Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

EUVD
EUVDadded 2026/05/27 2:23 p.m.12 views

EUVD-2026-32523

Mattermost Plugins versions =1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary locations within the target server's filestore via...

8CVSS6AI score0.00052EPSS
Exploits0References1
NVD
NVDadded 2023/04/05 4:15 p.m.10 views

CVE-2023-1758

Failure to Sanitize Special Elements into a Different Plane Special Element Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

8.9CVSS6.2AI score0.00276EPSS
Exploits1References2
Prion
Prionadded 2023/04/05 4:15 p.m.12 views

Design/Logic Flaw

Failure to Sanitize Special Elements into a Different Plane Special Element Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

6CVSS5.4AI score0.00276EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2023/01/16 4:15 p.m.2 views

CVE-2022-3904

The MonsterInsights WordPress plugin before 8.9.1 does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics...

6.1CVSS5.9AI score0.36712EPSS
Exploits3References1
OSV
OSVadded 2021/09/20 10:15 a.m.1 views

CVE-2021-24613

The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00206EPSS
Exploits2References1
Veracode
Veracodeadded 2020/11/13 3:14 a.m.12 views

Prototype Pollution

field is vulnerable to Prototype Pollution. Failure to sanitize the field in the levelUp function and moveUp function allows for injection of arbitrary properties into existing construct prototypes and modification of attributes such as proto, constructor and prototype...

9.8CVSS4AI score0.02626EPSS
Exploits1References3Affected Software1
Zero Day Initiative
Zero Day Initiativeadded 2014/07/18 12:0 a.m.30 views

Apple OS X Dock Service Sandbox Escape Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the OS X Dock. The...

4.6CVSS6.5AI score0.00788EPSS
Exploits0References1
0day.today
0day.todayadded 2010/12/20 12:0 a.m.27 views

Inout Webmail Script Persistent XSS Vulnerability

Exploit for php platform in category web applications Name :inoutwebmail Persistent Xss Vulnerability Date : Dec,20 2010 Vendor Url :http://www.inoutscripts.com/ Author : Sid3^effects aKa HaRi Big hugs : Th3 RDX,Hananbutt, special thanks to : r0073r inj3ct0r.com,L0rd...

7.1AI score
Exploits0
Packet Storm
Packet Stormadded 2010/09/01 12:0 a.m.18 views

ArtGK Cross Site Scripting

===================================== Vulnerability ID: HTB22588 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinartgkcms1.html Product: ArtGK CMS Vendor: ArtGK http://artgk-cms.ru/ Vulnerable Version: 2009-08-28 16:00:00 and Probably Prior Versions Vendor Notification: 18 August 201...

0.2AI score
Exploits0
Rows per page
Query Builder