Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1123374 matches found

Github Security Blog
Github Security Blogadded 2 days ago18 views

Shopper: Multiple data integrity and disclosure issues in admin Livewire components

Impact Three related defects on admin Livewire components allowed data tampering, sensitive data disclosure, and stored XSS: - IDOR via unlocked properties. Several Livewire components in the admin panel exposed Eloquent model identifiers as public properties without the Locked attribute. An...

5.6AI score
Exploits0References3Affected Software1
OSV
OSVadded 2 days ago6 views

GHSA-HR9V-R8R2-HG7J Shopper: Multiple data integrity and disclosure issues in admin Livewire components

Impact Three related defects on admin Livewire components allowed data tampering, sensitive data disclosure, and stored XSS: - IDOR via unlocked properties. Several Livewire components in the admin panel exposed Eloquent model identifiers as public properties without the Locked attribute. An...

8.7CVSS5.6AI score
Exploits0References3
Github Security Blog
Github Security Blogadded 2 days ago10 views

TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection

Impact Stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted data-mce- attributes, which are executed when content is rendered. Impacts users of TinyMCE with the media plugin enabled. Patches This vulnerability has been patched in TinyMCE 8.5.1, TinyMCE...

8.7CVSS5.3AI score0.00032EPSS
Exploits0References5Affected Software2
OSV
OSVadded 2 days ago4 views

GHSA-VG35-5WQ7-3X7W TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection

Impact Stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted data-mce- attributes, which are executed when content is rendered. Impacts users of TinyMCE with the media plugin enabled. Patches This vulnerability has been patched in TinyMCE 8.5.1, TinyMCE...

8.7CVSS5.3AI score0.00032EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2 days ago13 views

TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments

Impact Stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when content is restored. Impacts users who utilize the protect option. Patches Patched by validating decoded mce:protected content against configured protect...

8.7CVSS5.5AI score0.00032EPSS
Exploits0References5Affected Software2
OSV
OSVadded 2 days ago4 views

GHSA-V98H-VMPC-FPQV TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments

Impact Stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when content is restored. Impacts users who utilize the protect option. Patches Patched by validating decoded mce:protected content against configured protect...

8.7CVSS5.5AI score0.00032EPSS
Exploits0References5
OSV
OSVadded 2 days ago3 views

GHSA-Q742-QVGC-GC2F TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes

Impact Stored XSS vulnerability via unsanitized data-mce- attributes data-mce-href, data-mce-src, data-mce-style. Allows attackers to inject malicious values that override safe attributes during serialization, bypassing validation. Patches Patched by stripping unsafe data-mce- attributes during...

8.7CVSS5.4AI score0.00032EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2 days ago10 views

TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes

Impact Stored XSS vulnerability via unsanitized data-mce- attributes data-mce-href, data-mce-src, data-mce-style. Allows attackers to inject malicious values that override safe attributes during serialization, bypassing validation. Patches Patched by stripping unsafe data-mce- attributes during...

8.7CVSS5.4AI score0.00032EPSS
Exploits0References5Affected Software2
EUVD
EUVDadded 2 days ago9 views

EUVD-2026-32921

TinyMCE Cross-Site Scripting XSS vulnerability using through data-mce- prefixed src, href, style attributes...

8.7CVSS5.4AI score0.00032EPSS
Exploits0References4
NVD
NVDadded 2 days ago8 views

CVE-2026-25624

An administrative cross-site scripting XSS vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating vector payload processin...

5.8CVSS0.00037EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2 days ago8 views

TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs

Impact TinyMCE 6.8.x contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. Patches This issue affects TinyMCE 6.8.x-7.0.x. The vulnerability is fix...

8.7CVSS5.8AI score0.00033EPSS
Exploits0References3Affected Software2
EUVD
EUVDadded 2 days ago11 views

EUVD-2026-32920

TinyMCE Cross-Site Scripting XSS vulnerability using sanitization bypass through nested SVGs...

8.7CVSS5.4AI score0.00033EPSS
Exploits0References2
OSV
OSVadded 2 days ago4 views

GHSA-MH5M-5HW4-5C69 TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs

Impact TinyMCE 6.8.x contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. Patches This issue affects TinyMCE 6.8.x-7.0.x. The vulnerability is fix...

8.7CVSS5.8AI score0.00033EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2 days ago6 views

CVE-2023-42343

A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type...

6.1CVSS5.4AI score0.00194EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2 days ago5 views

CVE-2023-42345

A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp...

6.1CVSS5.4AI score0.00074EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2 days ago7 views

CVE-2026-36460

Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cross Site Scripting vulnerability. The /Admin/Save API allows an authenticated admin user to store malicious JavaScript payloads in multiple configuration sections without proper input validation or output encoding...

5.5AI score0.00018EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2 days ago6 views

CVE-2025-61308

A reflected cross-site scripted XSS vulnerability in the dfm-menumaintenance.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

6.1CVSS5.7AI score0.00031EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2 days ago6 views

CVE-2025-61313

A reflected cross-site scripted XSS vulnerability in the dfm-menumarkeralerts.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

7.3CVSS5.7AI score0.00031EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2 days ago6 views

CVE-2025-61311

A reflected cross-site scripted XSS vulnerability in the dfm-menualerts.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

7.3CVSS5.7AI score0.00031EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2 days ago7 views

CVE-2025-61872

Mahara before 25.04.2 and 24.04.11 are vulnerable to displaying results that can trigger XSS via a malicious search query string. This occurs in the 'search site' feature when using the Elasticsearch7 search plugin. The Elasticsearch function does not properly sanitize input in the query paramete...

6.1CVSS5.5AI score0.00034EPSS
Exploits0References1
Rows per page
Query Builder