Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

70 matches found

Nuclei
Nucleiadded yesterday5 views

Vite dev server - Cross-Site Scripting

Vite's dev server, when used with appType: 'custom' and manually invoking server.transformIndexHtml using the unmodified request URL, is vulnerable to XSS via a crafted URL payload. If the HTML being served includes an inline module script ..., an attacker can inject a script via the URL,...

6.1CVSS6.7AI score0.00997EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2026/06/05 7:39 p.m.6 views

CVE-2026-7468

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has bee...

7.5CVSS6.7AI score0.00356EPSS
Exploits0References1
Snyk
Snykadded 2026/05/29 2:7 p.m.3 views

Cross-site Scripting (XSS)

Overview @haxtheweb/haxcms-nodejs is a HAXcms nodejs backend Affected versions of this package are vulnerable to Cross-site Scripting XSS via the saveNode endpoint due to insufficient sanitization of the node.body parameter, allowing event handler attributes without whitespace to bypass the HTML...

8.7CVSS5.4AI score0.00228EPSS
Exploits0References2
OSV
OSVadded 2026/05/21 11:27 a.m.7 views

MAL-2026-4366 Malicious code in @autoheal/setup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a8b8b7d51e8865d048583893b08ad3d3d95a8371963b82adc6bf4b7938fe4c1 When the user runs this setup wizard, bin/setup.js posts the user's GitHub Personal Access Token scope repo,user:email, GitHub repo name, branch,...

6AI score
Exploits0References1
NVD
NVDadded 2026/04/30 1:16 a.m.3 views

CVE-2026-7468

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has bee...

7.5CVSS0.00356EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/04/30 1:0 a.m.30 views

CVE-2026-7468 1024-lab smart-admin Demo Site index.html access control

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has bee...

7.5CVSS0.00356EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/04/30 1:0 a.m.1 views

CVE-2026-7468 1024-lab smart-admin Demo Site index.html access control

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has bee...

7.5CVSS6.9AI score0.00356EPSS
Exploits0References5
CVE
CVEadded 2026/04/30 1:0 a.m.7 views

CVE-2026-7468

The CVE covers 1024-lab smart-admin up to version 3.30.0, affecting an unknown function in /smart-admin-api/druid/index.html of the Demo Site. The issue enables improper access controls via a remote attack, with a publicly disclosed exploit and a PROOF-OF-CONCEPT status in the metrics. Affected p...

7.5CVSS6.9AI score0.00356EPSS
Exploits0References5
EUVD
EUVDadded 2026/04/30 1:0 a.m.3 views

EUVD-2026-26305

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has bee...

7.5CVSS6.9AI score0.00356EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/04/30 12:0 a.m.5 views

smart-admin 安全漏洞

Smart-Admin is a rapid development platform developed by individual developers of 1024-lab. Versions of Smart-Admin prior to 3.30.0 contain security vulnerabilities. These vulnerabilities stem from an unknown feature of the Demo Site component in the /smart-admin-api/druid/index.html file, which...

7.5CVSS7.1AI score0.00356EPSS
Exploits0References1
Snyk
Snykadded 2026/04/29 6:29 p.m.2 views

Cross-site Scripting (XSS)

Overview beets is a media library management system for obsessive music geeks. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the included index.html template. An attacker can execute scripts in a victim’s browser by supplying crafted music metadata fields su...

6CVSS5.6AI score0.00273EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/04/19 8:15 a.m.36 views

CVE-2026-6562 dameng100 muucmf index.html getListByPage sql injection

A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be use...

7.5CVSS0.00274EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/03/28 10:45 a.m.32 views

CVE-2026-4995 wandb OpenUI Window Message Event index.html cross site scripting

A vulnerability was determined in wandb OpenUI up to 1.0. Affected by this vulnerability is an unknown functionality of the file frontend/public/annotator/index.html of the component Window Message Event Handler. This manipulation causes cross site scripting. The attack can be initiated remotely...

5.1CVSS0.00191EPSS
Exploits0References4
CVE
CVEadded 2026/03/28 10:45 a.m.5 views

CVE-2026-4995

wandb OpenUI up to version 1.0 is affected. The vulnerability targets the Window Message Event Handler in frontend/public/annotator/index.html, enabling cross-site scripting. Exploitation can be performed remotely, and the exploit has been publicly disclosed. The vendor was contacted early but di...

5.1CVSS4.3AI score0.00191EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/03/26 3:18 p.m.2 views

CVE-2026-30661

iCMS v8.0.0 contains a Cross-Site Scripting XSS vulnerability in the User Management component, specifically within the index.html file. This allows remote attackers to execute arbitrary web script or HTML via the regip or loginip parameters...

6.1CVSS6.1AI score0.00205EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/03/26 5:31 a.m.1 views

CVE-2026-4845

A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is an unknown function of the file /admin/Member/index.html. This manipulation of the argument Search causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been published and may be used. The...

5.3CVSS4.2AI score0.00337EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/26 5:31 a.m.1 views

CVE-2026-4845 dameng100 muucmf index.html cross site scripting

A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is an unknown function of the file /admin/Member/index.html. This manipulation of the argument Search causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been published and may be used. The...

5.3CVSS4.2AI score0.00337EPSS
Exploits0References4
EUVD
EUVDadded 2026/03/24 3:30 p.m.6 views

EUVD-2026-14893

iCMS v8.0.0 contains a Cross-Site Scripting XSS vulnerability in the User Management component, specifically within the index.html file. This allows remote attackers to execute arbitrary web script or HTML via the regip or loginip parameters...

6.1CVSS6.1AI score0.00205EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/03/24 12:0 a.m.5 views

PT-2026-27434

iCMS v8.0.0 contains a Cross-Site Scripting XSS vulnerability in the User Management component, specifically within the index.html file. This allows remote attackers to execute arbitrary web script or HTML via the regip or loginip parameters...

6.1AI score0.00205EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/03/24 12:0 a.m.3 views

CVE-2026-30661

iCMS v8.0.0 contains a Cross-Site Scripting XSS vulnerability in the User Management component, specifically within the index.html file. This allows remote attackers to execute arbitrary web script or HTML via the regip or loginip parameters...

6.1AI score0.00205EPSS
Exploits1References2
Rows per page
Query Builder