Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

99 matches found

Snyk
Snykadded 2026/06/09 10:23 a.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the notification emails. An attacker can inject arbitrary HTML content into emails sent to other users by submitting specially crafted input. Details Cross-site scripting or XSS is a code vulnerability that...

5.4CVSS5.1AI score0.00308EPSS
Exploits0References2
NVD
NVDadded 2026/06/09 9:16 a.m.12 views

CVE-2026-34033

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. User-supplied content was included in notification emails without proper escaping, allowing authenticated users to inject arbitrary HTML int...

5.4CVSS0.00308EPSS
Exploits0References2
CVE
CVEadded 2026/06/09 7:35 a.m.19 views

CVE-2026-34033

CVE-2026-34033 affects Apache Answer up to version 2.0.0. The issue is an HTML content injection (basic XSS) where user-supplied content included in notification emails was not properly escaped, allowing authenticated users to inject arbitrary HTML into emails sent to other users. The CVSS vector...

5.4CVSS5.5AI score0.00308EPSS
Exploits0References2Affected Software1
CNNVD
CNNVDadded 2026/06/09 12:0 a.m.10 views

Apache Answer 安全漏洞

Apache Answer is a community platform of the Apache Foundation in the United States. Versions of Apache Answer 2.0.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper handling of script-related HTML tags in web pages. The content provided by users was n...

5.4CVSS5.5AI score0.00308EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/06/05 7:48 p.m.5 views

CVE-2026-10729

An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: fr...

2.1CVSS5.5AI score0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:39 p.m.9 views

CVE-2026-7563

The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 5.3.10. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...

4.3CVSS5.6AI score0.00265EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/06/03 1:2 p.m.8 views

CVE-2026-10729 HTML injection in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens

An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: fr...

2.1CVSS5.8AI score0.00204EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/03 1:2 p.m.33 views

CVE-2026-10729 HTML injection in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens

An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: fr...

2.1CVSS0.00204EPSS
Exploits0References1
CVE
CVEadded 2026/06/03 1:2 p.m.12 views

CVE-2026-10729

The CVE-2026-10729 entry covers an HTML injection vulnerability in Thinkst Applied Research Canarytokens specifically in the notification email delivery. Affected component: Canarytokens notification emails that render HTML. Root cause described: HTML injection can enable Interface Manipulation a...

2.1CVSS5.8AI score0.00204EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/06/03 12:0 a.m.4 views

Canarytokens 安全漏洞

Canarytokens is a network activity tracking system open-source by Thinkst Applied Research. There is a security vulnerability in Canarytokens, which stems from HTML injection in notification emails. This vulnerability may lead to interface manipulation and cross-site scripting attacks...

2.1CVSS4.9AI score0.00204EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/11 5:32 p.m.5 views

CVE-2026-42857

Open edX Platform enables the authoring and delivery of online learning at any scale. The HTML sanitizer cleanthreadhtmlbody used for discussion notification emails fails to remove...

4.6CVSS5.8AI score0.0021EPSS
Exploits1References3
NVD
NVDadded 2026/05/05 1:16 p.m.8 views

CVE-2026-27694

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the email notification templates insert user-controlled device, geofence, and driver names into HTML email output without proper escaping. An attacker with low privileges can store...

5.4CVSS0.00162EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/05/05 12:20 p.m.2 views

CVE-2026-27694

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the email notification templates insert user-controlled device, geofence, and driver names into HTML email output without proper escaping. An attacker with low privileges can store...

5.4CVSS5.8AI score0.00162EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/29 3:34 p.m.3 views

CVE-2026-40229

Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML...

5.1CVSS5AI score0.00177EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologiesadded 2026/04/29 12:0 a.m.4 views

PT-2026-35950

Name of the Vulnerable Software and Affected Versions Helpy version 2.8.0 Description A stored cross-site scripting issue exists in the post author display logic. A registered user can persist arbitrary HTML in the account name field, which is then rendered unescaped in public forum threads, the...

5.4CVSS5.8AI score0.00177EPSS
Exploits1References6
NVD
NVDadded 2026/04/07 9:17 p.m.4 views

CVE-2026-39401

Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, jb child processes can include an updateevent key in their JSON output. The server applies this directly to the parent event's stored configuration without any authorization check. A low-privile...

5.4CVSS0.00178EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/04/07 8:24 p.m.2 views

CVE-2026-39401

Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, jb child processes can include an updateevent key in their JSON output. The server applies this directly to the parent event's stored configuration without any authorization check. A low-privile...

5.3CVSS5.9AI score0.00178EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/07 8:24 p.m.4 views

CVE-2026-39401 Privilege Escalation via update_event Job Output in Cronicle

Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, jb child processes can include an updateevent key in their JSON output. The server applies this directly to the parent event's stored configuration without any authorization check. A low-privile...

5.3CVSS5.9AI score0.00178EPSS
Exploits1References1
CVE
CVEadded 2026/04/07 8:24 p.m.10 views

CVE-2026-39401

Cronicle prior to 0.9.111 is affected by CVE-2026-39401. The vulnerability arises when jb child processes can include an update_event key in their JSON output, which the server applies directly to the parent event’s stored configuration without authorization. A low-privilege user who can create a...

5.4CVSS5.9AI score0.00178EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2026/04/07 8:24 p.m.16 views

CVE-2026-39401 Privilege Escalation via update_event Job Output in Cronicle

Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, jb child processes can include an updateevent key in their JSON output. The server applies this directly to the parent event's stored configuration without any authorization check. A low-privile...

5.3CVSS0.00178EPSS
Exploits1References1
Rows per page
Query Builder