Lucene search
K

376 matches found

Vulnrichment
Vulnrichment
added 2026/03/15 6:34 p.m.3 views

CVE-2015-20114 RealtyScript 4.0.2 Cross-Site Scripting via Multiple Parameters

Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers can craft requests with injected script payloads...

6.1CVSS6AI score0.00274EPSS
Exploits1References3
CVE
CVE
added 2026/03/11 12:23 a.m.35 views

CVE-2026-27242

Adobe Experience Manager fixes for CVE-2026-27242: A stored XSS affecting AEM 6.5.23 and earlier. The vulnerability exists in how form field input is sanitized, allowing a low-privileged attacker to inject malicious JavaScript that executes in a user’s browser when visiting a page containing the ...

5.4CVSS5.8AI score0.00167EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/10 6:31 p.m.4 views

EUVD-2025-208500

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser run arbitrary JavaScript when the victim hovers over a maliciously crafted element on a web server...

5.1CVSS5.9AI score0.00225EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/10 5:6 p.m.28 views

CVE-2025-13902

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser run arbitrary JavaScript when the victim hovers over a maliciously crafted element on a web server...

5.1CVSS0.00225EPSS
Exploits0References1
CVE
CVE
added 2026/03/10 5:6 p.m.20 views

CVE-2025-13902

CVE-2025-13902 describes a Cross-site Scripting (CWE-79) vulnerability that can allow an authenticated attacker to cause a victim’s browser to execute arbitrary JavaScript when the victim visits a page containing a crafted element with the injected payload. The CVSS score is 5.1 (Medium) with NET...

5.4CVSS5.9AI score0.00225EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/10 10:18 a.m.9 views

CLSA-2026-1773137907 nginx: Fix of CVE-2026-1642

CVE-2026-1642: fix upstream TLS proxy vulnerability allowing MITM inject plaintext into proxied responses; enforce strict upstream TLS verification and reject injected plaintext...

8.2CVSS7.4AI score0.00339EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/02 12:0 a.m.4 views

openSUSE 15 Security Update : redis (SUSE-SU-2026:0650-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:0650-1 advisory. This update for redis fixes the following issue: - a user can manipulate data read by a connection by injecting sequences into a Redis error reply bsc1258706...

6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.5 views

PT-2026-22319

The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

6.4CVSS6AI score0.00197EPSS
Exploits0References5
SUSE Linux
SUSE Linux
added 2026/02/26 3:19 p.m.3 views

Security update for redis7

This update for redis7 fixes the following issue: a user can manipulate data read by a connection by injecting sequences into a Redis error reply bsc1258706. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

5.4AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.12 views

PT-2026-21290

Name of the Vulnerable Software and Affected Versions Google Cloud Vertex AI SDK google-cloud-aiplatform versions 1.98.0 through 1.130.9 Description A Stored Cross-Site Scripting XSS issue exists in the genai/ evals visualization component of Google Cloud Vertex AI SDK. This allows an...

8.6CVSS6.2AI score0.00529EPSS
Exploits2References20
OSV
OSV
added 2026/02/19 11:16 p.m.5 views

CVE-2026-1658

User Interface UI Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning. The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users. This issue affects Director...

5.3CVSS5.8AI score0.00242EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/19 7:21 p.m.4 views

CVE-2026-20137

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky...

5.7CVSS5.5AI score0.00222EPSS
Exploits0References1
OSV
OSV
added 2026/02/18 6:24 p.m.5 views

CVE-2026-20137

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky...

5.7CVSS5.8AI score0.00222EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/18 4:45 p.m.6 views

CVE-2026-20137

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky...

3.5CVSS5.5AI score0.00222EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2026/02/18 4:45 p.m.15 views

CVE-2026-20137

CVE-2026-20137 affects Splunk Enterprise (multiple legacy branches) and Splunk Cloud Platform. A low-privilege user lacking admin/power roles can bypass SPL safeguards for risky commands when creating a Data Model containing an injected SPL query within an object, by exploiting a path traversal v...

5.7CVSS5.5AI score0.00222EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.9 views

PT-2026-20468

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9 Splunk Cloud Platform versions prior to 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122 Description A user with limited privileges, lacking the 'admin' or...

5.7CVSS5.8AI score0.00222EPSS
Exploits0References5
NVD
NVD
added 2026/02/12 10:16 p.m.6 views

CVE-2026-26056

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...

8.8CVSS0.004EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/11 11:34 a.m.21 views

CVE-2025-14560 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by injecting malicious conten...

7.3CVSS0.00217EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.12 views

PT-2026-6214

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.0.72 Description Claude Code is an agentic coding tool. A flaw in command parsing allowed bypassing the confirmation prompt, potentially triggering the execution of untrusted commands via the find command...

8.8CVSS5.8AI score0.00562EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.6 views

PT-2026-3142

Name of the Vulnerable Software and Affected Versions Altium Forum affected versions not specified Description A stored cross-site scripting XSS issue exists because of insufficient server-side input validation of forum post content. An authenticated attacker can inject arbitrary JavaScript into...

9CVSS5.9AI score0.00214EPSS
Exploits0References5
Rows per page
Query Builder