Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2018-6860

Malware in sbrugna...

8.8CVSS8.8AI score0.00138EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2023-35984

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.03643EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/22 1:22 a.m.3 views

CVE-2010-1482

Cross-site scripting XSS vulnerability in admin/editprefs.php in the backend in CMS Made Simple CMSMS before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the dateformatstring parameter...

4.3CVSS5.8AI score0.00285EPSS
Exploits3References1
Tenable Nessus
Tenable Nessusadded 2025/03/05 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2024-21501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowi...

5.3CVSS6.6AI score0.01807EPSS
Exploits1References3
wpexploit
wpexploitadded 2024/02/29 12:0 a.m.636 views

LiteSpeed Cache < 5.7.0.1 - Unauthenticated Stored XSS

Description The plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nameservers' and 'msg' parameters due to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user...

8.3CVSS8.3AI score0.80695EPSS
Exploits5References1
wpexploit
wpexploitadded 2023/10/16 12:0 a.m.147 views

Ninja Forms < 3.6.34 - Admin+ Stored XSS

Description The plugin does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfilteredhtml capability can perform this, and such users are already allowed to use JS in posts/comments etc however the...

4.8CVSS5.6AI score0.01621EPSS
Exploits2References1
wpexploit
wpexploitadded 2021/08/09 12:0 a.m.552 views

WPFront Notification Bar < 2.1.0.08087 - Authenticated Stored XSS

The plugin does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. To execute the XSS on all frontend pages and plugin's setting page, add the following payload in the...

5.4CVSS5.1AI score0.00162EPSS
Exploits2
CNVD
CNVDadded 2021/05/10 12:0 a.m.3 views

Catfish Blog V3.9.0 File Upload Vulnerability in Backend

Catfish Blog is an open source free PHP blog. A file upload vulnerability exists in the backend of Catfish Blog V3.9.0, which can be exploited by an attacker to gain control of the server...

7.5AI score
Exploits0
CNVD
CNVDadded 2019/03/12 12:0 a.m.1 views

Command execution vulnerability in the messagingagent module of Xiaoxi MINI smart speaker

Xiao Ai MINI Smart Speaker is an AI-based speaker that can be connected to the Internet. A command execution vulnerability exists in the messagingagent module of the Xiao-ai MINI smart speaker, which can be exploited by an attacker to remotely execute arbitrary commands to the device from the...

7.8AI score
Exploits0
Rows per page
Query Builder