Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5963 matches found

OSV
OSVadded 2024/10/01 4:15 p.m.17 views

CVE-2024-9394

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full...

7.5CVSS8.5AI score
Exploits0References8
OSV
OSVadded 2024/10/01 4:15 p.m.16 views

CVE-2024-9393

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full...

7.5CVSS8.5AI score
Exploits0References8
OSV
OSVadded 2024/10/01 4:15 p.m.2 views

DEBIAN-CVE-2024-9393

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full...

7.5CVSS8.5AI score0.00402EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/10/01 3:13 p.m.15 views

CVE-2024-9394

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full...

6.4AI score0.00498EPSS
Exploits0References6
CNNVD
CNNVDadded 2024/10/01 12:0 a.m.3 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. Mozilla Firefox suffers from an origin validation error that originates...

7.5CVSS9.1AI score0.00402EPSS
Exploits0References9
Positive Technologies
Positive Technologiesadded 2024/10/01 12:0 a.m.4 views

PT-2024-32668 · Microsoft · Nuget Gallery

Name of the Vulnerable Software and Affected Versions: NuGet Gallery affected versions not specified Description: The NuGet Gallery has a security issue in its handling of HTML element attributes. This allows an attacker to execute arbitrary HTML or Javascript code in a victim's browser...

8.2CVSS7.5AI score0.00705EPSS
Exploits0References9
Mozilla
Mozillaadded 2024/10/01 12:0 a.m.42 views

Security Vulnerabilities fixed in Firefox 131 — Mozilla

A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible.This bug only affects Firefox Focus for Android. Other versions of Firefox are unaffecte...

9.8CVSS8.2AI score0.00557EPSS
Exploits0References14Affected Software1
Tenable Nessus
Tenable Nessusadded 2024/10/01 12:0 a.m.20 views

Mozilla Thunderbird < 131.0

The version of Thunderbird installed on the remote Windows host is prior to 131.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-50 advisory. - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the...

9.8CVSS7.8AI score0.00738EPSS
Exploits0References12
Tenable Nessus
Tenable Nessusadded 2024/10/01 12:0 a.m.39 views

Mozilla Firefox < 131.0

The version of Firefox installed on the remote Windows host is prior to 131.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-46 advisory. - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the...

9.8CVSS7.8AI score0.00738EPSS
Exploits0References14
OpenVAS
OpenVASadded 2024/09/30 12:0 a.m.17 views

CKEditor 40.x < 43.1.1 XSS Vulnerability

CKEditor 5 is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.1CVSS6.3AI score0.00489EPSS
Exploits0References1
CNNVD
CNNVDadded 2024/09/27 12:0 a.m.3 views

TopQuadrant TopBraid EDG 安全漏洞

TopQuadrant TopBraid EDG is a knowledge graph creation and management tool from TopQuadrant. A security vulnerability exists in TopQuadrant TopBraid EDG versions prior to 8.0.1, which originated from a vulnerability that allows an authenticated attacker to upload an XML DTD file and execute...

5CVSS6.3AI score0.00271EPSS
Exploits0References3
OSV
OSVadded 2024/09/25 1:27 p.m.12 views

CVE-2024-45613 CKEditor 5 has Cross-site Scripting vulnerability in the clipboard package

CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting XSS vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code...

5.1CVSS6.2AI score0.00489EPSS
Exploits0References4
Veracode
Veracodeadded 2024/09/25 4:42 a.m.3 views

Cross-site Scripting (XSS)

The camaleoncms is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient validation in the image upload functionality, allowing normal registered users to upload SVG images containing JavaScript or upload HTML documents by manually altering the format parameter. If an...

6.4AI score
Exploits0
Positive Technologies
Positive Technologiesadded 2024/09/23 12:0 a.m.4 views

PT-2024-40192 · Unknown · Camaleon Cms +1

Name of the Vulnerable Software and Affected Versions: Camaleon CMS affected versions not specified Description: A stored cross-site scripting issue has been found in the image upload functionality, allowing normal registered users to upload SVG images containing JavaScript or HTML documents by...

4.8CVSS6.6AI score
Exploits0References4
Positive Technologies
Positive Technologiesadded 2024/09/23 12:0 a.m.10 views

PT-2024-8655 · Zimbra · Zimbra Collaboration

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS versions through 10.1 Description: A reflected Cross-Site Scripting XSS issue exists in the Briefcase module due to improper sanitization of file content by the OnlyOffice formatter. This occurs when the victim opens ...

9.7CVSS5.4AI score0.00312EPSS
Exploits0References14
PyPA
PyPAadded 2024/09/20 7:15 p.m.9 views

PYSEC-2024-273

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All...

7.6CVSS5.9AI score0.00709EPSS
Exploits0References1Affected Software1
PyPA
PyPAadded 2024/09/20 7:15 p.m.10 views

PYSEC-2024-272

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All...

7.6CVSS5.9AI score0.00709EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2024/09/20 7:15 p.m.13 views

PYSEC-2024-272

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All...

5.4CVSS5.9AI score0.00709EPSS
Exploits0References1
OSV
OSVadded 2024/09/20 7:15 p.m.10 views

PYSEC-2024-273

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All...

5.4CVSS5.9AI score0.00709EPSS
Exploits0References1
Cvelist
Cvelistadded 2024/09/20 6:53 p.m.29 views

CVE-2024-42346 Stored Cross Site Scripting (Stored XSS) in Galaxy

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All...

7.6CVSS0.00709EPSS
Exploits0References1
Rows per page
Query Builder