD
NVDadded last week15 views

CVE-2026-42681

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in E2Pdf.Com e2pdf allows Reflected XSS. This issue affects e2pdf: from n/a through 1.32.14...

7.1CVSS0.00036EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded last week8 views

CVE-2026-42678 WordPress GiveWP plugin <= 4.14.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liquid Web / StellarWP GiveWP allows DOM-Based XSS. This issue affects GiveWP: from n/a through 4.14.5...

7.1CVSS5.8AI score0.00036EPSS
Exploits0References1
Rows per page
Query Builder