Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5962 matches found

Positive Technologies
Positive Technologiesadded 2024/07/16 12:0 a.m.3 views

PT-2024-5670 · Netcat · Netcat Netshop Cms

Name of the Vulnerable Software and Affected Versions: Netcat Netshop CMS affected versions not specified Description: The issue is related to a cross-site request forgery vulnerability in the netshop CMS module of Netcat. This could allow a remote attacker to execute arbitrary JavaScript code in...

9CVSS7.5AI score
Exploits0References2
Positive Technologies
Positive Technologiesadded 2024/07/16 12:0 a.m.12 views

PT-2024-5676 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS filemanager module affected versions not specified Description: The issue is related to a cross-site request forgery vulnerability in the filemanager module of the Netcat CMS system. This could allow a remote attacker to execute...

9CVSS7.5AI score
Exploits0References2
Positive Technologies
Positive Technologiesadded 2024/07/16 12:0 a.m.5 views

PT-2024-5678 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue exists due to a lack of protection for the web page structure in the filemanager module of the Netcat CMS system. This allows a remote attacker to execute arbitrary JavaScript...

9CVSS7.6AI score
Exploits0References2
Positive Technologies
Positive Technologiesadded 2024/07/16 12:0 a.m.4 views

PT-2024-5686 · Netcat · Netcat Netshop Cms

Name of the Vulnerable Software and Affected Versions: Netcat Netshop CMS affected versions not specified Description: The issue is related to the promotion discount parameter in the Netcat Netshop CMS system, which is vulnerable to cross-site request forgery. This could allow a remote attacker t...

9CVSS7.5AI score
Exploits0References2
Positive Technologies
Positive Technologiesadded 2024/07/16 12:0 a.m.7 views

PT-2024-5683 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS calendar module affected versions not specified Description: The issue is related to a cross-site request forgery vulnerability in the calendar module of the Netcat CMS system. This could allow a remote attacker to execute arbitrar...

9CVSS7.5AI score
Exploits0References2
Positive Technologies
Positive Technologiesadded 2024/07/16 12:0 a.m.7 views

PT-2024-5679 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue exists due to a lack of protection measures for the web page structure in the stats module of the Netcat CMS system. This allows a remote attacker to execute arbitrary JavaScri...

9CVSS7.6AI score
Exploits0References2
Positive Technologies
Positive Technologiesadded 2024/07/16 12:0 a.m.5 views

PT-2024-5674 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue is related to a function in the alter form.php file of the Netcat CMS system, which is vulnerable to cross-site request forgery. This could allow a remote attacker to execute...

9CVSS7.4AI score
Exploits0References2
NVD
NVDadded 2024/07/15 7:15 p.m.13 views

CVE-2024-31946

An issue was discovered in Stormshield Network Security SNS 3.7.0 through 3.7.41, 3.10.0 through 3.11.29, 4.0 through 4.3.24, and 4.4.0 through 4.7.4. A user who has access to the SNS with write access on the email alerts page has the ability to create alert email containing malicious JavaScript,...

4.2CVSS0.00171EPSS
Exploits0References1
Cvelist
Cvelistadded 2024/07/11 1:24 a.m.29 views

CVE-2024-40618

Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension...

0.0037EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2024/07/11 12:0 a.m.6 views

PT-2024-37659

Name of the Vulnerable Software and Affected Versions Bootstrap affected versions not specified Description A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting XSS attacks. The issue is present in the carousel component, where the data-slide and data-slide-...

6.4CVSS6.9AI score0.00494EPSS
Exploits0References28
Positive Technologies
Positive Technologiesadded 2024/07/11 12:0 a.m.5 views

PT-2024-37693

Name of the Vulnerable Software and Affected Versions Bootstrap affected versions not specified Description A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting XSS attacks. The issue is present in the carousel component, where the data-slide and data-slide-...

6.4CVSS7AI score0.00494EPSS
Exploits0References29
CNNVD
CNNVDadded 2024/07/10 12:0 a.m.4 views

Fortinet FortiOS Cross-Site Scripting Vulnerability

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform of the United States Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A cross-site scripting...

7.5CVSS6AI score0.00563EPSS
Exploits0References4
CNNVD
CNNVDadded 2024/07/08 12:0 a.m.3 views

Apache NiFi 安全漏洞

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation and system intermediary logic. Apache NiFi has a security vulnerability that stems from susceptibility to cross-site scripting attacks. An...

5.4CVSS6.2AI score0.24031EPSS
Exploits0References2
CNVD
CNVDadded 2024/07/05 12:0 a.m.5 views

Splunk Enterprise Cross-Site Scripting Vulnerability (CNVD-2024-34270)

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines and cloud. Splunk...

5.4CVSS6.2AI score0.00304EPSS
Exploits0References1
CNVD
CNVDadded 2024/07/05 12:0 a.m.5 views

Splunk Enterprise Cross-Site Scripting Vulnerability (CNVD-2024-34271)

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines and cloud. Splunk...

8.1CVSS6.5AI score0.00547EPSS
Exploits0References1
NVD
NVDadded 2024/07/03 7:15 p.m.17 views

CVE-2024-35234

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only...

6.1CVSS0.00333EPSS
Exploits0References3
CNNVD
CNNVDadded 2024/07/03 12:0 a.m.4 views

Discourse Security Breach

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email, and chat room features. A security vulnerability exists in Discourse that stems from the presence of stored cross-site scripting that allows an attacker to execute arbitra...

6.1CVSS6.3AI score0.00333EPSS
Exploits0References4
OSV
OSVadded 2024/07/01 5:15 p.m.3 views

CVE-2024-36997

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a...

8.1CVSS5.9AI score0.00547EPSS
Exploits0References2
OSV
OSVadded 2024/07/01 5:15 p.m.3 views

CVE-2024-36994

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages that could...

5.4CVSS5.9AI score0.00302EPSS
Exploits0References2
OSV
OSVadded 2024/06/30 4:15 p.m.27 views

PYSEC-2024-176

A reflected Cross-Site Scripting XSS vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a...

6.1CVSS5.9AI score0.00388EPSS
Exploits1References3
Rows per page
Query Builder