Lucene search
+L

246 matches found

nvd
nvd
added last week6 views

CVE-2026-55481

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, default.blade.php renders headercolor and related branding color settings inside a CSS style block with HTML escaping that is insufficient for the CSS context, allowing a superadmin to inject arbitrary CSS that affects authenticat...

6.2CVSS0.00236EPSS
Exploits0References4
cvelist
cvelist
added 2026/07/09 8:43 p.m.32 views

CVE-2026-60120 Bagisto < 2.4.4 Stored XSS via CSTI in create.blade.php

Bagisto before 2.4.4 contains a stored cross-site scripting vulnerability via client-side template injection that allows unauthenticated attackers to execute arbitrary JavaScript in administrator browsers by registering a customer account with malicious payload in the first or last name field. Th...

5.4CVSS0.00201EPSS
Exploits0References3
cve
cve
added 2026/07/09 8:43 p.m.10 views

CVE-2026-60120

Bagisto CVE-2026-60120 affects Bagisto before 2.4.4. It is a stored XSS via client-side template injection: an unauthenticated attacker registers a customer with malicious payload in the first or last name, causing the Create Order page to render in administrator browsers and execute arbitrary Ja...

5.4CVSS6.1AI score0.00201EPSS
Exploits0References3
githubexploit
githubexploit
added 2026/06/12 2:49 p.m.90 views

Exploit for CVE-2022-38694

ZTE Blade X1001 — Root con Magisk Android 15, Unisoc UMS9230...

7.8CVSS5.2AI score0.00565EPSS
Exploits2
redhatcve
redhatcve
added 2026/06/05 7:29 p.m.13 views

CVE-2026-37503

Cross-Site Scripting XSS in V2Board thru 1.7.4. The customhtml field in theme configuration is rendered using Blade unescaped output in public/theme/v2board/dashboard.blade.php. An admin can inject arbitrary JavaScript via the saveThemeConfig API. All site visitors execute the payload, enabling...

6.9CVSS5.5AI score0.00191EPSS
Exploits1References1
cvelist
cvelist
added 2026/05/26 12:57 p.m.45 views

CVE-2026-48134 SQL injection issue in UserCheck Portal when DLP Software Blade is active

When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to...

5.6CVSS0.04356EPSS
Exploits0References1
euvd
euvd
added 2026/05/19 9:9 p.m.12 views

EUVD-2026-30987

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability in the ticket reply notification system. Unsanitized reply content $newmessage is stored directly in database notification payloads and later rendered...

8.7CVSS6AI score0.00349EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/19 12:0 a.m.9 views

CtrlPanel.gg 跨站脚本漏洞

CtrlPanel.gg is an open-source hosting service billing management tool developed by CtrlPanel.gg. Versions of CtrlPanel.gg 1.1.1 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the content of responses in the ticket reply system was not...

8.7CVSS5.6AI score0.00349EPSS
Exploits0References1
nvd
nvd
added 2026/05/08 3:16 p.m.15 views

CVE-2026-41576

Brave CMS is an open-source CMS. Prior to commit 6c56603, the contact form is publicly accessible no authentication required. User-supplied message text is passed through PHP's nl2br function, which converts newlines to tags but does not escape HTML. The resulting string is then passed to a Blade...

7.1CVSS0.00271EPSS
Exploits0References2
nvd
nvd
added 2026/05/08 3:16 p.m.14 views

CVE-2026-41524

Brave CMS is an open-source CMS. Prior to commit 6c56603, page and article body content entered through the CKEditor rich-text editor is stored verbatim in the database and subsequently rendered with Laravel Blade's unescaped output directive !! !!. Any JavaScript or HTML injected by an editor-ro...

8.7CVSS0.00207EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/08 2:50 p.m.11 views

CVE-2026-41576 Ajax30/BraveCMS-2.0: Stored HTML Injection in Contact Email via nl2br() and Unescaped Blade Template

Brave CMS is an open-source CMS. Prior to commit 6c56603, the contact form is publicly accessible no authentication required. User-supplied message text is passed through PHP's nl2br function, which converts newlines to tags but does not escape HTML. The resulting string is then passed to a Blade...

7.1CVSS5.9AI score0.00271EPSS
Exploits0References2
cvelist
cvelist
added 2026/05/08 2:50 p.m.38 views

CVE-2026-41576 Ajax30/BraveCMS-2.0: Stored HTML Injection in Contact Email via nl2br() and Unescaped Blade Template

Brave CMS is an open-source CMS. Prior to commit 6c56603, the contact form is publicly accessible no authentication required. User-supplied message text is passed through PHP's nl2br function, which converts newlines to tags but does not escape HTML. The resulting string is then passed to a Blade...

7.1CVSS0.00271EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/05/08 12:0 a.m.15 views

PT-2026-39140

Name of the Vulnerable Software and Affected Versions Brave CMS versions prior to commit 6c56603 Description The contact form is publicly accessible without authentication. User-supplied message text is processed by the nl2br function, which converts newlines to tags but fails to escape HTML. Thi...

7.1CVSS5.9AI score0.00271EPSS
Exploits0References5
osv
osv
added 2026/05/01 12:0 a.m.3 views

CVE-2026-37503

Cross-Site Scripting XSS in V2Board thru 1.7.4. The customhtml field in theme configuration is rendered using Blade unescaped output in public/theme/v2board/dashboard.blade.php. An admin can inject arbitrary JavaScript via the saveThemeConfig API. All site visitors execute the payload, enabling...

6.9CVSS5.9AI score0.00191EPSS
Exploits1References4
cvelist
cvelist
added 2026/05/01 12:0 a.m.36 views

CVE-2026-37503

Cross-Site Scripting XSS in V2Board thru 1.7.4. The customhtml field in theme configuration is rendered using Blade unescaped output in public/theme/v2board/dashboard.blade.php. An admin can inject arbitrary JavaScript via the saveThemeConfig API. All site visitors execute the payload, enabling...

6.9CVSS0.00191EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2026/05/01 12:0 a.m.14 views

PT-2026-36484

Name of the Vulnerable Software and Affected Versions V2Board versions prior to 1.7.5 Description Cross-Site Scripting XSS occurs when the custom html field in the theme configuration is rendered using unescaped Blade output in the 'public/theme/v2board/dashboard.blade.php' file. An administrator...

6.9CVSS6AI score0.00191EPSS
Exploits1References5
cve
cve
added 2026/04/30 10:45 p.m.14 views

CVE-2026-7508

Bootstrap CMS 0.9.0-alpha is affected by a code-injection vulnerability in the Page Creation Handler, specifically via the file resources/views/pages/show.blade.php where manipulating the body argument triggers injection. Remote exploitation is possible and an exploit has been published. The proj...

6.5CVSS6.3AI score0.00233EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/04/30 10:45 p.m.5 views

CVE-2026-7508 Bootstrap CMS Page Creation show.blade.php code injection

A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a manipulation of the argument body results in code injection. Remote exploitation of the attack is possible...

6.5CVSS6.3AI score0.00233EPSS
Exploits0References4
snyk
snyk
added 2026/04/30 6:23 p.m.10 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /ureport/datasource/testConnection endpoint. An authenticated user can access internal network resources by sending a malicious GET request. Remediation There is no fixed version for...

5.3CVSS5.8AI score0.00172EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/04/30 12:0 a.m.11 views

SpringBlade 跨站脚本漏洞

SpringBlade is a microservices development platform developed by Blade China. Version 4.8.0 of SpringBlade contains a cross-site scripting vulnerability. This vulnerability stems from the /api/blade-desk/notice/submit endpoint, where a stored cross-site script exists. This could allow attackers t...

6.1CVSS5.9AI score0.00187EPSS
Exploits0References1
Rows per page
Query Builder