Lucene search
K

12151 matches found

The Hacker News
The Hacker News
added yesterday5 views

Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws

Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has been published. The vulnerabilities are listed below - CVE-2026-15718 , an invalid pointer in the JavaScript: WebAssembly component CVE-2026-15719 , a site isolation in the DOM:...

9.9CVSS6.6AI score
Exploits0
OSV
OSV
added yesterday15 views

ROOT-APP-NPM-CVE-2026-44581 CVE-2026-44581 in @rootio/next - Patched by Root

Root has patched CVE-2026-44581 in the @rootio/next package for Root:npm. Multiple fixed versions available...

4.7CVSS5.3AI score0.00222EPSS
Exploits1
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-48125

A flaw was found in UAParser.js, a JavaScript library for detecting client information. A remote attacker can exploit this vulnerability by sending a specially crafted Sec-CH-UA-Model header when the application uses the Client Hints API. This can cause excessive CPU usage due to a regular...

5.3CVSS6AI score
Exploits0References6
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-47423

A flaw was found in DOMPurify, a DOM-only cross-site scripting XSS sanitizer. Due to the default allowance of selectedcontent, a remote attacker could craft a malicious payload that, after initial sanitization, could be re-cloned by browsers, leading to the execution of unsanitized markup. This...

8.2CVSS6.1AI score0.00035EPSS
Exploits0References6
OSV
OSV
added yesterday4 views

ROOT-OS-DEBIAN-12-CVE-2026-24515 CVE-2026-24515 in rootio-expat - Patched by Root

Root has patched CVE-2026-24515 in the rootio-expat package for Root:Debian:12. Multiple fixed versions available...

2.5CVSS5.4AI score0.0017EPSS
Exploits0
Nuclei
Nuclei
added yesterday170 views

Nette Framework - Remote Code Execution

Nette Framework versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, and 3.0.6 are vulnerable to a code injection attack via specially formed parameters being passed to a URL. Nette is a PHP/Composer MVC Framework. id: CVE-2020-15227 info: name: Nette Framework - Remote Code Execution author:...

9.8CVSS7.1AI score0.35228EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday45 views

Atmail 6.5.0 - Cross-Site Scripting

Atmail 6.5.0 contains a cross-site scripting vulnerability in WebAdmin Control Pane via the format parameter to the default URI, which allows remote attackers to inject arbitrary web script or HTML via the “format” parameter. id: CVE-2021-43574 info: name: Atmail 6.5.0 - Cross-Site Scripting...

6.1CVSS6.5AI score0.02422EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday73 views

Xinuo Openserver 5/6 - Cross-Site scripting

Xinuo formerly SCO Openserver versions 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section' and is vulnerable to reflected cross-site scripting. id: CVE-2020-25495 info: name: Xinuo Openserver 5/6 - Cross-Site scripting author: 0xAkoko severity:...

6.1CVSS6.2AI score0.08142EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday74 views

Puppet Server/PuppetDB - Sensitive Information Disclosure

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints, which may contain sensitive information when left exposed. id: CVE-2020-7943 info: name: Puppet Server/PuppetDB - Sensitive Information Disclosure author: c-sh0 severity: high...

7.5CVSS7AI score0.07884EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday44 views

qdPM 9.1 - Cross-site Scripting

qdPM V9.1 is vulnerable to Cross Site Scripting XSS via qdPM\install\modules\databaseconfig.php. id: CVE-2020-19515 info: name: qdPM 9.1 - Cross-site Scripting author: theamanrawat severity: medium description: | qdPM V9.1 is vulnerable to Cross Site Scripting XSS via...

6.1CVSS6.4AI score0.01789EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday65 views

WBCE CMS v1.5.4 - Cross Site Scripting (Stored)

A cross-site scripting XSS vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field. id: CVE-2022-45038 info: name: WBCE CMS v1.5.4 - Cross Site Scripting Stored author:...

5.4CVSS6.3AI score0.01024EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday86 views

EPrints 3.4.2 - Cross-Site Scripting

EPrints 3.4.2 contains a reflected cross-site scripting vulnerability in the dataset parameter to the cgi/dataset dictionary URI. id: CVE-2021-26702 info: name: EPrints 3.4.2 - Cross-Site Scripting author: ritikchaddha severity: medium description: EPrints 3.4.2 contains a reflected cross-site...

6.1CVSS6.7AI score0.03072EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday72 views

SAS/Internet 9.4 1520 - Local File Inclusion

SAS/Internet 9.4 build 1520 and earlier allows local file inclusion. The samples library included by default in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro...

7.5CVSS7AI score0.07845EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday84 views

FortiWeb - Cross Site Scripting

FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points. id: CVE-2021-22122 info: name:...

6.1CVSS6.4AI score0.1052EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday89 views

Academy LMS 6.0 - Cross-Site Scripting

Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting XSS vulnerability through query parameter. id: CVE-2023-38964 info: name: Academy LMS 6.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Creative Item Academy LMS 6.0 was discovered to...

6.1CVSS6.4AI score0.01056EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday43 views

XWiki < 14.10.5 - Cross-Site Scripting

XWiki Platform is vulnerable to reflected XSS via the previewactions template. An attacker can inject JavaScript through the xcontinue parameter. id: CVE-2023-35162 info: name: XWiki 14.10.5 - Cross-Site Scripting author: ritikchaddha severity: medium description: | XWiki Platform is vulnerable t...

9.6CVSS6.4AI score0.02377EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday187 views

Sharp Multifunction Printers - Directory Listing

It was observed that Sharp printers are vulnerable to an arbitrary directory listing without authentication. Any attacker can list any directory located in the printer and recover any file. id: CVE-2024-33605 info: name: Sharp Multifunction Printers - Directory Listing author: gy741 severity: hig...

7.5CVSS7.1AI score0.06226EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday56 views

Fortinet FortiOS < 5.6.0 - Cross-Site Scripting

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. id: CVE-2017-3133 info: name: Fortinet FortiOS 5.6.0 - Cross-Site Scripting author: ritikchaddha severity:...

6.1CVSS6.5AI score0.10677EPSS
Exploits5References2
Nuclei
Nuclei
added yesterday49 views

ZEROF Web Server 2.0 - Cross-Site Scripting

ZEROF Web Server 2.0 allows /admin.back cross-site scripting. id: CVE-2022-25323 info: name: ZEROF Web Server 2.0 - Cross-Site Scripting author: pikpikcu severity: medium description: ZEROF Web Server 2.0 allows /admin.back cross-site scripting. impact: | Successful exploitation of this...

6.1CVSS6.1AI score0.03245EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday73 views

OpenCATS 0.9.6 - Cross-Site Scripting

OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the joborderID parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch...

6.1CVSS6.5AI score0.01278EPSS
Exploits1References5
Rows per page
Query Builder