Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Cvelist
Cvelistadded 4 days ago26 views

CVE-2026-9061 Agile Store Locator < 1.6.9 - Admin+ Stored XSS via logo_name

The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and outputting it on the Store Locator WordPress plugin before 1.6.9 admin page, allowing high-privileged users such as administrators to perform Stored Cross-Site Scripting attacks...

0.00154EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:26 p.m.4 views

CVE-2026-40567

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database without sanitization a...

5.8CVSS5.6AI score0.00242EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/06/03 12:0 a.m.8 views

PT-2026-46117

Node names long name, short name received via MQTT are stored in SQLite without sanitization and rendered into the DOM without escaping. Any participant on a public Meshtastic MQTT broker can set a malicious node name that executes JavaScript in the browser of every Malla dashboard visitor...

6.3CVSS6.1AI score0.00174EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/04/19 12:0 a.m.1 views

PT-2026-33640

Name of the Vulnerable Software and Affected Versions mailcow: dockerized versions prior to 2026-03b Description A second-order SQL injection exists in the Mailcow API. The endpoint '/api/v1/add/mailbox' stores the quarantine category variable without proper validation or sanitization. This value...

7.2CVSS6AI score0.09874EPSS
Exploits0References8
Positive Technologies
Positive Technologiesadded 2026/04/07 12:0 a.m.2 views

PT-2026-31019

Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, a non-admin user with create events and run events privileges can inject arbitrary JavaScript through job output fields html.content, html.title, table.header, table.rows, table.caption. The...

5.3CVSS6AI score0.00171EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/04/02 2:43 p.m.1 views

CVE-2026-32629

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, an unauthenticated attacker can submit a guest FAQ with an email address that is syntactically valid per RFC 5321 quoted local part yet contains raw HTML — for example ""@evil.com. PHP's FILTERVALIDATEEMAIL accepts this email...

6.4CVSS5.8AI score0.00262EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2026/03/19 8:55 p.m.12 views

CVE-2026-32622

SQLBot (versions ≤ 1.5.x) exposes a Stored Prompt Injection vulnerability consisting of three chained flaws: (1) missing permission check on the Excel upload API allowing any authenticated user to upload malicious terminology, (2) unsanitized storage of terminology descriptions containing dangero...

8.8CVSS6AI score0.00562EPSS
Exploits1References2Affected Software1
exploitpack
exploitpackadded 2011/02/07 12:0 a.m.11 views

jakcms 2.0 pro rc5 - Persistent Cross-Site Scripting via useragent http header Injection

jakcms 2.0 pro rc5 - Persistent Cross-Site Scripting via useragent http header Injection Exploit Title: JAKCMS 2.0 PRO RC5 stored XSS via useragent HTTP header Injection Date: 7-2-2011 Author: Saif El-Sherei Software Link: http://php.opensourcecms.com/scripts/redirect/download.php?id=480 Version:...

0.1AI score
Exploits0
Rows per page
Query Builder