Lucene search
+L

648102 matches found

NVD
NVD
added 45 minutes ago3 views

CVE-2026-9585

An unauthenticated reflected cross-site scripting XSS vulnerability exists in Sangoma Switchvox SMB Edition version 8.3 104997. The application fails to properly sanitize the portal parameter supplied to the invalidbrowser and invalidbrowserlogin handlers. User-supplied data is reflected into...

8.6CVSS
Exploits0References2
NVD
NVD
added 45 minutes ago3 views

CVE-2026-49210

Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0 until 2.36.0 and 3.1.0, Symfony\UX\LiveComponent\Util\ChildComponentPartialRenderer::createHtml interpolates the client-controlled childrenid.tag value from LiveComponentSubscriber and InterceptChildComponentRenderSubscriber directly in...

2.3CVSS
Exploits0References4
The Hacker News
The Hacker News
added 50 minutes ago3 views

New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens

A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator's own dashboard claims 3,811 unique AWS keys. A Shodan harvester keeps the scan queue stocked with ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio: the image generators, local model runners, an...

5.7AI score
Exploits0
Github Security Blog
Github Security Blog
added 54 minutes ago3 views

vLLM has Remote DoS via Invalid Recovered Token Reinjection

Summary A frontend-legal multi-request speculative workload can make vLLM produce an out-of-vocabulary recovered token equal to vocabsize, convert that value to -1 when choosing the next live token for a request, and then feed that -1 back into the next drafter input ids. On Qwen3 GPTQ this reach...

7.5CVSS5.5AI score0.00343EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 1 hour ago6 views

CVE-2026-49210 Symfony UX: XSS in symfony/ux-live-component via attacker-controlled child component tag

Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0 until 2.36.0 and 3.1.0, Symfony\UX\LiveComponent\Util\ChildComponentPartialRenderer::createHtml interpolates the client-controlled childrenid.tag value from LiveComponentSubscriber and InterceptChildComponentRenderSubscriber directly in...

2.3CVSS
Exploits0References4
CVE
CVE
added 1 hour ago19 views

CVE-2026-49210

Summary: CVE-2026-49210 affects Symfony UX LiveComponent’s ChildComponentPartialRenderer::createHtml(), where client-controlled children[id].tag is interpolated into HTML as a tag name without validation/escaping, enabling an attacker to inject arbitrary HTML (including [removed] tags) during a L...

2.3CVSS5.4AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 1 hour ago4 views

CVE-2026-49210 Symfony UX: XSS in symfony/ux-live-component via attacker-controlled child component tag

Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0 until 2.36.0 and 3.1.0, Symfony\UX\LiveComponent\Util\ChildComponentPartialRenderer::createHtml interpolates the client-controlled childrenid.tag value from LiveComponentSubscriber and InterceptChildComponentRenderSubscriber directly in...

2.3CVSS5.4AI score
Exploits0References4
Cvelist
Cvelist
added 2 hours ago4 views

CVE-2026-9585 Unauthenticated Reflected Cross-Site Scripting (XSS) in Switchvox SMB Web Portal

An unauthenticated reflected cross-site scripting XSS vulnerability exists in Sangoma Switchvox SMB Edition version 8.3 104997. The application fails to properly sanitize the portal parameter supplied to the invalidbrowser and invalidbrowserlogin handlers. User-supplied data is reflected into...

8.6CVSS
Exploits0References2
CVE
CVE
added 2 hours ago5 views

CVE-2026-9585

CVE-2026-9585 affects Sangoma Switchvox SMB Edition 8.3 (104997). The vulnerability is an unauthenticated reflected XSS in the portal parameter sent to invalid_browser and invalid_browser_login handlers, where user-supplied data is reflected into JavaScript, enabling attacker-controlled script ex...

8.6CVSS5.3AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2 hours ago4 views

CVE-2026-9585 Unauthenticated Reflected Cross-Site Scripting (XSS) in Switchvox SMB Web Portal

An unauthenticated reflected cross-site scripting XSS vulnerability exists in Sangoma Switchvox SMB Edition version 8.3 104997. The application fails to properly sanitize the portal parameter supplied to the invalidbrowser and invalidbrowserlogin handlers. User-supplied data is reflected into...

8.6CVSS5.3AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 hours ago3 views

CVE-2026-9585

An unauthenticated reflected cross-site scripting XSS vulnerability exists in Sangoma Switchvox SMB Edition version 8.3 104997. The application fails to properly sanitize the portal parameter supplied to the invalidbrowser and invalidbrowserlogin handlers. User-supplied data is reflected into...

8.6CVSS5.3AI score
Exploits0References3
GithubExploit
GithubExploit
added 4 hours ago8 views

Exploit for Path Traversal in Gogs

CVE-2025-8110 — Gogs Arbitrary File Write PoC Proof-of-conc...

8.8CVSS8AI score0.7654EPSS
Exploits18
SUSE CVE
SUSE CVE
added 5 hours ago3 views

SUSE CVE-2026-47082

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The vacation "fcc" feature skips the destination-mailbox ACL. A user whose vacation Sieve script used :fcc to save a copy of the sent message could deliver vacation auto-reply copies into any mailbox the script could name,...

5.4CVSS5.3AI score
Exploits0References3
The Hacker News
The Hacker News
added 9 hours ago9 views

ACR Stealer Uses ClickFix Lures to Steal Browser Tokens and Microsoft 365 Files

ACR Stealer, an infostealer in circulation since 2024, is walking out of enterprise networks with saved browser passwords, live session tokens, PDFs, Microsoft 365 documents, and files from synced OneDrive and SharePoint folders. It gets in because someone pasted a command into a Run box and...

6.4AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 9 hours ago3 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.13.0 Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision...

8.7CVSS6.3AI score0.00549EPSS
Exploits3Affected Software1
Vulnrichment
Vulnrichment
added 11 hours ago2 views

CVE-2026-9656 HubSpot All-In-One Marketing <= 11.3.62 - Authenticated (Contributor+) Sensitive Information Exposure via Block Editor Localized Script

The HubSpot All-In-One Marketing – Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.62 via the wplocalizescript / window.leadinConfig JavaScript object. This makes it possible for authenticated attackers, with...

4.3CVSS5.3AI score
Exploits0References6
Cvelist
Cvelist
added 11 hours ago12 views

CVE-2026-9656 HubSpot All-In-One Marketing <= 11.3.62 - Authenticated (Contributor+) Sensitive Information Exposure via Block Editor Localized Script

The HubSpot All-In-One Marketing – Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.62 via the wplocalizescript / window.leadinConfig JavaScript object. This makes it possible for authenticated attackers, with...

4.3CVSS
Exploits0References6
Nuclei
Nuclei
added 13 hours ago70 views

ClinicCases 7.3.3 Cross-Site Scripting

ClinicCases 7.3.3 is susceptible to multiple reflected cross-site scripting vulnerabilities that could allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft. id: CVE-2021-38704 info: name:...

6.1CVSS6AI score0.03521EPSS
Exploits1References5
Nuclei
Nuclei
added 13 hours ago86 views

phpMyAdmin < 5.1.2 - Cross-Site Scripting

An issue was discovered in phpMyAdmin 5.1 before 5.1.2 that could allow an attacker to inject malicious code into aspects of the setup script, which can allow cross-site or HTML injection. id: CVE-2022-23808 info: name: phpMyAdmin 5.1.2 - Cross-Site Scripting author: cckuailong,daffainfo severity...

6.1CVSS6AI score0.07936EPSS
Exploits2References5
Nuclei
Nuclei
added 13 hours ago48 views

Netsweeper 4.0.4 - Cross-Site Scripting

A cross-site scripting vulnerability in remotereporter/loadlogfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter. id: CVE-2014-9607 info: name: Netsweeper 4.0.4 - Cross-Site Scripting author: daffainfo severity: medium...

6.1CVSS6.1AI score0.05452EPSS
Exploits1References4
Rows per page
Query Builder