Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

ATTACKERKB
ATTACKERKBadded 2026/04/09 8:54 p.m.3 views

CVE-2023-54361

Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the filterkeyword parameter. Attackers can craft URLs containing JavaScript payloads in the filterkeyword GET parameter of the...

6.1CVSS6.2AI score0.00225EPSS
Exploits0References4Affected Software1
CVE
CVEadded 2026/04/09 8:54 p.m.8 views

CVE-2023-54361

Joomla iProperty Real Estate 4.1.1 is affected by a reflected XSS in the filter_keyword parameter of the all-properties-with-map endpoint. The vulnerability allows an attacker to inject JavaScript payloads via a crafted URL, potentially executing code in a victim’s browser and compromising sessio...

6.1CVSS6.2AI score0.00225EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2025/12/16 10:32 p.m.10 views

@vitejs/plugin-rsc has an Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint

Summary The /viterscfindSourceMapURL endpoint in @vitejs/plugin-rsc allows unauthenticated arbitrary file read during development mode. An attacker can read any file accessible to the Node.js process by sending a crafted HTTP request with a file:// URL in the filename query parameter. Severity:...

7.5CVSS6.6AI score0.00552EPSS
Exploits0References6Affected Software1
OSV
OSVadded 2025/12/16 6:20 p.m.5 views

CVE-2025-68155 @vitejs/plugin-rsc has Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint on Development

@vitejs/plugin-rs provides React Server Components RSC support for Vite. Prior to version 0.5.8, the /viterscfindSourceMapURL endpoint in @vitejs/plugin-rsc allows unauthenticated arbitrary file read during development mode. An attacker can read any file accessible to the Node.js process by sendi...

7.5CVSS6.9AI score0.00552EPSS
Exploits0References6
CNNVD
CNNVDadded 2025/12/16 12:0 a.m.4 views

Vite Plugin React 安全漏洞

Vite Plugin React is an open source plugin for Vite. A security vulnerability exists in Vite Plugin React versions prior to 0.5.8 that stems from an arbitrary file read vulnerability in the /viterscfindSourceMapURL endpoint...

7.5CVSS9AI score0.00552EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/12/06 5:54 p.m.7 views

CVE-2025-34259

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicemap/building endpoint. When an authenticated user creates a map entry, the name parameter is stored and later rendered in the map list UI without HTML sanitzation. An...

5.4CVSS5.4AI score0.00212EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/01/13 12:0 a.m.2 views

PT-2025-1473 · Selesta · Selesta Visual Access Manager

Name of the Vulnerable Software and Affected Versions: Selesta Visual Access Manager versions prior to 4.42.2 Description: The issue is related to Cross Site Scripting XSS via the "monitor/s monitor map.php" endpoint. This allows for potential malicious script execution. No information is provide...

6.1CVSS6AI score0.00226EPSS
Exploits0References5
Rows per page
Query Builder