Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

58989 matches found

OSV
OSVadded 2026/02/03 7:16 p.m.4 views

CVE-2026-24426

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser...

6.1CVSS5.9AI score0.00188EPSS
Exploits0References2
EUVD
EUVDadded 2026/02/03 7:9 p.m.4 views

EUVD-2026-5183

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser...

5.1CVSS5.5AI score0.00188EPSS
Exploits0References2
NVD
NVDadded 2026/02/03 6:16 p.m.7 views

CVE-2026-24674

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Reflected Cross-Site Scripting XSS vulnerability allows remote attackers to execute arbitrary JavaScript in the context of authenticated users by crafting malicious URLs and...

6.1CVSS0.0018EPSS
Exploits1References1
NVD
NVDadded 2026/02/03 6:16 p.m.5 views

CVE-2020-37103

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...

6.4CVSS0.00291EPSS
Exploits1References4
OSV
OSVadded 2026/02/03 6:16 p.m.3 views

CVE-2019-25264

Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory is viewed by other users...

6.4CVSS5.5AI score
Exploits0References4
NVD
NVDadded 2026/02/03 6:16 p.m.4 views

CVE-2019-25264

Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory is viewed by other users...

6.4CVSS0.00243EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/02/03 6:7 p.m.3 views

CVE-2026-25488

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Tax Categories Name & Descripti...

6.1CVSS5.4AI score0.00261EPSS
Exploits1References5Affected Software1
EUVD
EUVDadded 2026/02/03 4:52 p.m.8 views

EUVD-2020-30988

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...

6.4CVSS5.4AI score0.00291EPSS
Exploits1References4
EUVD
EUVDadded 2026/02/03 4:52 p.m.4 views

EUVD-2019-19380

Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing potential cookie...

6.4CVSS5.1AI score0.00282EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/02/03 4:52 p.m.5 views

CVE-2020-37103

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...

6.4CVSS5.4AI score0.00291EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/02/03 4:52 p.m.33 views

CVE-2019-25265 Online Inventory Manager 3.2 - Persistent Cross-Site Scripting

Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing potential cookie...

6.4CVSS0.00282EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/02/03 4:52 p.m.5 views

CVE-2020-37103 DotNetNuke 9.5 - Persistent Cross-Site Scripting

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...

6.4CVSS5.4AI score0.00291EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/02/03 4:52 p.m.30 views

CVE-2019-25264 Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting

Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory is viewed by other users...

6.4CVSS0.00243EPSS
Exploits0References4
EUVD
EUVDadded 2026/02/03 4:52 p.m.5 views

EUVD-2019-19381

Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory is viewed by other users...

6.4CVSS5.4AI score0.00243EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/02/03 2:4 p.m.5 views

CVE-2026-24043

A flaw was found in jsPDF, a JavaScript library for generating PDFs. A remote attacker can inject arbitrary Extensible Metadata Platform XMP metadata into a generated PDF by providing unsanitized input to the addMetadata function. This XML injection vulnerability can compromise the integrity of t...

6.9CVSS5.4AI score0.00253EPSS
Exploits1References6
RedhatCVE
RedhatCVEadded 2026/02/03 1:52 p.m.6 views

CVE-2026-24737

A flaw was found in jsPDF, a JavaScript library for generating PDFs. A remote attacker could exploit this vulnerability by providing unsanitized input to specific methods within the Acroform module, such as AcroformChoiceField.addOption or AcroFormCheckBox.appearanceState. This allows the attacke...

8.3CVSS5.9AI score0.00457EPSS
Exploits1References6
OSV
OSVadded 2026/02/03 8:16 a.m.3 views

CVE-2026-1592

Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This issue affects pdfonline.foxit.com: before...

5.4CVSS5.9AI score0.00195EPSS
Exploits0References1
NVD
NVDadded 2026/02/03 8:16 a.m.7 views

CVE-2026-1592

Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This issue affects pdfonline.foxit.com: before...

6.3CVSS0.00195EPSS
Exploits0References1
EUVD
EUVDadded 2026/02/03 7:59 a.m.5 views

EUVD-2026-5315

Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This issue affects pdfonline.foxit.com: before...

6.3CVSS5.4AI score0.00195EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/02/03 7:59 a.m.4 views

CVE-2026-1592 Stored XSS via Create New Layer Field found in Foxit PDF Editor Cloud

Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This issue affects pdfonline.foxit.com: before...

6.3CVSS5.4AI score0.00195EPSS
Exploits0References1
Rows per page
Query Builder