Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

49 matches found

NVD
NVDadded 2026/05/22 10:16 p.m.14 views

CVE-2026-41147

NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting XSS vulnerability caused by insufficient server-side input sanitization in the Request class. The application relies primarily on client-side filtering to sanitize HTML tags and...

8.7CVSS0.00349EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/22 9:45 p.m.14 views

EUVD-2026-31507

NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting XSS vulnerability caused by insufficient server-side input sanitization in the Request class. The application relies primarily on client-side filtering to sanitize HTML tags and...

8.7CVSS5.8AI score0.00349EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/22 9:45 p.m.6 views

CVE-2026-41147 NukeViet CMS: Stored Cross-Site Scripting (XSS) via insufficient server-side input sanitization in Request class

NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting XSS vulnerability caused by insufficient server-side input sanitization in the Request class. The application relies primarily on client-side filtering to sanitize HTML tags and...

8.7CVSS5.8AI score0.00349EPSS
Exploits0References3
CVE
CVEadded 2026/05/22 9:45 p.m.26 views

CVE-2026-41147

CVE-2026-41147 (NukeViet CMS) is a stored XSS issue affecting NukeViet CMS versions up to 4.5.08, caused by insufficient server-side input sanitization in the Request class. The app relies on client-side filtering for user-submitted HTML, which can be bypassed by altering HTTP requests. Attackers...

8.7CVSS5.8AI score0.00349EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/22 9:45 p.m.18 views

CVE-2026-41147 NukeViet CMS: Stored Cross-Site Scripting (XSS) via insufficient server-side input sanitization in Request class

NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting XSS vulnerability caused by insufficient server-side input sanitization in the Request class. The application relies primarily on client-side filtering to sanitize HTML tags and...

8.7CVSS0.00349EPSS
Exploits0References3
OSV
OSVadded 2026/05/15 4:45 p.m.6 views

GHSA-64RR-PP78-62WW NukeViet CMS: Stored Cross-Site Scripting (XSS) via insufficient server-side input sanitization in Request class

Impact NukeViet CMS , which are stored server-side and executed in the browser of any user who views the content. Who is impacted: - Administrators and moderators who view user-submitted content e.g., contact messages, comments, or any module using the Request class for HTML input. - The Contact...

8.7CVSS5.8AI score0.00349EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/15 12:0 a.m.9 views

PT-2026-41388

Name of the Vulnerable Software and Affected Versions NukeViet CMS versions prior to 4.5.08 Description Stored Cross-Site Scripting XSS occurs due to insufficient server-side input sanitization in the Request class. The application relies on client-side filtering to sanitize HTML tags and...

8.7CVSS5.8AI score0.00349EPSS
Exploits0References6
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2022-6115

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00772EPSS
Exploits1References6
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2022-3103

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.01583EPSS
Exploits1References5
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2022-7459

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00502EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2022-2808

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00616EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2022-4525

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.01576EPSS
Exploits1References6
RedhatCVE
RedhatCVEadded 2025/05/22 10:1 p.m.6 views

CVE-2022-30874

There is a Cross Site Scripting Stored XSS vulnerability in NukeViet CMS before 4.5.02...

5.4CVSS5.8AI score0.00772EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/22 4:13 p.m.6 views

CVE-2020-22765

Cross Site Scripting XSS vulnerability in NukeViet cms 4.4.0 via the editor in the News module...

6.1CVSS5.9AI score0.00616EPSS
Exploits0
RedhatCVE
RedhatCVEadded 2025/05/22 4:6 p.m.5 views

CVE-2020-21808

SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via:the topicsid parameter in modules/news/admin/addtotopics.php...

9.8CVSS8.1AI score0.01583EPSS
Exploits1
RedhatCVE
RedhatCVEadded 2025/05/22 4:1 p.m.7 views

CVE-2020-21809

SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the 1 listid parameter in detail.php and the 2 groupprice or groupid parameters in searchresult.php...

9.8CVSS8.1AI score0.01576EPSS
Exploits1
CNNVD
CNNVDadded 2024/06/10 12:0 a.m.3 views

Vinades NukeViet Security Breach

Vinades NukeViet is an open source content management system CMS from Vinades Vietnam. A security vulnerability exists in Vinades NukeViet v.4.5 and earlier versions, nukeviet-egov v.1.2.02 and earlier versions, which stems from the presence of a deserialization vulnerability. An attacker can...

8.8CVSS7.3AI score0.00845EPSS
Exploits1References2
OSV
OSVadded 2022/11/13 10:15 a.m.14 views

CVE-2022-3975

A vulnerability, which was classified as problematic, has been found in NukeViet CMS. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross site scripting...

6.1CVSS6AI score
Exploits0References3
NVD
NVDadded 2022/11/13 10:15 a.m.10 views

CVE-2022-3975

A vulnerability, which was classified as problematic, has been found in NukeViet CMS. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross site scripting...

6.1CVSS0.00502EPSS
Exploits0References3
Prion
Prionadded 2022/11/13 10:15 a.m.11 views

Cross site scripting

A vulnerability, which was classified as problematic, has been found in NukeViet CMS. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross site scripting...

5.8CVSS6AI score0.00502EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder