Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2026/04/13 9:16 p.m.1 views

CVE-2025-70936

Vtiger CRM 8.4.0 contains a reflected cross-site scripting XSS vulnerability in the MailManager module. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s...

5.4CVSS0.00034EPSS
Exploits0References2
NVD
NVDadded 2026/04/02 9:16 p.m.0 views

CVE-2026-30251

A reflected cross-site scripting XSS vulnerability in the loginnewpwd.php endpoint of Interzen Consulting S.r.l ZenShare Suite v17.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted URL injected into the codiceazienda parameter...

6.1CVSS0.00012EPSS
Exploits0References1
CVE
CVEadded 2025/12/30 10:42 p.m.4 views

CVE-2022-50802

ETAP Safety Manager 1.0.0.32 is affected by an unauthenticated reflected XSS in the 'action' GET parameter. The vulnerability allows injection of HTML/JavaScript to execute in victims’ browsers, potentially leaking credentials or enabling unauthorized actions. The issue is documented across multi...

6.1CVSS6.2AI score0.00102EPSS
Exploits1References6Affected Software1
Debian CVE
Debian CVEadded 2025/09/29 9:26 a.m.5 views

CVE-2025-11146

Reflected Cross-site scripting XSS in Apt-Cacher-NG v3.2.1. The vulnerability allows an attacker to execute malicious scripts XSS in the web management application. The vulnerability is caused by improper handling of GET inputs included in the URL in “/acng-report.html”...

5.4CVSS5.3AI score0.00024EPSS
Exploits0
Positive Technologies
Positive Technologiesadded 2024/10/03 12:0 a.m.7 views

PT-2024-39581 · WordPress · The Product Delivery Date For Woocommerce – Lite

Name of the Vulnerable Software and Affected Versions: The Product Delivery Date for WooCommerce – Lite plugin for WordPress versions up to, and including, 2.7.3 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the...

6.1CVSS6.7AI score0.01684EPSS
Exploits0References9
OSV
OSVadded 2023/10/31 2:15 p.m.0 views

CVE-2023-5211

The Fattura24 WordPress plugin before 6.2.8 does not sanitize or escape the 'id' parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting vulnerability...

6.1CVSS7.3AI score
Exploits0References1
OSV
OSVadded 2023/08/30 2:15 p.m.0 views

CVE-2023-34175

Unauth. Reflected Cross-Site Scripting XSS vulnerability in GrandSlambert Login Configurator plugin = 2.1 versions...

6.1CVSS7.3AI score0.00088EPSS
Exploits0References1
OSV
OSVadded 2022/05/20 1:15 p.m.0 views

CVE-2022-29876

A vulnerability has been identified in SICAM T All versions V3.0. Affected devices do not properly handle the input of a GET request parameter. The provided argument is directly reflected in the web server response. This could allow an unauthenticated attacker to perform reflected XSS attacks...

7.1CVSS7.2AI score
Exploits0References3
Rows per page
Query Builder