Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

222284 matches found

Positive Technologies
Positive Technologiesadded 2026/03/21 12:0 a.m.4 views

PT-2026-26839

The Ed's Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eds font awesome shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6AI score0.00243EPSS
Exploits0References5
EUVD
EUVDadded 2026/03/20 3:31 p.m.1 views

EUVD-2026-13694

An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A stored cross-site scripting XSS vulnerability exists in the Zimbra Briefcase feature due to insufficient sanitization of specific uploaded file types. When a user opens a publicly shared Briefcase file containing malicious...

5.8AI score0.00205EPSS
Exploits0References5
Veracode
Veracodeadded 2026/03/20 7:30 a.m.6 views

Cross Site Scripting (XSS)

code.gitea.io/gitea is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of URL schemes in links, which allows an attacker to inject malicious javascript: URLs and execute arbitrary scripts in a user's browser...

5.4CVSS7.5AI score0.00222EPSS
Exploits0References5Affected Software2
Cvelist
Cvelistadded 2026/03/20 12:0 a.m.22 views

CVE-2026-33370

An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A stored cross-site scripting XSS vulnerability exists in the Zimbra Briefcase feature due to insufficient sanitization of specific uploaded file types. When a user opens a publicly shared Briefcase file containing malicious...

0.00205EPSS
Exploits0References4
CVE
CVEadded 2026/03/20 12:0 a.m.4 views

CVE-2026-33370

CVE-2026-33370 : In Zimbra Collaboration (ZCS) 10.0 and 10.1, the Briefcase feature is affected by a stored XSS due to insufficient sanitization of specific uploaded file types. When a user opens a publicly shared Briefcase file containing malicious scripts, the embedded JavaScript can execute in...

6.1CVSS5.8AI score0.00205EPSS
Exploits0References4Affected Software1
NVD
NVDadded 2026/03/19 11:16 p.m.3 views

CVE-2026-30874

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...

7.8CVSS0.00296EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/03/19 10:36 p.m.17 views

CVE-2026-30874 OpenWrt procd PATH Environment Variable Filter Bypass via Incorrect String Comparison Leads to Privilege Escalation

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...

1.8CVSS0.00296EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/03/19 10:36 p.m.6 views

CVE-2026-30874 OpenWrt procd PATH Environment Variable Filter Bypass via Incorrect String Comparison Leads to Privilege Escalation

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...

1.8CVSS5.8AI score0.00296EPSS
Exploits0References2
CVE
CVEadded 2026/03/19 10:36 p.m.14 views

CVE-2026-30874

OpenWrt procd PATH environment variable filter bypass (CVE-2026-30874). In OpenWrt versions prior to 24.10.6, hotplug_call does not exclude PATH due to a strcmp vs strncmp bug, allowing a local attacker to influence which binaries are executed by procd-invoked scripts with elevated privileges, po...

7.8CVSS5.8AI score0.00296EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/03/19 8:56 p.m.5 views

EUVD-2026-13194

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a cross-site scripting vulnerability that arises because the system trusts the raw output from an AI Large Language Model LLM and renders it using htmlSafe in the Review Queue interfa...

5.1CVSS5.7AI score0.00324EPSS
Exploits0References4
EUVD
EUVDadded 2026/03/19 9:30 a.m.2 views

EUVD-2026-13075

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may allow the attacker steal cookie-based authentication credential...

5.4CVSS5.8AI score0.00164EPSS
Exploits0References2
NVD
NVDadded 2026/03/19 9:16 a.m.3 views

CVE-2026-21788

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may allow the attacker steal cookie-based authentication credential...

5.4CVSS0.00164EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/03/19 4:27 a.m.2 views

CVE-2026-1238

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fh' fingerprint parameter in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS6AI score0.00255EPSS
Exploits0References5
EUVD
EUVDadded 2026/03/19 3:30 a.m.4 views

EUVD-2026-13016

OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite operator approval of different command text...

6.7CVSS6.1AI score0.0013EPSS
Exploits0References4
OSV
OSVadded 2026/03/19 3:30 a.m.2 views

GHSA-G87J-GM7P-6VW2 Duplicate Advisory: OpenClaw's Node system.run approval hardening wrapper semantic drift can execute unintended local scripts

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h3rm-6x7g-882f. This link is maintained to preserve external references. Original Description OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting...

6.7CVSS6AI score0.0013EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2026/03/19 3:30 a.m.8 views

Duplicate Advisory: OpenClaw's Node system.run approval hardening wrapper semantic drift can execute unintended local scripts

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h3rm-6x7g-882f. This link is maintained to preserve external references. Original Description OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting...

6.7CVSS6AI score0.0013EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2026/03/19 2:16 a.m.1 views

CVE-2026-31999

OpenClaw versions 2026.2.26 prior to 2026.3.1 on Windows contain a current working directory injection vulnerability in wrapper resolution for .cmd/.bat files that allows attackers to influence execution behavior through cwd manipulation. Remote attackers can exploit improper shell execution...

7.8CVSS6.1AI score
Exploits0References2
OSV
OSVadded 2026/03/19 2:16 a.m.3 views

CVE-2026-29608

OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite operator approval of different command text...

6.7CVSS6.2AI score
Exploits0References3
NVD
NVDadded 2026/03/19 2:16 a.m.4 views

CVE-2026-29608

OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite operator approval of different command text...

6.7CVSS0.0013EPSS
Exploits0References3
CVE
CVEadded 2026/03/19 1:0 a.m.9 views

CVE-2026-29608

OpenClaw 2026.3.1 contains an approval-integrity vulnerability in the system.run node-host path where argv rewriting changes the executed command. The issue allows an attacker to place a local script in the approved working directory and have it run instead of the text shown to the operator, desp...

6.7CVSS6.1AI score0.0013EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder