Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1126963 matches found

CVE
CVEadded 2026/06/01 11:45 p.m.14 views

CVE-2026-10514

CVE-2026-10514 affects 1Panel-dev CordysCRM versions up to 1.6.2. The vulnerability targets an unknown function in backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java, enabling cross-site scripting. Remote exploitation is possible, and the exploit has been disclosed publi...

4.8CVSS4.1AI score0.00046EPSS
Exploits0References9
ATTACKERKB
ATTACKERKBadded 2026/06/01 11:45 p.m.7 views

CVE-2026-10514

A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit...

4.8CVSS4.1AI score0.00046EPSS
Exploits0References9Affected Software1
Cvelist
Cvelistadded 2026/06/01 11:45 p.m.34 views

CVE-2026-10514 1Panel-dev CordysCRM RequestParamTrimConfig.java cross site scripting

A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit...

4.8CVSS0.00046EPSS
Exploits0References9
Vulnrichment
Vulnrichmentadded 2026/06/01 11:45 p.m.8 views

CVE-2026-10514 1Panel-dev CordysCRM RequestParamTrimConfig.java cross site scripting

A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit...

4.8CVSS4.1AI score0.00046EPSS
Exploits0References9
GithubExploit
GithubExploitadded 2026/06/01 11:20 p.m.64 views

htb-myexpense-writeup

htb-myexpense...

5.8AI score
Exploits0
NVD
NVDadded 2026/06/01 11:16 p.m.10 views

CVE-2026-24752

Kiteworks is a private data network PDN. Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

8.2CVSS0.00037EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/06/01 11:15 p.m.10 views

CVE-2026-10301

A vulnerability was detected in itsourcecode Fees Management System 1.0. The affected element is an unknown function of the file index.php. Performing a manipulation of the argument page results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be us...

5.3CVSS4.3AI score0.00039EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/01 11:15 p.m.7 views

CVE-2026-10301 itsourcecode Fees Management System index.php cross site scripting

A vulnerability was detected in itsourcecode Fees Management System 1.0. The affected element is an unknown function of the file index.php. Performing a manipulation of the argument page results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be us...

5.3CVSS4.3AI score0.00039EPSS
Exploits0References6
CVE
CVEadded 2026/06/01 11:15 p.m.12 views

CVE-2026-10301

The CVE-2026-10301 entry concerns itsourcecode Fees Management System 1.0. The vulnerability is in an unknown function of index.php, where manipulating the argument page leads to cross-site scripting. The attack vector is remote, and exploitation is public. The available metrics indicate a mix of...

5.3CVSS4.3AI score0.00039EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/06/01 11:15 p.m.34 views

CVE-2026-10301 itsourcecode Fees Management System index.php cross site scripting

A vulnerability was detected in itsourcecode Fees Management System 1.0. The affected element is an unknown function of the file index.php. Performing a manipulation of the argument page results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be us...

5.3CVSS0.00039EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2026/06/01 10:3 p.m.9 views

CVE-2026-36324

SourceCodester Doctor Appointment System 1.0 is vulnerable to Cross Site Scripting XSS due to improper handling of user supplied input in the user registration functionality in register.php...

6.1CVSS5.8AI score0.00031EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/01 10:3 p.m.8 views

CVE-2026-10173

A weakness has been identified in Orthanc Explorer 2 up to 1.12.0. The impacted element is an unknown function of the file WebApplication/src/components/StudyList.vue of the component URL Handler. This manipulation of the argument remote-source causes cross site scripting. It is possible to...

5.3CVSS4.2AI score0.00039EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/01 10:3 p.m.9 views

CVE-2026-10112

A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. Affected is an unknown function of the component Dashboard Page. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

4.8CVSS4AI score0.00032EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/06/01 9:46 p.m.7 views

CVE-2026-24754

Kiteworks is a private data network PDN. Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

5.4CVSS6.1AI score0.0003EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/06/01 9:46 p.m.13 views

CVE-2026-24754

CVE-2026-24754 affects Kiteworks, where a stored XSS vulnerability exists in Secure Data Forms prior to version 9.3.0. An authenticated attacker could execute arbitrary JavaScript in other users’ sessions. The issue is mitigated by upgrading to Kiteworks version 9.3.0 or later, which provides a p...

5.4CVSS6.1AI score0.0003EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/01 9:46 p.m.8 views

CVE-2026-24754 Kiteworks Secure Data Forms Vulnerable to Cross-site Scripting

Kiteworks is a private data network PDN. Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

5.4CVSS6.1AI score0.0003EPSS
Exploits0References1
EUVD
EUVDadded 2026/06/01 9:46 p.m.8 views

EUVD-2026-33837

Kiteworks is a private data network PDN. Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

5.4CVSS6.1AI score0.0003EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/01 9:43 p.m.26 views

CVE-2026-24752 Kiteworks Secure Data Forms Vulnerable to Cross-site Scripting

Kiteworks is a private data network PDN. Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

8.2CVSS0.00037EPSS
Exploits0References1
CVE
CVEadded 2026/06/01 9:43 p.m.13 views

CVE-2026-24752

CVE-2026-24752 affects Kiteworks Secure Data Forms prior to version 9.3.0. A reflected XSS could cause a user to execute arbitrary JavaScript, with patch provided in 9.3.0+. CVSSv3.1 base score 8.2 (HIGH): attack vector NETWORK, privileges required NONE, user interaction REQUIRED, scope CHANGED, ...

8.2CVSS5.9AI score0.00037EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/06/01 9:43 p.m.8 views

CVE-2026-24752

Kiteworks is a private data network PDN. Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

8.2CVSS5.9AI score0.00037EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder