Lucene search
K

6 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/30 8:54 a.m.7 views

CVE-2026-6954

Cross-Site Scripting XSS vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into the victim’s browser by sending a malicious URL via the 'urlDestino' parameter in '/portal.do'. This vulnerability can be...

5.1CVSS5.9AI score0.00366EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 8:54 a.m.29 views

CVE-2026-6954 Multiple vulnerabilities in Intermark IT's WebControl CMS

Cross-Site Scripting XSS vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into the victim’s browser by sending a malicious URL via the 'urlDestino' parameter in '/portal.do'. This vulnerability can be...

5.1CVSS0.00366EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.15 views

PT-2026-39140

Name of the Vulnerable Software and Affected Versions Brave CMS versions prior to commit 6c56603 Description The contact form is publicly accessible without authentication. User-supplied message text is processed by the nl2br function, which converts newlines to tags but fails to escape HTML. Thi...

7.1CVSS5.9AI score0.00271EPSS
Exploits0References5
Malwarebytes
Malwarebytes
added 2026/03/03 12:10 p.m.9 views

Chrome flaw let extensions hijack Gemini’s camera, mic, and file access

Chrome’s Gemini “Live in Chrome” panel Gemini’s embedded, agent-style assistant mode within Chrome had a high‑severity vulnerability tracked as CVE‑2026‑0628. The flaw let a low‑privilege extension inject code into the Gemini side panel and inherit its powerful capabilities, including local file...

8.8CVSS6AI score0.06545EPSS
Exploits2
OSV
OSV
added 2025/12/31 11:20 p.m.11 views

CVE-2025-69412

KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API aka phishing API, which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration...

3.4CVSS6.8AI score0.00241EPSS
Exploits0References6
CVE
CVE
added 2025/12/31 11:20 p.m.260 views

CVE-2025-69412

KDE messagelib vulnerable before version 25.11.90 due to ignoring SSL errors for threatMatches:find in the Google Safe Browsing Lookup API, potentially allowing spoofed threat data. The issue is mitigated by updating to KDE messagelib 25.11.90 or applying the vendor security patch described in th...

3.4CVSS6.5AI score0.00241EPSS
Exploits0References4
Rows per page
Query Builder