Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

58971 matches found

EUVD
EUVDadded 2026/03/20 6:31 p.m.3 views

EUVD-2026-13752

XinLiangCoder phpapidoc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in listmethod.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft a malicious URL with...

6.1CVSS6AI score0.00257EPSS
Exploits0References3
EUVD
EUVDadded 2026/03/20 6:31 p.m.4 views

EUVD-2026-13734

File Thingie 2.5.7 is vulnerable to Cross Site Scripting XSS. A malicious user can leverage the "upload file" functionality to upload a file with a crafted file name used to trigger a Javascript payload...

5.8AI score0.00184EPSS
Exploits0References3
NVD
NVDadded 2026/03/20 6:16 p.m.3 views

CVE-2026-30579

File Thingie 2.5.7 is vulnerable to Cross Site Scripting XSS. A malicious user can leverage the "upload file" functionality to upload a file with a crafted file name used to trigger a Javascript payload...

6.5CVSS0.00184EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/03/20 5:26 p.m.4 views

CVE-2026-32844

XinLiangCoder phpapidoc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in listmethod.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft a malicious URL with...

6.1CVSS6AI score0.00257EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/03/20 3:42 p.m.3 views

CVE-2026-32986

Textpattern CMS version 4.9.0 contains a second-order cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting improper sanitization of user-supplied input in Atom feed XML elements. Attackers can embed unescaped payloads in parameters such as category th...

6.1CVSS5.7AI score0.0016EPSS
Exploits1References2Affected Software1
HackRead
HackReadadded 2026/03/20 1:33 p.m.4 views

New Fake Zoom Meeting Invite Scam Spreads Malware on Windows PCs

Cybersecurity researchers at Sublime Security have discovered a new scam that uses realistic, interactive JavaScript-based Zoom meeting invites to trick users into installing malware...

5.8AI score
Exploits0
SUSE CVE
SUSE CVEadded 2026/03/20 10:15 a.m.4 views

SUSE CVE-2025-12044

Vault and Vault Enterprise “Vault” are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for +HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393...

7.5CVSS7.5AI score0.00517EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/03/20 9:5 a.m.6 views

CVE-2026-33081

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Versions 0.8.2 and below have a Blind SSRF vulnerability in the /download endpoint. The validateDownloadURL function only checks the initial user-supplied URL, but the embedded Chromium browser can...

5.8CVSS5.8AI score0.00289EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVEadded 2026/03/20 8:40 a.m.4 views

CVE-2026-4450

An out of bounds write flaw was found in the V8 component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=487746373...

9.6CVSS5.7AI score0.00281EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/03/20 8:40 a.m.4 views

CVE-2026-4447

An inappropriate implementation flaw was found in the V8 component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=486657483...

9.6CVSS5.7AI score0.00354EPSS
Exploits1References5
RedhatCVE
RedhatCVEadded 2026/03/20 8:35 a.m.4 views

CVE-2026-4457

A type confusion flaw was found in the V8 component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=488803413...

9.6CVSS5.7AI score0.00306EPSS
Exploits0References5
Veracode
Veracodeadded 2026/03/20 7:30 a.m.6 views

Cross Site Scripting (XSS)

code.gitea.io/gitea is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of URL schemes in links, which allows an attacker to inject malicious javascript: URLs and execute arbitrary scripts in a user's browser...

5.4CVSS7.5AI score0.00222EPSS
Exploits0References5Affected Software2
NVD
NVDadded 2026/03/20 5:16 a.m.5 views

CVE-2026-33035

WWBN AVideo is an open source video platform. In versions 25.0 and below, there is a reflected XSS vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser. User input from a URL parameter flows through PHP's jsonencode into a JavaScript function...

6.1CVSS0.00317EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/03/20 5:8 a.m.0 views

CVE-2026-33035

WWBN AVideo is an open source video platform. In versions 25.0 and below, there is a reflected XSS vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser. User input from a URL parameter flows through PHP's jsonencode into a JavaScript function...

5.3CVSS5.9AI score0.00317EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2026/03/20 5:8 a.m.12 views

CVE-2026-33035

CVE-2026-33035 affects WWBN AVideo

6.1CVSS5.9AI score0.00317EPSS
Exploits1References2Affected Software1
EUVD
EUVDadded 2026/03/20 3:31 a.m.3 views

EUVD-2026-13478

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.00281EPSS
Exploits0References3
NVD
NVDadded 2026/03/20 2:16 a.m.3 views

CVE-2026-4457

Type Confusion in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00306EPSS
Exploits0References2
NVD
NVDadded 2026/03/20 2:16 a.m.2 views

CVE-2026-4450

Out of bounds write in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00281EPSS
Exploits0References2
NVD
NVDadded 2026/03/20 2:16 a.m.4 views

CVE-2026-32880

ChurchCRM is an open-source church management system. Versions prior to 7.0.2 allow an admin user to edit JSON type system settings to store a JavaScript payload that can execute when any admin views the system settings. The JSON input is left unescaped/unsanitized in SystemSettings.php, leading ...

6.4CVSS0.0032EPSS
Exploits1References1
Debian CVE
Debian CVEadded 2026/03/20 1:34 a.m.2 views

CVE-2026-4461

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.5AI score0.00281EPSS
Exploits0
Rows per page
Query Builder