Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

81 matches found

Positive Technologies
Positive Technologiesadded 2026/06/16 12:0 a.m.10 views

PT-2026-49900

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 12.2.1.4.0 Oracle WebCenter Content version 14.1.2.0.0 Description An issue exists in the Content Server component of the Oracle WebCenter Content product within Oracle Fusion Middleware. An unauthenticated...

9.8CVSS5.9AI score0.00473EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/06/16 12:0 a.m.16 views

PT-2026-49922

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 14.1.2.0.0 Description An issue exists in the Content Server component of Oracle WebCenter Content within Oracle Fusion Middleware. An unauthenticated attacker with network access via HTTP can compromise the...

9.6CVSS5.8AI score0.00416EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/06/05 7:28 p.m.7 views

CVE-2026-4336

The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ content in all versions up to, and including, 2.4.7. This is due to the plugin calling htmlentitydecode on postcontent during rendering in the setdisplayvariables function View.FAQ.class.php, line...

6.4CVSS5.7AI score0.00227EPSS
Exploits0References1
vulnersOsv
vulnersOsvadded 2026/05/27 12:37 a.m.4 views

3id-test-helper (>=1.0.0 <=1.0.4), 3nit-utils (>=0.24.0 <=1.0.2) +728 more potentially affected by CVE-2026-44974 via @hapi/content (>=4.1.1 <=5.0.2)

@hapi/content NPM version =4.1.1, =1.0.0, =0.24.0, =6.8.2, =1.4.0, =1.0.0, =0.9.0, =0.1.0, =1.0.1, =2.1.0, =2.5.0-next.11, =2.6.0, =2.7.26 and more Source cves: CVE-2026-44974 Source advisory: OSV:GHSA-36HH-X5P5-JGC8...

5.4AI score0.00052EPSS
Exploits0
The Hacker News
The Hacker Newsadded 2026/05/25 12:2 p.m.25 views

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 CVSS score: 9.4, an SQL injection vulnerability in...

9.4CVSS6.4AI score0.69996EPSS
Exploits6
Positive Technologies
Positive Technologiesadded 2026/05/18 12:0 a.m.11 views

PT-2026-41688

Summary The custom html purify validation rule used to sanitize blog post bodies relies on by-reference mutation ?string &$str, but CodeIgniter 4's validator passes a local copy of the value, so the sanitized text is silently discarded. The Blog controller writes $lanData'content' directly into...

5.4CVSS5.7AI score0.00029EPSS
Exploits0References4
OSV
OSVadded 2026/05/06 11:3 p.m.3 views

GHSA-W4RC-P66M-X6QQ Grav Form Plugin has an Anonymous Page Content Overwrite via Form File Upload filename Override

Summary Tested on Form 9.0.3 released on April, 28th The Form plugin's file upload handler at user/plugins/form/classes/Form.php:583 accepts a POST-supplied filename parameter $filename = $post'filename' ?? $upload'file''name' that overrides the original uploaded filename. The override passes...

8.7CVSS5.8AI score0.00622EPSS
Exploits0References4
CVE
CVEadded 2026/04/03 1:25 p.m.12 views

CVE-2026-28736

Focalboard 8.0 is affected by an IDOR-like issue in the file content endpoint: it fails to validate ownership when serving uploaded files, enabling an authenticated user who knows a victim’s fileID to read that file’s content. The vulnerability stems from insufficient access checks for file retri...

4.3CVSS5.9AI score0.00221EPSS
Exploits0References1Affected Software1
CISA KEV Catalog
CISA KEV Catalogadded 2026/03/05 12:0 a.m.11 views

Apple Multiple products Use-After-Free Vulnerability

Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption...

8.8CVSS5.9AI score0.03817EPSS
In wildExploits1
NVD
NVDadded 2026/02/23 10:16 p.m.6 views

CVE-2026-27742

Bludit version 3.16.2 contains a stored cross-site scripting XSS vulnerability in the post content functionality. The application performs client-side sanitation of content input but does not enforce equivalent sanitation on the server side. An authenticated user can inject arbitrary JavaScript...

5.4CVSS0.00139EPSS
Exploits1References2
Snyk
Snykadded 2026/02/18 3:5 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in getContent in ActionReportResultHtmlProvider.java‎, which is accessible via the REST Management Interface. An attacker can cause an administrator to change the admin password by convincing them to follow a...

9.3CVSS5.5AI score0.01002EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2026/01/09 11:50 a.m.7 views

CVE-2009-4137

The loadContentFromCookie function in core/Cookie.php in Piwik before 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote attackers to execute arbitrary code or upload arbitrary files via vectors related to the destruct function in the...

7.5CVSS8AI score0.16949EPSS
Exploits2References1
RedhatCVE
RedhatCVEadded 2026/01/09 9:17 a.m.3 views

CVE-2025-23642

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pflonk Sidebar-Content from Shortcode sidebar-content-from-shortcode allows DOM-Based XSS.This issue affects Sidebar-Content from Shortcode: from n/a through = 2.0...

6.5CVSS7.2AI score0.00334EPSS
Exploits0References1
Debian CVE
Debian CVEadded 2025/12/17 8:46 p.m.3 views

CVE-2025-43541

A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash...

4.3CVSS6.2AI score0.32EPSS
Exploits0
RedhatCVE
RedhatCVEadded 2025/11/05 2:13 a.m.4 views

CVE-2025-43440

A flaw was found in WebKitGTK. Processing malicious web content can cause JIT issues due to improper checks and result in an unexpected process crash. Mitigation Do not process or load untrusted web content with WebKitGTK. In Red Hat Enterprise Linux 7, the following packages require WebKitGTK4:...

8.8CVSS6.1AI score0.00442EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2019-18209

Malware in sbrugna...

8.8CVSS6.3AI score0.01936EPSS
Exploits0References13
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2010-0149

Malware in sbrugna...

9.3CVSS6.3AI score0.05039EPSS
Exploits0References10
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2021-17766

Malware in sbrugna...

7.8CVSS6.7AI score0.01786EPSS
Exploits0References23
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2020-25090

Malware in sbrugna...

8.8CVSS8.3AI score0.01281EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2021-24943

Malware in sbrugna...

6.5CVSS7.8AI score0.00852EPSS
Exploits0References7
Rows per page
Query Builder