Lucene search
K

905 matches found

ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-53641

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have a stored cross-site scripting XSS vulnerability in the client-facing email history views of FOSSBilling. Email HTML content contenthtml is rendered into a JavaScript template literal using t...

4.8CVSS5.9AI score0.00286EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added last week6 views

EUVD-2026-41153

Craft CMS: Stored XSS via Structure entry title in table view...

5.9CVSS5.9AI score0.00412EPSS
Exploits0References3
EUVD
EUVD
added last week6 views

EUVD-2026-41209

Craft CMS: DOM XSS via GitHub issue title in CraftSupport widget...

7.4CVSS5.9AI score0.00311EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/03 7:53 a.m.8 views

EUVD-2026-41522

The GenerateBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Headline Block 'linkMetaFieldType' Dynamic Link Attribute in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6.1AI score0.00215EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/07/02 4:52 p.m.7 views

CVE-2026-8699

A stored Cross-Site Scripting XSS vulnerability has been identified in the web-based management interface of Archer C5 v6.8 routers, due to insufficient server-side validation and lack of proper output encoding of user-controlled input in a certain field. An attacker with administrative privilege...

7CVSS6AI score0.00177EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 11:16 p.m.10 views

CVE-2026-55790

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22 and 4.0.0-RC1 through 4.17.15, an attacker with only a GitHub account can plant a JavaScript payload in a craftcms/cms issue title. When a Craft admin uses the CraftSupport widget’s "Give feedback" screen and types...

7.4CVSS0.00311EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/01 10:57 p.m.5 views

CVE-2026-55790

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22 and 4.0.0-RC1 through 4.17.15, an attacker with only a GitHub account can plant a JavaScript payload in a craftcms/cms issue title. When a Craft admin uses the CraftSupport widget’s "Give feedback" screen and types...

7.4CVSS5.8AI score0.00311EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/01 9:57 p.m.6 views

CVE-2026-55793

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...

5.9CVSS5.7AI score0.00412EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.13 views

PT-2026-54859

Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 through 5.9.22 Craft CMS versions 4.0.0-RC1 through 4.17.15 Description An attacker with a GitHub account can inject a JavaScript payload into a craftcms/cms issue title. The payload executes within the control pan...

7.4CVSS5.8AI score0.00311EPSS
Exploits0References10
OSV
OSV
added 2026/06/26 4:48 p.m.6 views

PYSEC-2026-236 Malicious code in pyphetools (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, malicious phantom releases of pyphetools were published to PyPI using stolen credentials. The package executes a bundled JavaScript payload via the Bun runtime on import that harvests and exfiltrates credentials and...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/26 2:17 p.m.4 views

PYSEC-2026-234 Malicious code in phenopacket-store-toolkit (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, malicious phantom releases of phenopacket-store-toolkit were published to PyPI using stolen credentials. The package executes a bundled JavaScript payload via the Bun runtime on import that harvests and exfiltrates...

5.8AI score
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 8:11 p.m.31 views

CVE-2026-47387 NocoDB: Stored Cross-Site Scripting via Form View Redirect URL

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared form-view submit handler packages/nc-gui/composables/useSharedFormViewStore.ts in NocoDB writes the form's redirecturl to window.location.href after a same-host check that does not validate the URL scheme. A...

8.4CVSS0.00234EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 8:11 p.m.33 views

CVE-2026-47387

NocoDB (the issue CVE-2026-47387) has a stored XSS due to the shared form-view redirect_url handling. The vulnerable sink in packages/nc-gui/composables/useSharedFormViewStore.ts validates only string/non-empty redirect_url and fails to validate URL schemes, causing non-network schemes (e.g., jav...

8.4CVSS5.9AI score0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/21 1:27 p.m.35 views

CVE-2026-56395 SiYuan - Remote Code Execution via Malicious Bazaar Package Metadata and README

SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads in package...

9.6CVSS0.00391EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.13 views

PT-2026-51059

Name of the Vulnerable Software and Affected Versions @tinacms/cli versions prior to 2.4.3 Description @tinacms/cli contains a Remote Code Execution issue in its Forestry-to-Tina migration command. The internal helper function addVariablesToCode unquotes any value matching the marker " TINA...

7.8CVSS6.1AI score0.0017EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/10 8:30 p.m.37 views

CVE-2026-0266 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface

A cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama virtual and...

4.8CVSS0.00213EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/06/09 9:13 a.m.16 views

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades , this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index PyPI registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target specific ecosystems...

6.2AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/08 1:55 a.m.11 views

CVE-2023-54351 WordPress Sonaar Music Plugin 4.7 Stored XSS via Comments

WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment functionality. Attackers can submit JavaScript payloads in the comment parameter to wp-comments-post.php which are stored an...

7.2CVSS5.2AI score0.00184EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 1:55 a.m.11 views

EUVD-2021-34850

WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at...

6.4CVSS5.3AI score0.00187EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/06 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Rows per page
Query Builder