Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

59050 matches found

NVD
NVDadded 2026/01/15 5:16 p.m.12 views

CVE-2026-22867

LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Interlinking feature. When a user creates a link to another document within the editor, the URL of that link is not validated. An attacke...

8.7CVSS0.0025EPSS
Exploits0References3
OSV
OSVadded 2026/01/15 4:33 p.m.3 views

SUSE-SU-2026:20086-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.7.0 ESR bsc1256340. - MFSA 2026-03 bsc1256340 CVE-2026-0877: Mitigation bypass in the DOM: Security component CVE-2026-0878: Sandbox escape due to incorrect boundary conditions in the Graphic...

9.8CVSS5.8AI score0.0055EPSS
Exploits0References15
Vulnrichment
Vulnrichmentadded 2026/01/15 4:31 p.m.3 views

CVE-2026-22867 LaSuite Doc affected by Stored XSS via Interlinking Block

LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Interlinking feature. When a user creates a link to another document within the editor, the URL of that link is not validated. An attacke...

8.7CVSS5.4AI score0.0025EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/01/15 4:31 p.m.3 views

CVE-2026-22867

LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Interlinking feature. When a user creates a link to another document within the editor, the URL of that link is not validated. An attacke...

8.7CVSS5.9AI score0.0025EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2026/01/15 4:31 p.m.22 views

CVE-2026-22867 LaSuite Doc affected by Stored XSS via Interlinking Block

LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Interlinking feature. When a user creates a link to another document within the editor, the URL of that link is not validated. An attacke...

8.7CVSS0.0025EPSS
Exploits0References3
EUVD
EUVDadded 2026/01/15 4:31 p.m.5 views

EUVD-2026-2857

LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Interlinking feature. When a user creates a link to another document within the editor, the URL of that link is not validated. An attacke...

8.7CVSS5.3AI score0.0025EPSS
Exploits0References3
OSV
OSVadded 2026/01/15 4:31 p.m.4 views

CVE-2026-22867 LaSuite Doc affected by Stored XSS via Interlinking Block

LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Interlinking feature. When a user creates a link to another document within the editor, the URL of that link is not validated. An attacke...

8.7CVSS5.6AI score0.0025EPSS
Exploits0References5
CVE
CVEadded 2026/01/15 4:31 p.m.12 views

CVE-2026-22867

CVE-2026-22867 concerns LaSuite Doc, a collaborative note-taking/wiki platform. Affected versions are 3.8.0 through 4.3.0. The vulnerability is a Stored Cross-Site Scripting (XSS) in the Interlinking feature: when a user creates a link to another document in the editor, the link URL is not valida...

8.7CVSS5.4AI score0.0025EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2026/01/15 4:16 p.m.4 views

CVE-2021-47843

Tagstoo 2.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious payloads through files or custom tags. Attackers can execute arbitrary JavaScript code to spawn system processes, access files, and perform remote code execution on the victim's computer...

5.4CVSS6.4AI score0.00366EPSS
Exploits1References3
NVD
NVDadded 2026/01/15 4:16 p.m.2 views

CVE-2021-47843

Tagstoo 2.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious payloads through files or custom tags. Attackers can execute arbitrary JavaScript code to spawn system processes, access files, and perform remote code execution on the victim's computer...

5.4CVSS0.00366EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/01/15 3:52 p.m.27 views

CVE-2021-47843 Tagstoo 2.0.1 - Stored XSS to RCE

Tagstoo 2.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious payloads through files or custom tags. Attackers can execute arbitrary JavaScript code to spawn system processes, access files, and perform remote code execution on the victim's computer...

5.4CVSS0.00366EPSS
Exploits1References3
Wiz blog
Wiz blogadded 2026/01/15 3:0 p.m.13 views

CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuild

Wiz Research discovered a critical supply chain vulnerability that abused a CodeBuild misconfiguration to take over key AWS GitHub repositories - including the JavaScript SDK powering the AWS Console...

7AI score
Exploits0
NVD
NVDadded 2026/01/15 2:16 p.m.6 views

CVE-2025-13859

The AffiliateX – Amazon Affiliate Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savecustomizationsettings AJAX action in versions 1.0.0 to 1.3.9.3. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS0.00166EPSS
Exploits0References3
EUVD
EUVDadded 2026/01/15 1:23 p.m.7 views

EUVD-2026-2807

The AffiliateX – Amazon Affiliate Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savecustomizationsettings AJAX action in versions 1.0.0 to 1.3.9.3. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS5.1AI score0.00166EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/01/15 1:23 p.m.4 views

CVE-2025-13859

The AffiliateX – Amazon Affiliate Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savecustomizationsettings AJAX action in versions 1.0.0 to 1.3.9.3. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS5.8AI score0.00166EPSS
Exploits0References4Affected Software1
NVD
NVDadded 2026/01/15 1:16 p.m.4 views

CVE-2026-22637

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

0.00035EPSS
Exploits0
Cvelist
Cvelistadded 2026/01/15 1:11 p.m.30 views

CVE-2026-22638

...

0.00037EPSS
Exploits0
Cvelist
Cvelistadded 2026/01/15 1:10 p.m.24 views

CVE-2026-22637

...

0.00035EPSS
Exploits0
CVE
CVEadded 2026/01/15 1:10 p.m.10 views

CVE-2026-22637

CVE-2026-22637 is associated with Grafana XY Chart Plugin. The Red Hat entry and PT--security advisory describe a DOM-based XSS vulnerability where a user with Editor permissions can modify a panel to execute arbitrary JavaScript. Affected component: Grafana XY Chart Plugin; attack vector involve...

6.3AI score0.00035EPSS
Exploits0
Vulnrichment
Vulnrichmentadded 2026/01/15 1:10 p.m.2 views

CVE-2026-22637

...

5.3AI score0.00035EPSS
Exploits0
Rows per page
Query Builder