Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Cvelist
Cvelistadded 2026/05/07 6:5 p.m.25 views

CVE-2026-41904 FreeScout Stored XSS vulnerability in mailbox auto-reply: payload reaches every customer's email client (no CSP), bypassing strip_tags validator with mixed text+HTML content

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the auto-reply email sent to every customer who...

7.6CVSS0.00033EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/11/20 12:0 a.m.3 views

TencentOS Server 4: iputils (TSSA-2025:0381)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0381 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

6.5CVSS6.5AI score0.00508EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2023/01/13 6:3 p.m.5 views

CVE-2023-22489 Flarum is missing authorization in discussion replies

Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that...

3.5CVSS4.1AI score0.00299EPSS
Exploits0References3
CNNVD
CNNVDadded 2022/01/10 12:0 a.m.2 views

dnslib 安全漏洞

dnslib is an open source Python library for encoding/decoding DNS wired format packets. A security vulnerability exists in dnslib that stems from the fact that the dnslib package does not verify that the ID value in a DNS reply matches the ID value in a query...

7.5CVSS6.5AI score0.0032EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2021/11/16 9:45 a.m.6 views

CVE-2021-25984 FactorJS - Stored Cross-Site Scripting (XSS) in Post Reply Functionality

In Factor App Framework & Headless CMS forum plugin, versions v1.3.3 to v1.8.30, are vulnerable to stored Cross-Site Scripting XSS at the “post reply” section. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies...

6.1CVSS5.9AI score0.01511EPSS
Exploits0References2
NVD
NVDadded 2018/05/17 7:29 p.m.10 views

CVE-2018-11101

Open Whisper Signal aka Signal-Desktop through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a reply, a different vulnerability than CVE-2018-10994. The attacker needs to send HTML code directly as a...

6.1CVSS6.1AI score0.00428EPSS
Exploits1References1
Exploit DB
Exploit DBadded 2003/01/30 12:0 a.m.32 views

BitchX 1.0 - 'RPL_NAMREPLY' Denial of Service

// source: https://www.securityfocus.com/bid/6880/info It has been reported that BitchX does not properly handle some types of replies contained in the RPLNAMREPLY numeric. When a malformed reply is received by the client, the client crashes, resulting in a denial of service. / bitchx-353.c --arg...

7.4AI score
Exploits0
Rows per page
Query Builder