Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8493 matches found

OSV
OSVadded 2025/10/13 12:31 p.m.2 views

GHSA-GXP8-M5RQ-3M38 QGIS QWC2 Cross-Site Scripting vulnerability

Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page...

6.9CVSS6.5AI score0.00401EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2025/10/13 12:31 p.m.7 views

QGIS QWC2 Cross-Site Scripting vulnerability

Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page...

6.9CVSS6.5AI score0.00401EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2025/10/13 10:15 a.m.6 views

CVE-2025-11183

Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page...

6.9CVSS0.00401EPSS
Exploits0References1
CVE
CVEadded 2025/10/13 9:17 a.m.14 views

CVE-2025-11183

CVE-2025-11183. QGIS QWC2’s attribute table is vulnerable to Cross-Site Scripting (XSS) due to improper handling of user input, allowing an authorized attacker to inject and execute arbitrary JavaScript in the user’s browser. Affected version: QWC2

6.9CVSS6.1AI score0.00401EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/10/13 9:17 a.m.1 views

CVE-2025-11183 Cross-Site Scripting Vulnerability in QWC2

Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page...

6.9CVSS6.1AI score0.00401EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/10/13 9:17 a.m.8 views

CVE-2025-11183 Cross-Site Scripting Vulnerability in QWC2

Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page...

6.9CVSS0.00401EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/10/13 12:0 a.m.4 views

PT-2025-41779

Name of the Vulnerable Software and Affected Versions QGIS QWC2 versions prior to 2025.08.14 Description A Cross-Site Scripting issue exists in the attribute table functionality. This allows an authorized attacker to inject arbitrary JavaScript code into the page. Recommendations Update QGIS QWC2...

6.9CVSS6.1AI score0.00401EPSS
Exploits0References4
CNNVD
CNNVDadded 2025/10/13 12:0 a.m.3 views

QGIS QWC2 安全漏洞

QGIS QWC2 is a web front-end client framework from the QGIS organization. A security vulnerability exists in QGIS QWC2 versions prior to 2025.08.14, which stems from a cross-site scripting vulnerability in the attribute table that could lead to an authorized attacker planting arbitrary JavaScript...

6.9CVSS6AI score0.00401EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/10/12 9:32 p.m.8 views

CVE-2025-11647 Tomofun Furbo 360/Furbo Mini GATT Service information disclosure

A flaw has been found in Tomofun Furbo 360 and Furbo Mini. This issue affects some unknown processing of the component GATT Service. This manipulation of the argument DeviceToken causes information disclosure. The attack is only possible within the local network. A high degree of complexity is...

3.1CVSS0.00516EPSS
Exploits1References4
NVD
NVDadded 2025/10/12 9:15 p.m.3 views

CVE-2025-11646

A vulnerability was detected in Tomofun Furbo 360 and Furbo Mini. This vulnerability affects unknown code of the component GATT Service. The manipulation results in improper access controls. The attack can only be performed from the local network. The exploit is now public and may be used. The...

8.1CVSS0.00503EPSS
Exploits1References4
OSV
OSVadded 2025/10/12 9:15 p.m.2 views

CVE-2025-11646

A vulnerability was detected in Tomofun Furbo 360 and Furbo Mini. This vulnerability affects unknown code of the component GATT Service. The manipulation results in improper access controls. The attack can only be performed from the local network. The exploit is now public and may be used. The...

8.1CVSS5.4AI score0.00503EPSS
Exploits1References4
EUVD
EUVDadded 2025/10/12 9:2 p.m.4 views

EUVD-2025-33910

A vulnerability was detected in Tomofun Furbo 360 and Furbo Mini. This vulnerability affects unknown code of the component GATT Service. The manipulation results in improper access controls. The attack can only be performed from the local network. The exploit is now public and may be used. The...

6.3CVSS6.1AI score0.00503EPSS
Exploits1References5
CNNVD
CNNVDadded 2025/10/12 12:0 a.m.3 views

Tomofun Furbo 360和Tomofun Furbo Mini 访问控制错误漏洞

Tomofun Furbo 360 and Tomofun Furbo Mini are both smart pet cameras from Tomofun Corporation of Taiwan, China. An access control error vulnerability exists in Tomofun Furbo 360 FB0035FW036 and earlier versions and Tomofun Furbo Mini MC0020FW074 and earlier versions, which stems from improper acce...

8.1CVSS6.3AI score0.00503EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2025/10/12 12:0 a.m.5 views

PT-2025-41735

Name of the Vulnerable Software and Affected Versions Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074 Description A flaw exists in Tomofun Furbo 360 and Furbo Mini related to the processing of the GATT Service component. Manipulation of the...

3.1CVSS3.5AI score0.00516EPSS
Exploits1References8
RedhatCVE
RedhatCVEadded 2025/10/11 10:31 a.m.5 views

CVE-2025-52632

A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...

6.5CVSS7AI score0.00137EPSS
Exploits0References1
OSV
OSVadded 2025/10/10 10:15 a.m.3 views

CVE-2025-52632

A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...

7.5CVSS5.8AI score0.00137EPSS
Exploits0References1
NVD
NVDadded 2025/10/10 10:15 a.m.9 views

CVE-2025-52632

A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...

7.5CVSS0.00137EPSS
Exploits0References1
CVE
CVEadded 2025/10/10 10:6 a.m.18 views

CVE-2025-52632

CVE-2025-52632 affects HCL AION 2.0 and is described as a Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability. The available connected sources confirm the affected product (HCL AION) and the issue arises in encrypted session cookies lacking the Secure attribute, which can exp...

7.5CVSS6.6AI score0.00137EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2025/10/10 10:6 a.m.2 views

CVE-2025-52632 HCL AION is susceptible to Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability

A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...

6.5CVSS6.6AI score0.00137EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/10/10 10:6 a.m.8 views

CVE-2025-52632 HCL AION is susceptible to Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability

A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...

6.5CVSS0.00137EPSS
Exploits0References1
Rows per page
Query Builder