Lucene search
K

10269 matches found

Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.8 views

PT-2026-2474

By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced s...

5.3CVSS6.9AI score0.00287EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.5 views

MiracleLinux 8 : thunderbird-128.7.0-1.el8_10.ML.1 (AXSA:2025-9663:03)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9663:03 advisory. firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7 CVE-2025-1017 firefox:...

9.8CVSS7.2AI score0.01276EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.6 views

PT-2026-2413

Name of the Vulnerable Software and Affected Versions Ametys CMS version 4.4.1 Description Ametys CMS version 4.4.1 has a persistent cross-site scripting issue in the link directory’s input fields for external links. An attacker can inject malicious script code into the link text and descriptions...

6.1CVSS6.7AI score0.00262EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/01/09 12:38 p.m.9 views

CVE-2023-29839

A Stored Cross Site Scripting XSS vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function...

5.4CVSS5.9AI score0.00663EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:30 p.m.6 views

CVE-2023-40068

Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative...

5.4CVSS6.7AI score0.0148EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:30 p.m.6 views

CVE-2023-40851

Cross Site Scripting XSS vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to run arbitrary code via fname, lname, email, and contact fields of the user registration page...

5.4CVSS6.2AI score0.00371EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:27 p.m.9 views

CVE-2018-12304

Cross-site scripting in Application Manager in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via multiple application metadata fields: Short Description, Publisher Name, Publisher Contact, or Website URL...

6.1CVSS6.8AI score0.00826EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:22 p.m.4 views

CVE-2018-14877

An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site Language, Site Title, Site Description, and Site Keywords on the SETTINGS page...

5.4CVSS6.3AI score0.00506EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:37 a.m.5 views

CVE-2003-1031

Cross-site scripting XSS vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as 1 "Interests-Hobbies", 2 "Biography", or 3 "Occupation."...

4.3CVSS6AI score0.01394EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:15 a.m.4 views

CVE-2021-0966

In code generated by BuildParcelFields of generatecpp.cpp, there is a possible way for a crafted parcelable to reveal uninitialized memory of a target process due to uninitialized data. This could lead to local information disclosure across Binder transactions with no additional execution...

5.5CVSS5.7AI score0.00111EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:54 a.m.7 views

CVE-2022-23321

A persistent cross-site scripting XSS vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0...

4.8CVSS5.8AI score0.0077EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:50 a.m.2 views

CVE-2022-37247

Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting XSS via /admin/settings/fields page...

5.4CVSS6AI score0.00446EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:43 a.m.4 views

CVE-2022-26205

Marky commit 3686565726c65756e was discovered to contain a remote code execution RCE vulnerability via the Display text fields. This vulnerability allows attackers to execute arbitrary code via injection of a crafted payload...

9.8CVSS9.1AI score0.01893EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:33 a.m.8 views

CVE-2017-18601

The examapp plugin 1.0 for WordPress has XSS via exam input text fields...

5.4CVSS6AI score0.00658EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:32 a.m.5 views

CVE-2017-18610

The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWPCreateCustomFieldPage.php custom-group-id parameter...

6.1CVSS6AI score0.01159EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:32 a.m.9 views

CVE-2017-18609

The magic-fields plugin before 1.7.2 for WordPress has XSS via the custom-write-panel-id parameter...

6.1CVSS6AI score0.01159EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:19 a.m.8 views

CVE-2019-18347

A stored XSS issue was discovered in DAViCal through 1.1.8. It does not adequately sanitize output of various fields that can be set by unprivileged users, making it possible for JavaScript stored in those fields to be executed by another possibly privileged user. Affected database fields include...

5.4CVSS5.7AI score0.01134EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:16 a.m.7 views

CVE-2019-2104

In HIDL, safeunion, and other C++ structs/unions being sent to application processes, there are uninitialized fields. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:...

5.5CVSS6.4AI score0.0016EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:8 a.m.11 views

CVE-2019-20429

In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic via a modified lmbufcount field due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpcsvcunwraprequest and lustremsghdrsizev2...

7.8CVSS6.8AI score0.01896EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:0 a.m.7 views

CVE-2020-7934

In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload wi...

5.4CVSS5.7AI score0.04457EPSS
Exploits3References1
Rows per page
Query Builder