Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

59051 matches found

Cvelist
Cvelistadded 2026/01/13 10:56 p.m.24 views

CVE-2023-53985 Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS)

Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in...

6.1CVSS0.00238EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2026/01/13 10:56 p.m.2 views

CVE-2023-53985 Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS)

Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in...

6.1CVSS6.2AI score0.00238EPSS
Exploits1References5
CVE
CVEadded 2026/01/13 10:56 p.m.7 views

CVE-2022-50896

Testa 3.5.1 Online Test Management System is affected by a reflected XSS in the login.php redirect parameter. The root cause is an insufficent input sanitization allowing an attacker to craft a specially encoded payload in the redirect parameter to execute arbitrary JavaScript in a victim’s brows...

6.1CVSS6.1AI score0.00327EPSS
Exploits0References3
CVE
CVEadded 2026/01/13 10:56 p.m.8 views

CVE-2021-47750

YouPHPTube versions up to 7.8 contain a cross-site scripting (XSS) vulnerability in the redirectUri parameter of the signup page, allowing an attacker to craft signups that execute arbitrary JavaScript in victims’ browsers. The root cause is improper handling of the redirectUri in the signup flow...

6.1CVSS6.2AI score0.00298EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVEadded 2026/01/13 10:53 p.m.5 views

CVE-2025-46067

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file...

8.2CVSS6.9AI score0.00255EPSS
Exploits0References1
vulnersOsv
vulnersOsvadded 2026/01/13 9:51 p.m.6 views

168wangxiao-ui (>=0.3.6 <=0.3.70), 3achatlibrary (>=1.0.0 <=1.0.9) +5430 more potentially affected by CVE-2025-15056 via quill (>=0.19.14 <=2.0.3)

quill NPM version =0.19.14, =0.3.6, =1.0.0, =19.0.0, =1.0.1, =1.0.0, =1.0.10, =3.1.1-0, =2.10.1, =0.1.6, =1.0.7, =19.0.0, =19.1.0 and more Source cves: CVE-2025-15056 Source advisory: SNYK:JS-QUILL-14927397...

6.1CVSS5.4AI score0.00221EPSS
Exploits1
Github Security Blog
Github Security Blogadded 2026/01/13 8:36 p.m.24 views

Malicious website can execute commands on the local system through XSS in the OpenCode web UI

Summary A malicious website can abuse the server URL override feature of the OpenCode web UI to achieve cross-site scripting on http://localhost:4096. From there, it is possible to run arbitrary commands on the local system using the /pty/ endpoints provided by the OpenCode API. Code execution vi...

9.4CVSS6.6AI score0.00914EPSS
Exploits1References3Affected Software1
NVD
NVDadded 2026/01/13 2:16 p.m.3 views

CVE-2026-0885

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

6.5CVSS0.00361EPSS
Exploits0References5
OSV
OSVadded 2026/01/13 2:16 p.m.7 views

CVE-2026-0885

Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

6.5CVSS5.8AI score
Exploits0References5
NVD
NVDadded 2026/01/13 2:16 p.m.2 views

CVE-2026-0884

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

9.8CVSS0.00423EPSS
Exploits0References5
OSV
OSVadded 2026/01/13 2:16 p.m.5 views

CVE-2026-0884

Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

9.8CVSS5.8AI score
Exploits0References5
UbuntuCve
UbuntuCveadded 2026/01/13 2:16 p.m.2 views

CVE-2026-0884

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

9.8CVSS5.8AI score0.00423EPSS
Exploits0References7
UbuntuCve
UbuntuCveadded 2026/01/13 2:16 p.m.2 views

CVE-2026-0885

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

6.5CVSS5.8AI score0.00361EPSS
Exploits0References7
OSV
OSVadded 2026/01/13 2:16 p.m.3 views

UBUNTU-CVE-2026-0885

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

6.5CVSS6.6AI score0.00361EPSS
Exploits0References8
OSV
OSVadded 2026/01/13 2:16 p.m.6 views

UBUNTU-CVE-2026-0884

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

9.8CVSS7.3AI score0.00423EPSS
Exploits0References8
AstraLinux
AstraLinuxadded 2026/01/13 2:1 p.m.1 views

Astra Linux – Vulnerability in Firefox

There was a way to change the values of JavaScript object properties that were supposed to be non-writeable. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...

6.5CVSS5.2AI score0.0021EPSS
Exploits0References3
AstraLinux
AstraLinuxadded 2026/01/13 2:1 p.m.3 views

Astra Linux – Vulnerability in Firefox, Thunderbird

JIT compilation errors in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

9.8CVSS5.4AI score0.00422EPSS
Exploits0References3
AstraLinux
AstraLinuxadded 2026/01/13 2:1 p.m.3 views

Astra Linux – Vulnerability in Chromium

Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.5AI score0.00379EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/01/13 1:30 p.m.6 views

CVE-2026-0884

Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

9.8CVSS5.5AI score0.00423EPSS
Exploits0References6
CVE
CVEadded 2026/01/13 1:30 p.m.17 views

CVE-2026-0885

CVE-2026-0885 is a use-after-free in Firefox/Thunderbird’s JavaScript: GC component. Affected: Firefox &lt; 147, Firefox ESR &lt; 140.7, Thunderbird &lt; 147, Thunderbird

6.5CVSS5.8AI score0.00361EPSS
Exploits0References5Affected Software2
Rows per page
Query Builder