Lucene search
K

14 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/14 3:5 a.m.1 views

CVE-2026-40289

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge praisonai browser start is vulnerable to unauthenticated remote session hijacking due to missing authentication and a bypassable origin check on its /ws WebSocket...

9.1CVSS5.8AI score0.00356EPSS
Exploits1References2Affected Software2
The Hacker News
The Hacker News
added 2025/12/09 8:7 a.m.12 views

Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data

Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code VS Code Marketplace that are designed to infect developer machines with stealer malware. The VS Code extensions masquerade as a premium dark theme and an artificial intelligence AI-powered coding assistan...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-17276

Malicious code in bioql PyPI...

7.4CVSS7.5AI score0.00436EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-46846

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00254EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-17064

Malicious code in bioql PyPI...

6.3CVSS6.6AI score0.00669EPSS
Exploits0References1
NVD
NVD
added 2024/06/06 11:15 a.m.18 views

CVE-2024-5673

Vulnerability in Dulldusk's PHP File Manager affecting version 1.7.8. This vulnerability consists of an XSS through the fmcurrentdir parameter of index.php. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session...

6.1CVSS5.9AI score0.00254EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/06 10:19 a.m.13 views

CVE-2024-5673 Cross-Site Scripting in PHP File Manager by Dulldusk

Vulnerability in Dulldusk's PHP File Manager affecting version 1.7.8. This vulnerability consists of an XSS through the fmcurrentdir parameter of index.php. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session...

6.1CVSS5.9AI score0.00254EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/13 11:27 a.m.16 views

CVE-2024-4823 Cross-site Scripting in School ERP Pro+Responsive by AROX SOLUTION

Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the index '/schoolerp/officeadmin/' in the parameters esbankacc, esbankname, esbankpin, escheckno, estellernumber, dc1 and dc2. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially...

6.5CVSS5.6AI score0.00471EPSS
Exploits0References1
NVD
NVD
added 2024/03/12 4:15 p.m.17 views

CVE-2024-1304

Cross-site scripting vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows a remote attacker to send a specially crafted javascript payload to an authenticated user and partially hijack their browser session...

6.3CVSS6AI score0.00669EPSS
Exploits0References1
Prion
Prion
added 2024/03/12 4:15 p.m.18 views

Cross site scripting

CMS Made Simple version 2.2.14, does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /admin/moduleinterface.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to ...

4.3CVSS5.9AI score0.00436EPSS
Exploits0References1
Prion
Prion
added 2024/03/12 4:15 p.m.19 views

Cross site scripting

Cross-site scripting vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows a remote attacker to send a specially crafted javascript payload to an authenticated user and partially hijack their browser session...

6.8CVSS6.5AI score0.00669EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/12 3:31 p.m.24 views

CVE-2024-1304 Multiple Vulnerabilities in Badger Meter's Monitool

Cross-site scripting vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows a remote attacker to send a specially crafted javascript payload to an authenticated user and partially hijack their browser session...

6.3CVSS6.2AI score0.00669EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/12 3:22 p.m.30 views

CVE-2024-1528 Cross-site Scripting in CMS Made Simple

CMS Made Simple version 2.2.14, does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /admin/moduleinterface.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to ...

7.4CVSS5.7AI score0.00436EPSS
Exploits0References1
Prion
Prion
added 2019/04/24 4:29 p.m.24 views

Session fixation

Keycloak up to version 6.0.0 allows the end user token access or id token JWT to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user’s browser session...

5.5CVSS4.3AI score0.01024EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder