Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

The Hacker News
The Hacker Newsadded 2026/06/18 1:58 p.m.16 views

The Scripts on Your Checkout Page Are Now a PCI DSS Problem

An independent PCI assessor tested Reflectiz against the new PCI DSS rules. Here is the verdict: See the full QSA assessment here → When a customer types their card number into your checkout, their browser is running far more than your code. Analytics tags, a tag manager, a support widget, a...

5.7AI score
Exploits0
RedhatCVE
RedhatCVEadded 2026/06/05 7:28 p.m.9 views

CVE-2026-4341

The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'followustext' setting of the Mount widget in all versions up to, and including, 4.1.10. This is due to insufficient input sanitization and output escaping. Specifically, the...

6.4CVSS5.7AI score0.00362EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/12 9:31 a.m.14 views

EUVD-2026-29411

The Shortcodely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'widgetarea' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acces...

6.4CVSS6AI score0.00201EPSS
Exploits0References8
RedhatCVE
RedhatCVEadded 2026/04/14 7:23 p.m.6 views

CVE-2026-39628

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through = 1.3.0...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/10/03 12:0 a.m.4 views

PT-2025-40480

Name of the Vulnerable Software and Affected Versions Easy Elementor Addons versions prior to 2.2.8 Description The Easy Elementor Addons plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping in several widget...

6.4CVSS5.9AI score0.00311EPSS
Exploits0References8
BDU FSTEC
BDU FSTECadded 2024/06/19 12:0 a.m.4 views

The vulnerability of the GNOME Shell’s graphical shell in the GNOME desktop environment of Linux operating systems allows a hacker to execute arbitrary code.

The vulnerability of the GNOME Shell’s graphical interface in GNOME desktop environments on Linux operating systems is related to the lack of measures taken to neutralize the script in the web page attributes. Exploiting this vulnerability allows a remote attacker to execute arbitrary JavaScript...

6.5CVSS7.1AI score0.00299EPSS
Exploits0References4Affected Software3
SUSE CVE
SUSE CVEadded 2023/02/15 4:26 a.m.4 views

SUSE CVE-2018-12397

A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This...

6.1CVSS8AI score0.00368EPSS
Exploits0References9
Opera Security Advisories
Opera Security Advisoriesadded 2010/10/06 12:0 a.m.29 views

Manipulating the window can be used to spoof the page address

Web page scripts can be used to alter the size of the browser window. In some cases, this manipulation can cause the wrong part of the Web page address to be displayed in the Address Bar, so that the part that is initially visible to the user is not the start of the address, and may contain conte...

1.7AI score
Exploits0Affected Software1
Rows per page
Query Builder