Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

21 matches found

RedhatCVE
RedhatCVEadded 2026/01/27 3:20 a.m.3 views

CVE-2025-70368

Worklenz version 2.1.5 contains a Stored Cross-Site Scripting XSS vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript may be executed in a...

5.4CVSS5.9AI score0.00016EPSS
Exploits2References1
NVD
NVDadded 2026/01/26 7:16 p.m.3 views

CVE-2025-70368

Worklenz version 2.1.5 contains a Stored Cross-Site Scripting XSS vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript may be executed in a...

5.4CVSS0.00016EPSS
Exploits2References2
Cvelist
Cvelistadded 2026/01/26 12:0 a.m.30 views

CVE-2025-70368

Worklenz version 2.1.5 contains a Stored Cross-Site Scripting XSS vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript may be executed in a...

0.00016EPSS
Exploits2References2
EUVD
EUVDadded 2026/01/26 12:0 a.m.3 views

EUVD-2025-206349

Worklenz version 2.1.5 contains a Stored Cross-Site Scripting XSS vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript may be executed in a...

5.4CVSS5.9AI score0.00016EPSS
Exploits2References2
Vulnrichment
Vulnrichmentadded 2026/01/26 12:0 a.m.3 views

CVE-2025-70368

Worklenz version 2.1.5 contains a Stored Cross-Site Scripting XSS vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript may be executed in a...

5.9AI score0.00016EPSS
Exploits2References2
Positive Technologies
Positive Technologiesadded 2026/01/26 12:0 a.m.2 views

PT-2026-4804

Name of the Vulnerable Software and Affected Versions Worklenz version 2.1.5 Description Worklenz version 2.1.5 has a Stored Cross-Site Scripting XSS issue in the Project Updates feature. An attacker can inject a malicious payload into the Updates text field. This payload is then displayed in the...

5.4CVSS5.7AI score0.00016EPSS
Exploits2References6
CVE
CVEadded 2026/01/26 12:0 a.m.6 views

CVE-2025-70368

CVE-2025-70368 affects Worklenz v2.1.5, with a Stored XSS in the Project Updates feature. The Updates text field renders un-sanitized input in the reporting view, enabling malicious JavaScript execution in a user’s browser. Root cause: lack of input sanitization for stored payloads. Impact per av...

5.4CVSS5.9AI score0.00016EPSS
Exploits2References2Affected Software1
CNNVD
CNNVDadded 2026/01/26 12:0 a.m.1 views

Worklenz security vulnerabilities

Worklenz is a project management tool developed by Worklenz as open source. Version 2.1.5 of Worklenz contains a security vulnerability, which stems from improper input handling during project updates. This vulnerability may lead to storage-based cross-site scripting attacks...

5.4CVSS5.6AI score0.00016EPSS
Exploits2References3
ATTACKERKB
ATTACKERKBadded 2026/01/26 12:0 a.m.3 views

CVE-2025-70368

Worklenz version 2.1.5 contains a Stored Cross-Site Scripting XSS vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript may be executed in a...

5.4CVSS5.9AI score0.00016EPSS
Exploits2References3
GithubExploit
GithubExploitadded 2026/01/24 12:48 a.m.133 views

Exploit for CVE-2025-70368

CVE-2025-70368 Stored Cross-Site Scripting XSS in Project...

5.7AI score0.00016EPSS
Exploits2
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2023-39059

Malicious code in bioql PyPI...

3.3CVSS6.6AI score0.00011EPSS
Exploits0References2
The Hacker News
The Hacker Newsadded 2025/02/03 12:30 p.m.13 views

PyPI Introduces Archival Status to Alert Users About Unmaintained Python Packages

The maintainers of the Python Package Index PyPI registry have announced a new feature that allows package developers to archive a project as part of efforts to improve supply chain security. "Maintainers can now archive a project to let users know that the project is not expected to receive any...

7.5AI score
Exploits0
Spring Engineering
Spring Engineeringadded 2024/11/26 12:0 a.m.8 views

This Week in Spring - November 26th, 2024

This Week in Spring - November 26th, 2024 Hi, Spring fans! Welcome to another installment of This Week in Spring! Happy Spring Boot 3.4 release month to those who celebrate! And, also, Happy Thanksgiving to those who celebrate! Spring Boot 3.4 brings with it long-anticipated updates to the entire...

7.1AI score
Exploits0
OSV
OSVadded 2023/05/03 9:15 p.m.0 views

UBUNTU-CVE-2023-0485

An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible that a project member demoted to a user role to read project updates by doing a diff wit...

6.5CVSS5.7AI score0.02453EPSS
Exploits0References5
UbuntuCve
UbuntuCveadded 2023/05/03 9:15 p.m.27 views

CVE-2023-0485

An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible that a project member demoted to a user role to read project updates by doing a diff wit...

6.5CVSS6.5AI score0.02453EPSS
Exploits0References4
Debian CVE
Debian CVEadded 2023/05/03 12:0 a.m.14 views

CVE-2023-0485

Removed by vendor...

6.5CVSS6.6AI score0.02453EPSS
Exploits0
Vulnrichment
Vulnrichmentadded 2023/05/03 12:0 a.m.5 views

CVE-2023-0485

An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible that a project member demoted to a user role to read project updates by doing a diff wit...

6.5CVSS6AI score0.02453EPSS
Exploits0References3
CVE
CVEadded 2023/05/03 12:0 a.m.71 views

CVE-2023-0485

GitLab CVE-2023-0485 affects GitLab versions 13.11–<15.8.5, 15.9–<15.9.4, and 15.10–

6.5CVSS6.1AI score0.02453EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologiesadded 2023/05/03 12:0 a.m.1 views

PT-2023-16297 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 13.11 through 15.8.4 GitLab versions 15.9 through 15.9.3 GitLab versions 15.10 through 15.10.0 Description: An issue has been discovered in GitLab where a project member demoted to a user role could read project updates by doi...

6.5CVSS6AI score0.02453EPSS
Exploits0References11
OSV
OSVadded 2023/05/03 12:0 a.m.25 views

CVE-2023-0485

An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible that a project member demoted to a user role to read project updates by doing a diff wit...

6.5CVSS6.6AI score0.02453EPSS
Exploits0References5
Rows per page
Query Builder