Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3249 matches found

CVE
CVEadded 2025/02/03 12:0 a.m.72 views

CVE-2025-25062

CVE-2025-25062 is an XSS vulnerability in Backdrop CMS (CKEditor 5 module) affecting 1.28.x prior to 1.28.5 and 1.29.x prior to 1.29.3. The issue arises from insufficient isolation of long text content, enabling crafted HTML/JS to execute when an administrator edits content. Exploitation prospect...

4.4CVSS5.8AI score0.01654EPSS
Exploits3References3Affected Software1
Veracode
Veracodeadded 2025/01/30 3:49 a.m.7 views

Script Injection

Nuxt is vulnerable to Script injection. The vulnerability is due to the lack of same-origin policy enforcement for script requests, allows attackers to inject malicious scripts into a victim's site via a script tag, bypassing security measures intended to prevent such cross-origin interactions...

5.3CVSS6.9AI score0.00311EPSS
Exploits0References2Affected Software3
CNNVD
CNNVDadded 2025/01/30 12:0 a.m.2 views

VMware Aria Operations for Logs 安全漏洞

VMware Aria Operations for Logs is a centralized log management solution from VMware. The product supports features such as log organization and log analysis. A security vulnerability exists in VMware Aria Operations for Logs. An attacker can exploit this vulnerability to inject malicious scripts...

5.2CVSS9.2AI score0.00372EPSS
Exploits0References1
Veracode
Veracodeadded 2025/01/27 5:46 a.m.8 views

Cross-Site Scripting (XSS)

PhpSpreadsheet is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization or escaping of user input when converting XLSX files into HTML, allows malicious scripts to be embedded in the file content and executed in the context of the user's browser...

6.1CVSS6.1AI score0.00371EPSS
Exploits4References4Affected Software2
Veracode
Veracodeadded 2025/01/27 3:5 a.m.6 views

Cross-Site Scripting (XSS)

mathlive is vulnerable to Cross-site scripting XSS. The vulnerability is due to the lack of proper escaping of HTML content when using commands like \htmlData, which allows the injection and execution of malicious scripts...

7.2AI score
Exploits0
Veracode
Veracodeadded 2025/01/24 4:34 a.m.11 views

Stored Cross-site Scripting (XSS)

librenms/librenms is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to insufficient input sanitization of the descr parameter in /ajaxform.php, allows malicious scripts to be injected and stored in the system...

5.4CVSS5.9AI score0.01221EPSS
Exploits1References5Affected Software1
Veracode
Veracodeadded 2025/01/24 4:12 a.m.6 views

Stored Cross-site Scripting (XSS)

librenms/librenms is vulnerable to Stored cross-site scripting XSS. The vulnerability is due to insufficient input sanitization of the display parameter in the /device/$DEVICEID/edit endpoint, allowing attackers to inject and store malicious scripts on the server...

5.4CVSS5.9AI score0.00372EPSS
Exploits1References5Affected Software1
CVE
CVEadded 2025/01/18 7:5 a.m.45 views

CVE-2024-12385

The CVE-2024-12385 entry concerns the WP Abstracts WordPress plugin. The connected Red Hat entry confirms a Cross-Site Request Forgery flaw in WP Abstracts up to version 2.7.2, caused by missing nonce validation in wpabstracts_load_status() and wpabstracts_delete_abstracts(). This could allow una...

6.1CVSS6.5AI score0.00193EPSS
Exploits0References5Affected Software1
Veracode
Veracodeadded 2025/01/17 5:53 a.m.11 views

Cross-site Scripting (XSS)

github.com/rancher/rancher is vulnerable to Cross-site Scripting XSS. The vulnerability is due to a Stored XSS attack, which occurs when a malicious actor can inject and store malicious scripts via the cluster description field, leading to potential execution of unauthorized code within the UI...

8.9CVSS5.8AI score0.00476EPSS
Exploits0
Vulnrichment
Vulnrichmentadded 2025/01/16 10:20 p.m.7 views

CVE-2025-23200 Stored XSS-LibreNMS-Misc Section in librenms

librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: ajaxform.php - param: state. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page...

4.6CVSS4.5AI score0.30854EPSS
Exploits1References1
OSV
OSVadded 2025/01/16 10:20 p.m.15 views

CVE-2025-23200 Stored XSS-LibreNMS-Misc Section in librenms

librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: ajaxform.php - param: state. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page...

4.6CVSS5.8AI score0.30854EPSS
Exploits1References3
OSV
OSVadded 2025/01/16 5:33 p.m.6 views

GHSA-G84X-G96G-RCJC Librenms has a reflected XSS on error alert

XSS on the parameters:/addhost - param: community of Librenms versions 24.10.1 https://github.com/librenms/librenms allows remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potentia...

5.4CVSS5.8AI score0.00398EPSS
Exploits1References3
Github Security Blog
Github Security Blogadded 2025/01/16 5:33 p.m.20 views

Librenms has a reflected XSS on error alert

XSS on the parameters:/addhost - param: community of Librenms versions 24.10.1 https://github.com/librenms/librenms allows remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potentia...

6.1CVSS5.6AI score0.00398EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blogadded 2025/01/16 5:32 p.m.17 views

LibreNMS Ports Stored Cross-site Scripting vulnerability

StoredXSS-LibreNMS-Ports Description: Stored XSS on the parameter: /ajaxform.php - param: descr Request: http POST /ajaxform.php HTTP/1.1 Host: X-Requested-With: XMLHttpRequest X-CSRF-TOKEN: Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Cookie:...

5.4CVSS4.8AI score0.01221EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blogadded 2025/01/16 5:21 p.m.21 views

LibreNMS Display Name Stored Cross-site Scripting vulnerability

Description: XSS on the parameters Replace $DEVICEID with your specific $DEVICEID value:/device/$DEVICEID/edit - param: display of Librenms versions 24.9.0, 24.10.0, and 24.10.1 https://github.com/librenms/librenms allows remote attackers to inject malicious scripts. When a user views or interact...

5.4CVSS4.8AI score0.00349EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2025/01/16 5:21 p.m.12 views

GHSA-PM8J-3V64-92CQ LibreNMS Display Name Stored Cross-site Scripting vulnerability

Description: XSS on the parameters Replace $DEVICEID with your specific $DEVICEID value:/device/$DEVICEID/edit - param: display of Librenms versions 24.9.0, 24.10.0, and 24.10.1 https://github.com/librenms/librenms allows remote attackers to inject malicious scripts. When a user views or interact...

4.6CVSS4.9AI score0.00349EPSS
Exploits1References4
NVD
NVDadded 2025/01/14 10:15 p.m.8 views

CVE-2024-50859

The ipimportaclcsv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attacker to execute malicious scripts or exfiltrate data...

4.8CVSS0.00847EPSS
Exploits3References3
NVD
NVDadded 2025/01/14 1:15 a.m.23 views

CVE-2025-23033

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionarsituacao.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts...

6.4CVSS0.00273EPSS
Exploits1References2
NVD
NVDadded 2025/01/14 1:15 a.m.14 views

CVE-2025-23037

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the control.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the...

6.4CVSS0.00311EPSS
Exploits1References2
OSV
OSVadded 2025/01/13 11:34 p.m.18 views

CVE-2025-23030 Cross-Site Scripting (XSS) Reflected endpoint 'cadastro_funcionario.php' parameter 'cpf' in WeGIA

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the cadastrofuncionario.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious...

6.4CVSS4.4AI score0.00295EPSS
Exploits1References4
Rows per page
Query Builder