Lucene search
K

2728 matches found

Nuclei
Nuclei
added 9 hours ago25 views

Academy LMS 6.0 - Cross-Site Scripting

Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting XSS vulnerability through query parameter. id: CVE-2023-38964 info: name: Academy LMS 6.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Creative Item Academy LMS 6.0 was discovered to...

6.1CVSS6.2AI score0.05338EPSS
Exploits1References2
NVD
NVD
added yesterday2 views

CVE-2026-42839

An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the itemname, description, or image fields of an Item and trigger unescaped rendering in the Point of Sale POS cart interface for every operator who adds that item to a transaction.This issue...

4.8CVSS
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-34158

An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the itemname, description, or image fields of an Item and trigger unescaped rendering in the Point of Sale POS cart interface for every operator who adds that item to a transaction.This issue...

4.8CVSS5.9AI score
Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2026-42839

CVE-2026-42839 describes a stored XSS in ERPNext 16.16.0. An authenticated user with Item record edit permissions can persist arbitrary HTML/JavaScript in item_name, description, or image fields, causing unescaped rendering in the POS cart interface for every operator adding that item to a transa...

4.8CVSS5.9AI score
Exploits0References2
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-42839 ERPNext 16.16.0 - Stored XSS in POS cart item rendering

An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the itemname, description, or image fields of an Item and trigger unescaped rendering in the Point of Sale POS cart interface for every operator who adds that item to a transaction.This issue...

4.8CVSS5.9AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-42839

An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the itemname, description, or image fields of an Item and trigger unescaped rendering in the Point of Sale POS cart interface for every operator who adds that item to a transaction.This issue...

4.8CVSS5.9AI score
Exploits0References3Affected Software1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-42839 ERPNext 16.16.0 - Stored XSS in POS cart item rendering

An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the itemname, description, or image fields of an Item and trigger unescaped rendering in the Point of Sale POS cart interface for every operator who adds that item to a transaction.This issue...

4.8CVSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-46043

Name of the Vulnerable Software and Affected Versions ERPNext version 16.16.0 Description An authenticated user with permissions to edit Item records can inject arbitrary HTML or JavaScript into the item name, description, or image fields of an Item. This leads to unescaped rendering in the Point...

4.8CVSS5.9AI score
Exploits0References5
NVD
NVD
added 2 days ago6 views

CVE-2026-5385

An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7...

8.4CVSS0.00077EPSS
Exploits0References4
OSV
OSV
added 2 days ago4 views

MINI-G4J4-227P-MC36

Bulletin has no description...

7.5CVSS5.7AI score0.00022EPSS
Exploits0
OSV
OSV
added 2 days ago2 views

MINI-P3WX-GP28-RMH7

Bulletin has no description...

5.4CVSS5.7AI score0.00013EPSS
Exploits0
CVE
CVE
added 2 days ago14 views

CVE-2026-10528

Orthanc DICOM Server (

4.8CVSS5.8AI score0.00013EPSS
Exploits0References8
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-33854

A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/FromDcmtkBridge.cpp of the component DCMTK Parser. Performing a manipulation results in stack-based buffer overflow. Attacking...

4.8CVSS5.8AI score0.00013EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2 days ago5 views

PT-2026-45847

An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7...

8.4CVSS5.8AI score0.00077EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-48190

An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X...

3.5CVSS5.8AI score0.00021EPSS
Exploits0References2Affected Software1
CVE
CVE
added 3 days ago9 views

CVE-2026-48190

CVE-2026-48190 describes an incorrect permissions handling in OTRS External Interface and the ConfigItem List module that allows an authenticated customer to query CI information. Affected products/versions include OTRS 7.0.x, 8.0.x, 2023.x–2026.x prior to 2026.4.x, with CMDB enabled and Customer...

3.5CVSS5.8AI score0.00021EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-48190 Incorrect handling of permissions in External Interface Config Item List module

An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X...

3.5CVSS5.8AI score0.00021EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago38 views

CVE-2026-48190 Incorrect handling of permissions in External Interface Config Item List module

An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X...

3.5CVSS0.00021EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 3 days ago7 views

PT-2026-45262

An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X...

3.5CVSS5.8AI score0.00021EPSS
Exploits0References2
OSV
OSV
added 5 days ago3 views

MINI-95FP-QJCQ-2RP2

Bulletin has no description...

6.5CVSS5.7AI score0.00047EPSS
Exploits0
Rows per page
Query Builder