Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Vulnrichment
Vulnrichmentadded 2026/04/27 8:16 p.m.0 views

CVE-2026-5362 Pimcore Platform v12.3.3 - Stored XSS in Document Editable Embed rendering

An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3...

4.8CVSS5.5AI score0.00004EPSS
Exploits1References2
OSV
OSVadded 2026/01/06 1:29 p.m.3 views

MAL-2026-92 Malicious code in okta-loginpage-render (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48116f31c0b827072f94f6157837d2fcb3be3c6a9985584328216403280bd6bb The package okta-loginpage-render was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-30568

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00032EPSS
Exploits0References2
CNNVD
CNNVDadded 2025/01/07 12:0 a.m.9 views

WordPress plugin WP Header Notification 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...

5.9CVSS7.8AI score0.00177EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2024/08/16 12:0 a.m.1 views

PT-2024-40862 · Git +1 · Ghostscript

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ. The crash state involves functions such as chunk free object, pdfi interpret content stream, and pd...

7AI score
Exploits0References2
OSV
OSVadded 2023/04/20 10:5 p.m.15 views

GHSA-9JQ5-XWQW-Q8J3 XWiki Platform vulnerable to page render failure due to broken translations

Impact It's possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object. Patches The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Workarounds There is no other workaround other than fixing any way...

4.3CVSS5.2AI score0.00265EPSS
Exploits1References4
Huntr
Huntradded 2023/02/01 5:37 a.m.7 views

Xss in compose mail functionaility

Description Reflected cross-site scripting or XSS arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way. Proof of Concept - Step1: login as normal user. - step2: click on webmail and click on compose. - step3: now enter "...

Exploits0
OSV
OSVadded 2022/05/24 10:1 p.m.1 views

GHSA-X43G-GJ9X-838X PhantomJS Arbitrary File Read

PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HT...

7.5CVSS6AI score0.13599EPSS
Exploits1References3
Rows per page
Query Builder