Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

33 matches found

OSV
OSVadded 2026/05/19 12:0 a.m.2 views

MAL-2026-4143 Malicious code in limit-size (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
NVD
NVDadded 2026/01/16 8:15 p.m.2 views

CVE-2026-23725

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting XSS vulnerability was identified in the html/pet/adotantes/cadastroadotante.php and html/pet/adotantes/informacaoadotantes.php endpoint of the WeGIA application. The application does not sanitize...

5.4CVSS0.00017EPSS
Exploits1References3
OSV
OSVadded 2025/12/17 11:15 p.m.3 views

CVE-2023-53906

projectSend r1605 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript through the custom assets configuration page. Attackers can craft a JavaScript payload in the custom assets section that will execute when other users loa...

4.8CVSS5.9AI score
Exploits0References3
CVE
CVEadded 2025/11/07 12:0 a.m.3 views

CVE-2025-63714

SourceCodester User Account Generator 1.0 contains a Cross‑Site Scripting (XSS) vulnerability in the Username Prefix field. The root cause is improper sanitization of user input when rendering generated account data to the DOM, allowing persistent injection of malicious HTML elements that execute...

6.1CVSS6.1AI score0.00048EPSS
Exploits1References2Affected Software1
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2018-7407

Malware in sbrugna...

6.1CVSS6.3AI score0.0024EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2022-28155

Malicious code in bioql PyPI...

4.8CVSS5.2AI score0.00328EPSS
Exploits1References2
OSV
OSVadded 2025/06/13 2:50 p.m.1 views

GHSA-5R6X-G6JV-4V87 Ibexa Admin UI XSS vulnerabilities in back office

Impact This security advisory is a part of IBEXA-SA-2025-003, which resolves XSS vulnerabilities in several parts of the back office of Ibexa DXP. Back office access and varying levels of editing and management permissions are required to exploit these vulnerabilities. This typically means Editor...

6.1CVSS6.6AI score
Exploits0References4
Github Security Blog
Github Security Blogadded 2025/06/13 2:50 p.m.5 views

Ibexa Admin UI assets XSS vulnerabilities in back office

Impact This security advisory is a part of IBEXA-SA-2025-003, which resolves XSS vulnerabilities in several parts of the back office of Ibexa DXP. Back office access and varying levels of editing and management permissions are required to exploit these vulnerabilities. This typically means Editor...

6.6AI score
Exploits0References4Affected Software1
Positive Technologies
Positive Technologiesadded 2025/06/13 12:0 a.m.1 views

PT-2025-26624 · Packagist · Ibexa/Admin-Ui

Impact This security advisory is a part of IBEXA-SA-2025-003, which resolves XSS vulnerabilities in several parts of the back office of Ibexa DXP. Back office access and varying levels of editing and management permissions are required to exploit these vulnerabilities. This typically means Editor...

6.1CVSS6.6AI score
Exploits0References5
Vulnerability Lab
Vulnerability Labadded 2023/07/04 12:0 a.m.234 views

Tiva Events Calender v1.4 - Cross Site Scripting Vulnerability

Document Title: =============== Tiva Events Calender v1.4 - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2276 Release Date: ============= 2023-07-04 Vulnerability Laboratory ID VL-ID:...

7.4AI score
Exploits0
0day.today
0day.todayadded 2022/03/15 12:0 a.m.184 views

Automatic Question Paper Generator System 1.0 Cross Site Scripting Vulnerability

Exploit Title: Automatic Question Paper Generator System 1.0 - Cross-site scripting stored Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15190/automatic-question-paper-generator-system-phpoop-free-source-code.html Version: 1.0 Tested on: Linux Title: ================...

7.4AI score
Exploits0
OpenVAS
OpenVASadded 2021/04/23 12:0 a.m.19 views

XWiki XSS Vulnerability (GHSA-5c66-v29h-xjh8)

XWiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

5.4CVSS5.1AI score0.00152EPSS
Exploits1References2
OSV
OSVadded 2021/04/22 4:11 p.m.19 views

GHSA-5C66-V29H-XJH8 XSS Cross Site Scripting

Impact It is possible to persistently inject scripts in XWiki. For unregistred users: - By filling simple text fields For registered users: - By filling their personal information - if they have edit rights By filling the values of static lists using App Within Minutes That can lead to user's...

9.6CVSS8AI score0.00423EPSS
Exploits1References2
Prion
Prionadded 2021/04/20 7:15 p.m.16 views

Design/Logic Flaw

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible to persistently inject scripts in XWiki versions prior to 12.6.3 and 12.8. Unregistred users can fill simple text fields. Registered users can fill in their personal information...

4.3CVSS6.1AI score0.00423EPSS
Exploits1References1Affected Software1
CNVD
CNVDadded 2017/06/07 12:0 a.m.1 views

Subsonic Cross-Site Scripting Vulnerability

Subsonic is a media streaming server that allows users to save music or collect videos on the server. Subsonic suffers from a cross-site scripting vulnerability. A remote attacker could use this vulnerability to persistently inject arbitrary web script or HTML via the name of an uploaded image...

8.8CVSS6AI score0.02293EPSS
Exploits5References1
Vulnerability Lab
Vulnerability Labadded 2016/02/01 12:0 a.m.27 views

File Hub v3.3 iOS (Wifi) - Multiple Web Vulnerabilities

Document Title: =============== File Hub v3.3 iOS Wifi - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1695 Release Date: ============= 2016-02-01 Vulnerability Laboratory ID VL-ID: ==================================== 1695...

7.1AI score
Exploits0
Vulnerability Lab
Vulnerability Labadded 2015/09/04 12:0 a.m.36 views

Shopify Bug Bounty #8 - (FilePath) Cross Site Vulnerability

Document Title: =============== Shopify Bug Bounty 8 - FilePath Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1592 Release Date: ============= 2015-09-04 Vulnerability Laboratory ID VL-ID: ====================================...

7.1AI score
Exploits0
Vulnerability Lab
Vulnerability Labadded 2015/09/03 12:0 a.m.42 views

Shopify Bug Bounty #8 - (FilePath) Cross Site Vulnerability

Document Title: =============== Shopify Bug Bounty 8 - FilePath Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1592 Release Date: ============= 2015-09-03 Vulnerability Laboratory ID VL-ID: ====================================...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2015/08/23 12:0 a.m.27 views

UBNT Script Insertion

Document Title: =============== UBNT Bug Bounty 3 - Persistent Filename Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1467 Video: http://www.vulnerability-lab.com/getcontent.php?id=1468 Release Date: ============= 2015-08-11 Vulnerability...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2015/02/17 12:0 a.m.72 views

Ebay Magento Script Insertion

Document Title: =============== Ebay Inc Magento Bug Bounty 5 - Persistent Validation & Mail Encoding Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1226 eBay Inc. Bug Bounty Program ID: EIBBP-27288 Vulnerability Magazine:...

0.2AI score
Exploits0
Rows per page
Query Builder