Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

147 matches found

CNNVD
CNNVDadded 2026/04/23 12:0 a.m.4 views

WordPress plugin ExactMetrics 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.2CVSS6.3AI score0.00256EPSS
Exploits0References1
CVE
CVEadded 2026/03/19 7:41 p.m.8 views

CVE-2026-32119

CVE-2026-32119 affects OpenEMR up to version 8.0.0.1 (fixed in 8.0.0.2). The issue is a DOM-based stored XSS in the jQuery SearchHighlight plugin (library/js/SearchHighlight.js) where an authenticated user with encounter form write access can inject arbitrary JavaScript that executes in another c...

4.4CVSS5.9AI score0.00016EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2026/03/19 7:41 p.m.3 views

CVE-2026-32119 OpenEMR has Stored DOM XSS via SearchHighlight text-node reconstruction on Custom Report page

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, DOM-based stored XSS in the jQuery SearchHighlight plugin library/js/SearchHighlight.js allows an authenticated user with encounter form write access to inject arbitrary...

4.4CVSS6AI score0.00016EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/03/19 7:41 p.m.1 views

CVE-2026-32119 OpenEMR has Stored DOM XSS via SearchHighlight text-node reconstruction on Custom Report page

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, DOM-based stored XSS in the jQuery SearchHighlight plugin library/js/SearchHighlight.js allows an authenticated user with encounter form write access to inject arbitrary...

4.4CVSS5.9AI score0.00016EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2026/03/09 1:59 p.m.3 views

CVE-2026-3738

A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the component Financial Report Page. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit is publicly available...

6.5CVSS5.5AI score0.00048EPSS
Exploits1References1
EUVD
EUVDadded 2026/03/08 3:30 p.m.2 views

EUVD-2026-10241

A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the component Financial Report Page. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit is publicly available...

6.5CVSS6.3AI score0.00048EPSS
Exploits1References6
OSV
OSVadded 2026/03/08 2:15 p.m.1 views

CVE-2026-3738

A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the component Financial Report Page. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit is publicly available...

6.3CVSS5.4AI score0.00048EPSS
Exploits1References5
NVD
NVDadded 2026/03/08 2:15 p.m.4 views

CVE-2026-3738

A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the component Financial Report Page. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit is publicly available...

6.5CVSS0.00048EPSS
Exploits1References5
CVE
CVEadded 2026/03/08 1:32 p.m.8 views

CVE-2026-3738

SourceCodester Pet Grooming Management Software 1.0 is affected, specifically the Financial Report Page component. The Red Hat, NVD and PT- Security entries converge on a flaw that enables improper/unauthenticated remote authorization bypass. Exploitation is publicly available, enabling remote ex...

6.5CVSS6.3AI score0.00048EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/08 1:32 p.m.1 views

CVE-2026-3738 SourceCodester Pet Grooming Management Software Financial Report improper authorization

A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the component Financial Report Page. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit is publicly available...

6.5CVSS5.5AI score0.00048EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2026/03/08 12:0 a.m.4 views

PT-2026-23943

Name of the Vulnerable Software and Affected Versions SourceCodester Pet Grooming Management Software version 1.0 Description A flaw exists in the Financial Report Page component of the software that allows for improper authorization. This can be exploited remotely by an attacker. The exploit is...

6.5CVSS6.6AI score0.00048EPSS
Exploits1References12
RedhatCVE
RedhatCVEadded 2026/02/20 1:22 a.m.3 views

CVE-2026-2682

A vulnerability has been found in Tsinghua Unigroup Electronic Archives System up to 3.2.21080262532. Impacted is an unknown function of the file /mine/PublicReport/prinReport.html?token=java. Such manipulation of the argument comid leads to sql injection. The attack can be launched remotely. The...

9.8CVSS5.5AI score0.00014EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/19 4:17 p.m.5 views

CVE-2026-1124

A security flaw has been discovered in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/workreport.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the...

9.8CVSS5.4AI score0.00015EPSS
Exploits0References1
NVD
NVDadded 2026/01/18 4:15 p.m.4 views

CVE-2026-1124

A security flaw has been discovered in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/workreport.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the...

9.8CVSS0.00015EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/01/18 3:32 p.m.21 views

CVE-2026-1124 Yonyou KSOA HTTP GET Parameter work_report.jsp sql injection

A security flaw has been discovered in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/workreport.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the...

7.5CVSS0.00015EPSS
Exploits0References4
Cvelist
Cvelistadded 2025/10/30 9:55 p.m.7 views

CVE-2011-10040 Nagios XI < 2011R1.9 XSS via Status/Report Page Link Functions

Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting XSS via the link-handling functions used by status and report pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's...

5.1CVSS0.00478EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/10/30 9:55 p.m.3 views

CVE-2011-10040 Nagios XI < 2011R1.9 XSS via Status/Report Page Link Functions

Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting XSS via the link-handling functions used by status and report pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's...

5.1CVSS5.8AI score0.00478EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/10/10 4:20 p.m.2 views

CVE-2025-60000

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's...

6.1CVSS6.9AI score0.00035EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/10/10 4:20 p.m.1 views

CVE-2025-60001

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's...

6.1CVSS6.9AI score0.00035EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/10/10 4:20 p.m.3 views

CVE-2025-59988

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's...

6.1CVSS6.9AI score0.00035EPSS
Exploits0References1
Rows per page
Query Builder