Lucene search
K

1496 matches found

NVD
NVD
added 2026/03/17 6:16 p.m.7 views

CVE-2026-25770

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, a privilege escalation vulnerability exists in the Wazuh Manager's cluster synchronization protocol. The wazuh-clusterd service allows authenticated...

9.1CVSS0.00969EPSS
Exploits1References1
OSV
OSV
added 2026/03/11 1:16 a.m.4 views

CVE-2026-27231

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

5.4CVSS5.7AI score0.00205EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/11 12:23 a.m.38 views

CVE-2026-27249 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS0.00167EPSS
Exploits0References1
CVE
CVE
added 2026/03/11 12:23 a.m.24 views

CVE-2026-27247

Adobe Experience Manager (AEM) versions 6.5.23 and earlier are affected by a stored XSS vulnerability. The issue arises from insufficient input sanitization/escaping in form fields, allowing a low-privileged attacker to inject malicious JavaScript that is executed in a victim’s browser when visit...

5.4CVSS5.8AI score0.00167EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/11 12:23 a.m.39 views

CVE-2026-27235 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS0.00167EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/11 12:23 a.m.2 views

CVE-2026-27240 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.8AI score0.00167EPSS
Exploits0References1
CVE
CVE
added 2026/03/11 12:23 a.m.15 views

CVE-2026-27257

Adobe Experience Manager 6.5.23 and earlier is affected by a stored XSS vulnerability in form input that can be exploited by a low-privilege attacker to inject JavaScript into pages containing vulnerable fields. Exploitation could cause the injected script to run in a victim’s browser when viewin...

5.4CVSS5.8AI score0.00167EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.3 views

PT-2026-24535

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.8AI score0.00167EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/09 1:42 a.m.6 views

CVE-2026-3672

A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...

6.5CVSS6.3AI score0.00192EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/07 9:32 p.m.33 views

CVE-2026-3672 JeecgBoot getDictItems isExistSqlInjectKeyword sql injection

A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...

6.5CVSS0.00192EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.6 views

Flowise 安全漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior versions of Flowise, including 3.0.13, contained security vulnerabilities. These vulnerabilities stemmed from the possibility for unverified users to inject arbitrary values into internal...

7.7CVSS7.2AI score0.12902EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/05 7:31 p.m.7 views

CVE-2025-40894

A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter. A malicious authenticated user with the required privileges could edit a node label to inject HTML tags. If the system is configured to use the Alert...

5.4CVSS6AI score0.00162EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/04 3:31 a.m.4 views

EUVD-2026-9355

In Concrete CMS below version 9.4.8, A stored cross-site scripting XSS vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search results. This allows authenticated, rogue administrators to inject malicious JavaScript through page nam...

4.8CVSS5.8AI score0.00195EPSS
Exploits1References3
EUVD
EUVD
added 2026/02/27 10:23 p.m.7 views

EUVD-2026-9095

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, stored XSS vulnerability in svg and icon related components allow authenticated users with appropriate permissions to inject malicious JavaScript that executes when viewed by higher-privileg...

8.7CVSS5.8AI score0.00259EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/02/23 12:0 a.m.6 views

Skill-Inject: Measuring Agent Vulnerability to Skill File Attacks

LLM agents are evolving rapidly, powered by code execution, tools, and the recently introduced agent skills feature. Skills allow users to extend LLM applications with specialized third-party code, knowledge, and instructions. Although this can extend agent capabilities to new domains, it creates...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/19 1:28 p.m.5 views

CVE-2026-1649

The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cevenuename' parameter in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS5.7AI score0.00244EPSS
Exploits0References1
CVE
CVE
added 2026/02/18 6:42 a.m.22 views

CVE-2026-1666

CVE-2026-1666 affects the WordPress Download Manager plugin. It is a Reflected Cross-Site Scripting vulnerability in the login form shortcode via the vulnerable redirect_to GET parameter, due to insufficient input sanitization and output escaping. Affected: all versions up to and including 3.3.46...

6.1CVSS5.8AI score0.00264EPSS
Exploits0References5
NVD
NVD
added 2026/02/12 8:16 p.m.6 views

CVE-2019-25345

Realtek IIS Codec Service 6.4.10041.133 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service configuration to inject malicious executables and escalate privileges on the system...

8.5CVSS0.00127EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/02/12 12:0 a.m.9 views

GitLab 18.6 < 18.6.6 / 18.7 < 18.7.4 / 18.8 < 18.8.4 (CVE-2026-1282)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject...

5.4CVSS6AI score0.00162EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/06 7:24 a.m.6 views

EUVD-2026-5610

The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formtitle' parameter in the searchemployeedirectory shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.6AI score0.00235EPSS
Exploits0References5
Rows per page
Query Builder