Lucene search
K

20086 matches found

SUSE CVE
SUSE CVE
added 2026/05/08 2:26 a.m.8 views

SUSE CVE-2026-7953

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via malicious network traffic. Chromium security severity: Medium...

6.1CVSS5.9AI score0.00171EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:26 a.m.7 views

SUSE CVE-2026-7958

Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML UXSS via a crafted Chrome Extension. Chromium security severity: Medium...

5.4CVSS5.9AI score0.00142EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:25 a.m.6 views

SUSE CVE-2026-8021

Script injection in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

4.2CVSS5.9AI score0.00155EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.12 views

PT-2026-38905

Name of the Vulnerable Software and Affected Versions E2Pdf – Export Pdf Tool for WordPress versions prior to 1.32.18 Description The E2Pdf – Export Pdf Tool for WordPress plugin allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts. This occurs du...

6.4CVSS6AI score0.00244EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/07 6:43 p.m.35 views

CVE-2026-41653 BentoPDF: Stored XSS via Markdown Editor Leading to Persistent File Exfiltration

BentoPDF is a client-side PDF toolkit that is self hostable. Prior to version 2.8.3, a cross-site scripting vulnerability was identified in BentoPD. An attacker may be able to execute arbitrary JavaScript in certain circumstances in Markdown to PDF Tool. This issue has been patched in version 2.8...

7CVSS0.00356EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 6:5 p.m.6 views

CVE-2026-41904

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the auto-reply email sent to every customer who...

7.6CVSS5.7AI score0.00171EPSS
Exploits0References3Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/05/07 2:0 p.m.8 views

Chromium: CVE-2026-8021 Script injection in UI

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

4.2CVSS5.8AI score0.00155EPSS
Exploits0
CVE
CVE
added 2026/05/07 12:0 a.m.13 views

CVE-2026-36388

PHPGurukal Hospital Management System v4.0 contains a stored XSS flaw in /hospital/hms/edit-profile.php. An authenticated patient can inject a script via the User Name field, which is stored and later rendered in the doctor interface. The vulnerability is caused by unsanitized input being stored ...

5.4CVSS5.7AI score0.00138EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/06 9:31 p.m.5 views

EUVD-2026-27985

Insufficient validation of untrusted input in Mobile in Google Chrome on Android prior to 148.0.7778.96 allowed a local attacker to inject arbitrary scripts or HTML UXSS via a crafted Chrome Extension. Chromium security severity: Medium...

4.4CVSS5.9AI score0.00112EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/06 9:31 p.m.7 views

EUVD-2026-27981

Inappropriate implementation in SanitizerAPI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

5.4CVSS6AI score0.00165EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/06 9:31 p.m.9 views

EUVD-2026-28019

Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML UXSS via a crafted Chrome Extension. Chromium security severity: Medium...

5.4CVSS5.9AI score0.00142EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/06 8:57 p.m.11 views

Magento LTS: Reflected XSS - Import -> Data Flow (profiles)

A reflected XSS vulnerability was found under admin panel - System - Import/Export - Dataflow - Profiles. Steps to produce + Login to the admin panel + Go to the path System - Import/Export - Dataflow - Profiles + Select profile direction as Import. + Click on Import Customers + Upload the file...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/05/06 8:18 p.m.10 views

Cross-site Scripting (XSS)

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Cross-site Scripting XSS in the FAQ creation and update process. An attacker can execute arbitrary JavaScript in the browsers of users who view maliciou...

5.4CVSS5.8AI score0.00153EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 8:18 p.m.8 views

Cross-site Scripting (XSS)

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Cross-site Scripting XSS in the FAQ creation and update process. An attacker can execute arbitrary JavaScript in the browsers of users who view maliciou...

5.4CVSS5.8AI score0.00153EPSS
Exploits0References2
NVD
NVD
added 2026/05/06 8:16 p.m.29 views

CVE-2026-40171

In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...

8.4CVSS0.00476EPSS
Exploits0References1
NVD
NVD
added 2026/05/06 7:16 p.m.5 views

CVE-2026-8021

Script injection in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

4.2CVSS0.00155EPSS
Exploits0References2
NVD
NVD
added 2026/05/06 7:16 p.m.8 views

CVE-2026-7958

Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML UXSS via a crafted Chrome Extension. Chromium security severity: Medium...

5.4CVSS0.00142EPSS
Exploits0References2
NVD
NVD
added 2026/05/06 7:16 p.m.4 views

CVE-2026-7953

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via malicious network traffic. Chromium security severity: Medium...

6.1CVSS0.00171EPSS
Exploits0References2
NVD
NVD
added 2026/05/06 7:16 p.m.9 views

CVE-2026-7941

Insufficient validation of untrusted input in Mobile in Google Chrome on Android prior to 148.0.7778.96 allowed a local attacker to inject arbitrary scripts or HTML UXSS via a crafted Chrome Extension. Chromium security severity: Medium...

4.4CVSS0.00112EPSS
Exploits0References2
NVD
NVD
added 2026/05/06 7:16 p.m.6 views

CVE-2026-7939

Inappropriate implementation in SanitizerAPI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

5.4CVSS0.00165EPSS
Exploits0References2
Rows per page
Query Builder