Lucene search
K

490 matches found

CVE
CVE
added 2026/03/11 12:23 a.m.15 views

CVE-2026-27225

CVE-2026-27225 concerns Adobe Experience Manager (AEM) versions 6.5.23 and earlier, with a stored XSS vulnerability in form fields. The underlying issue is inadequate input sanitization/output encoding, allowing a low-privileged attacker to inject malicious JavaScript that may run in a victim’s b...

5.4CVSS5.8AI score0.00167EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/11 12:23 a.m.40 views

CVE-2026-27256 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS0.00167EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/11 12:23 a.m.6 views

EUVD-2026-10963

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.8AI score0.00205EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 12:23 a.m.3 views

CVE-2026-27257

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.8AI score0.00167EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/11 12:23 a.m.6 views

EUVD-2026-11013

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.8AI score0.00167EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/11 12:23 a.m.2 views

CVE-2026-27224 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

5.4CVSS5.8AI score0.00205EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/02/19 5:50 p.m.9 views

INTERPOL Operation Red Card 2.0 Arrests 651 in African Cybercrime Crackdown

An international cybercrime operation against online scams has led to 651 arrests and recovered more than $4.3 million as part of an effort led by law enforcement agencies from 16 African countries. The initiative, codenamed Operation Red Card 2.0, took place between December 8, 2025 and January...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/19 1:28 a.m.16 views

CVE-2025-14289

IBM webMethods Integration Server 12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS5.5AI score0.00162EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.12 views

PT-2026-7227

Name of the Vulnerable Software and Affected Versions SAP affected versions not specified Description An unauthenticated attacker can create malicious links. Clicking these links by a victim redirects them to attacker-controlled sites, potentially exposing or altering sensitive information within...

6.1CVSS5.4AI score0.00165EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.5 views

PT-2026-5823

Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'comment author' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission form to execute arbitrary code in victim browsers...

7.2CVSS5.7AI score0.00234EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/20 12:27 p.m.13 views

CVE-2026-1181

Altium 365 workspace endpoints were configured with an overly permissive Cross-Origin Resource Sharing CORS policy that allowed credentialed cross-origin requests from other Altium-controlled subdomains, including forum.live.altium.com. As a result, JavaScript executing on those origins could...

9CVSS5.5AI score0.00308EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.4 views

PT-2026-2119

Name of the Vulnerable Software and Affected Versions Bokeh versions 3.8.1 and below Description Bokeh is an interactive visualization library written in Python. If a server is configured with an allowlist, an attacker can register a domain and lure a victim to visit it. The malicious site can th...

7.4CVSS6.5AI score0.00159EPSS
Exploits1References17
OSV
OSV
added 2025/12/31 11:15 p.m.4 views

CVE-2025-67710

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

6.1CVSS5.5AI score0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/31 10:13 p.m.3 views

CVE-2025-67703 Stored XSS vulnerability in ArcGIS Server.

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

6.1CVSS6.3AI score0.00193EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/12/23 8:15 a.m.7 views

U.S. DoJ Seizes Fraud Domain Behind $14.6 Million Bank Account Takeover Scheme

The U.S. Justice Department DoJ on Monday announced the seizure of a web domain and database that it said was used to further a criminal scheme designed to target and defraud Americans by means of a bank account takeover scheme. The domain in question, web3adspanels.org, was used as a backend web...

6.6AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/12/18 1:16 p.m.3 views

CVE-2025-40892 Stored Cross-Site Scripting (XSS) in Reports in Guardian/CMC before 25.5.0

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a...

8.9CVSS4.9AI score0.0021EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 7:1 p.m.12 views

CVE-2025-64875

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.4AI score0.00173EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 7:1 p.m.11 views

CVE-2025-64541

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.5AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 7:0 p.m.4 views

CVE-2025-64791

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.5AI score0.00214EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/10 9:31 p.m.7 views

EUVD-2025-202546

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5AI score0.00214EPSS
Exploits0References2
Rows per page
Query Builder