Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

37 matches found

RedhatCVE
RedhatCVEadded yesterday3 views

CVE-2026-36226

Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User component...

6.1CVSS5.5AI score0.00039EPSS
Exploits1References1
NVD
NVDadded 2026/05/22 5:16 p.m.7 views

CVE-2026-36226

Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User component...

6.1CVSS0.00039EPSS
Exploits1References1
CVE
CVEadded 2026/05/22 12:0 a.m.26 views

CVE-2026-36226

CVE-2026-36226 affects Advantech WebAccess/SCADA 8.0-2015.08.16. A cross-site scripting flaw resides in the Admin Dashboard’s Create New Project User component, where unsanitized input in the decryption field can be rendered and execute JavaScript in an authenticated user’s browser context. Docum...

6.1CVSS5.8AI score0.00039EPSS
Exploits1References1
EUVD
EUVDadded 2026/05/22 12:0 a.m.4 views

EUVD-2026-31474

Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User component...

6.1CVSS5.8AI score0.00039EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/05/22 12:0 a.m.3 views

CVE-2026-36226

Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User component...

0.00039EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/05/22 12:0 a.m.2 views

CVE-2026-36226

Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User component...

6.1CVSS5.8AI score0.00039EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/05/22 12:0 a.m.6 views

PT-2026-42803

Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User component...

6.1CVSS5.8AI score0.00039EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2020-23364

Malware in sbrugna...

5.4CVSS5.6AI score0.00206EPSS
Exploits1References3
Hacker One
Hacker Oneadded 2025/10/03 7:51 p.m.9 views

Lovable VDP: Low-privileged user can enable or disable Lovable AI for new projects in workspace

A vulnerability was discovered that allowed low-privileged users to enable or disable Lovable AI for new projects in a workspace. The vulnerability was caused by improper authorization, which enabled low-privileged users to modify the Lovable AI settings by replaying certain API endpoints...

6.9AI score
Exploits0
NVD
NVDadded 2025/08/21 6:15 p.m.4 views

CVE-2025-57768

Phproject is a high performance full-featured project management system. From 1.8.0 to before 1.8.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. When sending a POST request to /issues/new/, the value provided in the Planned Hours...

6.9CVSS0.00089EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/08/21 5:20 p.m.2 views

CVE-2025-57768 Stored XSS in “hours” fields when creating or editing an issue, using SQLite database

Phproject is a high performance full-featured project management system. From 1.8.0 to before 1.8.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. When sending a POST request to /issues/new/, the value provided in the Planned Hours...

6.9CVSS5.6AI score0.00089EPSS
Exploits0References1
OSV
OSVadded 2025/08/21 5:20 p.m.3 views

CVE-2025-57768 Stored XSS in “hours” fields when creating or editing an issue, using SQLite database

Phproject is a high performance full-featured project management system. From 1.8.0 to before 1.8.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. When sending a POST request to /issues/new/, the value provided in the Planned Hours...

6.9CVSS5.4AI score0.00089EPSS
Exploits0References3
CNNVD
CNNVDadded 2025/08/21 12:0 a.m.1 views

Phproject 跨站脚本漏洞

Phproject is a project management system for Alan's personal developers. The system supports issue management, task management and dashboard features. A cross-site scripting vulnerability exists in versions of Phproject prior to 1.8.0 through 1.8.3, which stems from the presence of stored...

6.9CVSS6AI score0.00089EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/05/22 4:21 p.m.6 views

CVE-2020-35706

Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Project screen...

5.4CVSS5.6AI score0.00206EPSS
Exploits1
CVE
CVEadded 2025/04/13 10:10 p.m.243 views

CVE-2025-3445

CVE-2025-3445 (Zip Slip in mholt/archiver, Go) : A crafted ZIP can cause path traversal during archiver.Unarchive(zipFile, outputDir), permitting write/overwrite of files with the app’s privileges. This can lead to privilege escalation or code execution in affected setups. The advisory notes a TA...

8.1CVSS8AI score0.00135EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2024/11/25 12:0 a.m.3 views

PT-2024-35774 · Taiga · Taiga

Name of the Vulnerable Software and Affected Versions: Taiga version 8.6.1 Description: A Client-Side Template Injection CSTI issue in the /project/new/scrum component allows remote attackers to execute arbitrary code by injecting a malicious payload within the new project details. Recommendation...

8CVSS8AI score0.0165EPSS
Exploits0References4
GithubExploit
GithubExploitadded 2024/09/06 6:17 a.m.73 views

Exploit for CVE-2024-25503

CVE-2024-25503 Vulnerability type : Cross Site Scripting...

4.7CVSS8.6AI score0.00736EPSS
Exploits1
OSV
OSVadded 2024/09/02 5:15 a.m.0 views

CVE-2024-45527

REDCap 14.7.0 allows HTML injection via the project title of a New Project action. This can lead to resultant logout CSRF via index.php?logout=1, and can also be used to insert a link to an external phishing website...

6.1CVSS5.8AI score
Exploits0References2
Cvelist
Cvelistadded 2024/09/02 12:0 a.m.19 views

CVE-2024-45527

REDCap 14.7.0 allows HTML injection via the project title of a New Project action. This can lead to resultant logout CSRF via index.php?logout=1, and can also be used to insert a link to an external phishing website...

0.00125EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2024/09/01 12:0 a.m.0 views

PT-2024-31682 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap version 14.7.0 Description: The issue allows HTML injection via the project title of a New Project action. This can lead to resultant logout CSRF via "index.php?logout=1", and can also be used to insert a link to an external phishing...

6.1CVSS7.3AI score0.00125EPSS
Exploits1References6
Rows per page
Query Builder