Lucene search
+L

678 matches found

malwarebytes
malwarebytes
added 2026/03/09 1:7 p.m.7 views

Fake Claude Code install pages hit Windows and Mac users with infostealers

Attackers are cloning install pages for popular tools like Claude Code and swapping the “one‑liner” install commands with malware, mainly to steal passwords, cookies, sessions, and access to developer environments. Modern install guides often tell you to copy a single command like curl...

5.8AI score
Exploits0
attackerkb
attackerkb
added 2026/03/09 9:4 a.m.3 views

CVE-2025-40638

A reflected Cross-Site Scripting XSS vulnerability has been found in Eventobot. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the 'name' parameter in '/search-results'. This vulnerability can be exploited to steal...

5.1CVSS5.8AI score0.00205EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/03/07 7:59 a.m.7 views

CVE-2025-59542

Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting XSS vulnerability. By injecting malicious JavaScript into the course learning path Settings field, an attacker with a low-privileged account e.g., trainer can execute arbitrary JavaScript cod...

9CVSS5.9AI score0.00299EPSS
Exploits0References1
nvd
nvd
added 2026/03/06 4:16 a.m.7 views

CVE-2025-59542

Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting XSS vulnerability. By injecting malicious JavaScript into the course learning path Settings field, an attacker with a low-privileged account e.g., trainer can execute arbitrary JavaScript cod...

9CVSS0.00299EPSS
Exploits0References2
cnvd
cnvd
added 2026/03/02 12:0 a.m.5 views

Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14354)

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the outgoing.cgi endpoint in the MACHINE and MACHINECOMMENT parameters of the user-supplied data lack of effective...

6.1CVSS5.9AI score0.00225EPSS
Exploits1References1
cvelist
cvelist
added 2026/02/25 7:30 p.m.24 views

CVE-2026-25733 Rucio WebUI Vulnerable to Stored Cross-site Scripting (XSS) through Custom Rule Function

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the Custom Rules function of the WebUI where...

7.3CVSS0.0026EPSS
Exploits1References5
osv
osv
added 2026/02/25 2:36 a.m.7 views

CVE-2026-27621 TypiCMS Core has Stored Cross-Site Scripting (XSS) via SVG File Upload

TypiCMS is a multilingual content management system based on the Laravel framework. A Stored Cross-Site Scripting XSS vulnerability exists in the file upload module of TypiCMS prior to version 16.1.7. The application allows users with file upload permissions to upload SVG files. While there is a...

6.8CVSS5.7AI score0.00188EPSS
Exploits2References4
cve
cve
added 2026/02/25 12:31 a.m.16 views

CVE-2025-67491

OpenEMR vulnerability CVE-2025-67491 affects versions 5.0.0.5–7.0.3.4, with a stored cross-site scripting flaw in the ub04 billing helper. The issue arises when $data is placed in a single-quoted click event handler without proper sanitization, allowing a malicious user to inject JS payloads desp...

8.5CVSS5.2AI score0.00246EPSS
Exploits1References3Affected Software1
nvd
nvd
added 2026/02/23 11:16 a.m.9 views

CVE-2025-40701

Reflected Cross-Site Scripting vulnerability in SOTESHOP, version 8.3.4. THis vulnerability allows an attacker execute JavaScript code in the victim's browser when a malicious URL with the 'id' parameter in '/adsTracker/checkAds' is sent to the victim. The vulnerability can be exploited to steal...

5.1CVSS0.00426EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/02/23 10:31 a.m.7 views

CVE-2025-40986 Reflected Cross-Site Scripting in PideTuCita

Reflected Cross-Site Scripting XSS vulnerability in PideTuCita. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the endpoint 'cookies/indes.php/'. This vulnerability can be exploited to steal confidential user data,...

5.1CVSS5.8AI score0.00419EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/02/21 7:29 p.m.9 views

CVE-2026-27503

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute,...

6.1CVSS5.3AI score0.00155EPSS
Exploits0References1
nvd
nvd
added 2026/02/20 5:25 p.m.7 views

CVE-2026-27503

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute,...

6.1CVSS0.00155EPSS
Exploits0References2
cvelist
cvelist
added 2026/02/20 4:48 p.m.30 views

CVE-2026-27503 SVXportal <= 2.5 admin/log.php Search Reflected XSS

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute,...

6.1CVSS0.00155EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/02/20 12:0 a.m.9 views

PT-2026-21271

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in log.php via the search query parameter. The application embeds the unsanitized parameter value directly into an HTML input value attribute, allowing an unauthenticated remote attacker to inject and execute...

5.1CVSS5.6AI score0.00201EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/02/20 12:0 a.m.13 views

PT-2026-21272

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute,...

5.1CVSS5.3AI score0.00155EPSS
Exploits0References3
osv
osv
added 2026/02/19 1:16 p.m.5 views

CVE-2019-25418

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the FWADDRESSES parameter. Attackers can send POST requests to the /korugan/fwgroups endpoint with script payloads to execute arbitra...

5.1CVSS5.9AI score0.00344EPSS
Exploits1References4
attackerkb
attackerkb
added 2026/02/19 12:2 p.m.6 views

CVE-2019-25424

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the EXCEPTIONSITELIST parameter. Attackers can craft POST requests to the httpsexceptions endpoint with script payloads to execut...

6.1CVSS5.6AI score0.0033EPSS
Exploits1References4Affected Software1
attackerkb
attackerkb
added 2026/02/19 12:2 p.m.12 views

CVE-2019-25418

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the FWADDRESSES parameter. Attackers can send POST requests to the /korugan/fwgroups endpoint with script payloads to execute arbitra...

6.1CVSS5.6AI score0.00344EPSS
Exploits1References4Affected Software1
ptsecurity
ptsecurity
added 2026/02/19 12:0 a.m.10 views

PT-2026-20827

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the EXCEPTIONSITELIST parameter. Attackers can craft POST requests to the https exceptions endpoint with script payloads to execu...

6.1CVSS5.6AI score0.0033EPSS
Exploits1References4
redhatcve
redhatcve
added 2026/02/18 7:30 p.m.6 views

CVE-2026-23861

Dell Unisphere for PowerMax vApp, versions 9.2.4.x, contains an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML o...

5.4CVSS5.9AI score0.00159EPSS
Exploits0References1
Rows per page
Query Builder