Lucene search
K

2788 matches found

Microsoft CVE
Microsoft CVE
added 2026/06/05 2:0 p.m.11 views

Chromium: CVE-2026-11043 Out of bounds write in ANGLE

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

9.6CVSS5.4AI score0.00301EPSS
Exploits0
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.8 views

school-management-system 跨站脚本漏洞

School-Management-System is a PHP-based school management system developed by Shubham Kumar, an individual developer. The school-management-system has a cross-site scripting vulnerability. This vulnerability stems from multiple attributes of student and teacher objects that contain stored...

5.1CVSS5.2AI score0.00291EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 8:31 a.m.11 views

CVE-2026-34907

Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting XSS due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a malicious URL with JavaScript embedded in the locale parameter and send it to a victim. When the victim opens the link, the...

5.1CVSS5.7AI score0.00285EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-45855

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.12.5 authentik versions prior to 2026.2.3 Description An issue exists in the Simple Flow Executor SFE, which is a component used to manage the sequence of steps in an authentication flow. Due to the...

9.3CVSS5.6AI score0.00355EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

SOPlanning 代码问题漏洞

SOPlanning is a set of online project management software developed by SOPlanning Company. Versions of SOPlanning 1.55 and earlier had code vulnerabilities. These vulnerabilities stemmed from an unvalidated validation of file extensions during upload. This allowed authenticated attackers to uploa...

6.4CVSS5.4AI score0.0031EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/01 12:0 a.m.13 views

SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2026:2109-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2109-1 advisory. This update for MozillaFirefox fixes the following issues Update to Firefox Extended Support Release 140.11.0...

9.8CVSS6AI score0.00605EPSS
Exploits0References51
Microsoft CVE
Microsoft CVE
added 2026/05/31 2:0 p.m.16 views

Chromium: CVE-2026-9898 Insufficient validation of untrusted input in GPU

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.3CVSS5.8AI score0.00228EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/05/29 11:21 p.m.16 views

Chromium: CVE-2026-10022 Type Confusion in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

7.5CVSS5.8AI score0.00151EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/05/29 11:20 p.m.19 views

Chromium: CVE-2026-9965 Out of bounds write in ANGLE

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS5.8AI score0.00243EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/05/29 11:19 p.m.17 views

Chromium: CVE-2026-9878 Use after free in ANGLE

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS5.8AI score0.00312EPSS
Exploits0
NVD
NVD
added 2026/05/29 6:17 p.m.16 views

CVE-2026-6824

A stored cross-site scripting XSS vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject malicious scripts, which are then persistently stored on the device backend. When administrators o...

8.4CVSS0.00373EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/29 4:41 p.m.19 views

CVE-2026-6824 CP Plus 8 Ch. Network Video Recorder Cross-site Scripting

A stored cross-site scripting XSS vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject malicious scripts, which are then persistently stored on the device backend. When administrators o...

8.4CVSS5.7AI score0.00373EPSS
Exploits0References3
Circl
Circl
added 2026/05/28 6:0 p.m.15 views

CVE-2026-9912

creationtimestamp| type| source ---|---|--- 2026-05-28 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260529 2026-05-28 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/microsoft-edge-multiple-vulnerabilities20260529 2026-05-29...

6.5CVSS5.3AI score0.00247EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

Prometheus 跨站脚本漏洞

Prometheus is an open-source software developed in the Go language, used to create real-time metric databases built using the HTTP pull model. Versions of Prometheus from 2.49.0 to 3.5.3, as well as versions before 3.11.3, had a cross-site scripting vulnerability. This vulnerability stemmed from...

5.1CVSS5.7AI score0.00182EPSS
Exploits0References2
CVE
CVE
added 2026/05/22 5:21 p.m.31 views

CVE-2026-39964

TypeBot (viewer at packages/embeds/js) before version 3.16.0 renders rich-text bubble links without filtering javascript: URIs. A bot author can set a link to javascript:PAYLOAD, which executes in the visitor’s browser context when clicked, allowing the attacker’s code to run with the host page’s...

5.4CVSS5.8AI score0.00241EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/20 7:10 p.m.14 views

Embedded Malicious Code

Overview art-template is a simple and superfast templating engine that optimizes template rendering speed by scope pre-declared technique, hence achieving runtime performance which is close to the limits of JavaScript. At the same time, it supports both NodeJS and browser. Affected versions of th...

9.8CVSS7.6AI score0.10593EPSS
Exploits6References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

Open WebUI 跨站脚本漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI that is open source. Versions of Open WebUI prior to 0.9.0 had a cross-site scripting vulnerability. This vulnerability stemmed from the AccountPending.svelte component using marked.parse to render...

4.8CVSS5.7AI score0.0017EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/05/14 6:16 a.m.10 views

CVE-2026-7481

GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to execute arbitrary JavaScript in other users' browsers due to improper input...

8.7CVSS5.9AI score0.00256EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/14 5:34 a.m.10 views

CVE-2026-6073

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to execute arbitrary JavaScript in other users' browsers due to improper input sanitization...

8.7CVSS6.1AI score0.00188EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/14 5:33 a.m.10 views

CVE-2026-7377

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers d...

8.7CVSS6.1AI score0.00256EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder