Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

58 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/04/15 9:0 a.m.3 views

Malicious code in @athena-ui-components/dashboard-widget (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dde903dbeed027bf706e148f4e85f93dd117d93441dddea76703a801a81a5b2d The package @athena-ui-components/dashboard-widget was found to contain malicious code. Source: ossf-package-analysis...

5.7AI score
Exploits0
OSV
OSVadded 2026/04/15 9:0 a.m.2 views

MAL-2026-2681 Malicious code in @athena-ui-components/dashboard-widget (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dde903dbeed027bf706e148f4e85f93dd117d93441dddea76703a801a81a5b2d The package @athena-ui-components/dashboard-widget was found to contain malicious code. Source: ossf-package-analysis...

5.7AI score
Exploits0
RedhatCVE
RedhatCVEadded 2026/02/20 1:22 a.m.1 views

CVE-2026-27178

MajorDoMo aka Major Domestic Module contains a stored cross-site scripting XSS vulnerability through method parameter injection into the shoutbox. The /objects/?method= endpoint allows unauthenticated execution of stored methods with attacker-controlled parameters. Default methods such as...

7.2CVSS5.5AI score0.00044EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/02/18 9:10 p.m.20 views

CVE-2026-27178 MajorDoMo Stored Cross-Site Scripting via Method Parameters to Shoutbox

MajorDoMo aka Major Domestic Module contains a stored cross-site scripting XSS vulnerability through method parameter injection into the shoutbox. The /objects/?method= endpoint allows unauthenticated execution of stored methods with attacker-controlled parameters. Default methods such as...

7.2CVSS0.00044EPSS
Exploits1References3
OSV
OSVadded 2026/02/03 6:5 p.m.3 views

CVE-2026-25482 Craft Commerce has Stored DOM XSS in Order Status Name (Reflects in "Recent Orders" Dashboard Widget)

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored DOM XSS vulnerability exists in the "Recent Orders" dashboard widget. The Order Status Name is rendered via JavaScript string concatenation without proper escaping, allowi...

6.2CVSS5.5AI score0.00024EPSS
Exploits1References6
Snyk
Snykadded 2026/02/02 10:41 p.m.1 views

Cross-site Scripting (XSS)

Overview craftcms/commerce is a Craft Commerce Affected versions of this package are vulnerable to Cross-site Scripting XSS via the value.name field in the dashboard widget. An attacker can execute arbitrary JavaScript in the context of an admin user's browser by injecting malicious scripts into...

6.2CVSS5.5AI score0.00024EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/02/02 12:0 a.m.2 views

PT-2026-6293

Name of the Vulnerable Software and Affected Versions Craft Commerce versions 4.0.0-RC1 through 4.10.0 Craft Commerce versions 5.0.0 through 5.5.1 Description A stored DOM Cross-Site Scripting XSS issue exists within the "Recent Orders" dashboard widget. The Order Status Name is rendered using...

6.2CVSS5.6AI score0.00024EPSS
Exploits1References9
OSV
OSVadded 2025/12/18 8:15 p.m.0 views

CVE-2024-58319

A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Pages dashboard widget configuration dialog. Attackers can exploit this vulnerability to execute malicious scripts in administrative users' browsers...

6.1CVSS5.8AI score
Exploits0References2
CVE
CVEadded 2025/12/18 7:53 p.m.6 views

CVE-2024-58319

A concrete XSS vulnerability affects Kentico Xperience, specifically a reflected cross-site scripting flaw in the Pages dashboard widget configuration dialog. The issue is triggered via the Pages widget settings, enabling an attacker to inject and execute malicious scripts in an administrator’s b...

6.1CVSS6AI score0.00024EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2025/12/18 7:53 p.m.19 views

CVE-2024-58319 Kentico Xperience <= 13.0.160 Pages Dashboard Widget Reflected XSS

A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Pages dashboard widget configuration dialog. Attackers can exploit this vulnerability to execute malicious scripts in administrative users' browsers...

6.1CVSS0.00024EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/12/18 7:53 p.m.0 views

CVE-2024-58319 Kentico Xperience <= 13.0.160 Pages Dashboard Widget Reflected XSS

A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Pages dashboard widget configuration dialog. Attackers can exploit this vulnerability to execute malicious scripts in administrative users' browsers...

6.1CVSS6AI score0.00024EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/12/18 12:0 a.m.2 views

PT-2025-52326

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A reflected cross-site scripting issue exists in Kentico Xperience. This allows attackers to inject malicious scripts through the Pages dashboard widget configuration dialog...

6.1CVSS5.9AI score0.00024EPSS
Exploits0References4
NVD
NVDadded 2025/11/04 5:16 a.m.4 views

CVE-2025-12410

The SH Contextual Help plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation in the shcontextualhelpdashboardwidget function. This makes it possible for unauthenticated attackers to update...

6.1CVSS0.00015EPSS
Exploits0References4
Cvelist
Cvelistadded 2025/11/04 4:27 a.m.10 views

CVE-2025-12410 SH Contextual Help <= 3.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The SH Contextual Help plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation in the shcontextualhelpdashboardwidget function. This makes it possible for unauthenticated attackers to update...

6.1CVSS0.00015EPSS
Exploits0References4
CNNVD
CNNVDadded 2025/11/04 12:0 a.m.1 views

WordPress plugin SH Contextual Help 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

6.1CVSS6.4AI score0.00015EPSS
Exploits0References4
CNNVD
CNNVDadded 2025/10/30 12:0 a.m.1 views

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 2012R1.6, which stems from insufficient...

6.1CVSS6AI score0.00505EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2012-2569

Malware in sbrugna...

4.3CVSS6.4AI score0.00959EPSS
Exploits1References5
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-52922

Malicious code in bioql PyPI...

7.1CVSS8.7AI score0.00144EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-45657

Malicious code in bioql PyPI...

6.5CVSS8.6AI score0.00197EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-28503

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00168EPSS
Exploits0References1
Rows per page
Query Builder