Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

152 matches found

RedhatCVE
RedhatCVEadded yesterday8 views

CVE-2026-50235

Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScri...

6.1CVSS5.6AI score0.00029EPSS
Exploits2References1
NVD
NVDadded 2 days ago8 views

CVE-2026-50235

Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScri...

6.1CVSS0.00029EPSS
Exploits2References2
Vulnrichment
Vulnrichmentadded 2 days ago3 views

CVE-2026-50235 Lyrion Music Server 9.2.0 Reflected XSS via search Parameters

Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScri...

6.1CVSS5.6AI score0.00029EPSS
Exploits2References2
CVE
CVEadded 2 days ago12 views

CVE-2026-50235

Affected software: Lyrion Music Server 9.2.0. Vulnerability: reflected XSS in advanced search parameters that fail to sanitize user input before displaying it in search forms. Impact: can execute arbitrary JavaScript in users’ browsers and potentially steal session information. Exploitation/Detai...

6.1CVSS5.6AI score0.00029EPSS
Exploits2References2
Cvelist
Cvelistadded 2 days ago29 views

CVE-2026-50235 Lyrion Music Server 9.2.0 Reflected XSS via search Parameters

Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScri...

6.1CVSS0.00029EPSS
Exploits2References2
CNNVD
CNNVDadded 2026/05/10 12:0 a.m.4 views

Moodle 跨站脚本漏洞

Moodle is an open-source e-learning software platform developed by Moodle, also known as a course management system, learning management system, or virtual learning environment. Version 4.0 of Moodle has a cross-site scripting vulnerability. This vulnerability stems from the search parameters...

6.1CVSS5.6AI score0.00146EPSS
Exploits1References1
OSV
OSVadded 2026/05/05 12:18 a.m.0 views

GHSA-XHJH-PMCV-23JW Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams

Vulnerability Disclosure: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams Summary The encode function in lib/helpers/AxiosURLSearchParams.js contains a character mapping charMap at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent'\x00'...

3.7CVSS5.9AI score0.00083EPSS
Exploits1References3
EUVD
EUVDadded 2026/05/05 12:18 a.m.0 views

EUVD-2026-25590

Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams...

3.7CVSS5.8AI score0.00083EPSS
Exploits1References2
NVD
NVDadded 2026/04/24 6:16 p.m.0 views

CVE-2026-42040

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode function in lib/helpers/AxiosURLSearchParams.js contains a character mapping charMap at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent'\x00' correctly...

3.7CVSS0.00083EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/04/24 5:40 p.m.28 views

CVE-2026-42040 Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode function in lib/helpers/AxiosURLSearchParams.js contains a character mapping charMap at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent'\x00' correctly...

3.7CVSS0.00083EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2026/04/17 12:0 a.m.2 views

PT-2026-33401

The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ip search', 'startdate', 'enddate', 'username search', and 'useremail search' parameters in all versions up to, and including, 1.15.40. This is due to the WDW FM Library::validate data method calling stripslashes...

4.9CVSS5.9AI score0.00019EPSS
Exploits0References9
CNNVD
CNNVDadded 2026/04/12 12:0 a.m.1 views

Newsbull SQL注入漏洞

Newsbull is a news website content management system developed by Gürkan Uzunca. Version 1.0.0 of Newsbull has a SQL injection vulnerability, which stems from insufficient input validation for the search parameters across multiple endpoints, potentially allowing SQL injection attacks...

7.1CVSS5.8AI score0.00012EPSS
Exploits1References4
CNNVD
CNNVDadded 2026/04/07 12:0 a.m.3 views

ChurchCRM 安全漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained security vulnerabilities. These vulnerabilities stemmed from uncleaned or improperly encoded dashboard search parameters, which could lead to cross-site scripting attacks...

8.6CVSS5.6AI score0.00054EPSS
Exploits1References1
NVD
NVDadded 2026/02/01 1:15 p.m.3 views

CVE-2021-47920

WebMO Job Manager 20.0 contains a cross-site scripting vulnerability in search parameters that allows remote attackers to inject malicious script code. Attackers can exploit the filterSearch and filterSearchType parameters to perform non-persistent attacks including session hijacking and external...

5.4CVSS0.00019EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/02/01 12:15 p.m.3 views

CVE-2021-47920 WebMO Job Manager 20.0 Cross-Site Scripting via Search Parameters

WebMO Job Manager 20.0 contains a cross-site scripting vulnerability in search parameters that allows remote attackers to inject malicious script code. Attackers can exploit the filterSearch and filterSearchType parameters to perform non-persistent attacks including session hijacking and external...

5.4CVSS5.1AI score0.00019EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/02/01 12:15 p.m.3 views

CVE-2021-47920

WebMO Job Manager 20.0 contains a cross-site scripting vulnerability in search parameters that allows remote attackers to inject malicious script code. Attackers can exploit the filterSearch and filterSearchType parameters to perform non-persistent attacks including session hijacking and external...

5.4CVSS5.9AI score0.00019EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2026/02/01 12:15 p.m.8 views

CVE-2021-47920

CVE-2021-47920 affects WebMO Job Manager 20.0. The vulnerability is a cross-site scripting flaw in search parameters, exploitable through the filterSearch and filterSearchType fields, enabling remote attackers to inject script code. Described impacts include non-persistent attacks such as session...

5.4CVSS5.9AI score0.00019EPSS
Exploits0References3
EUVD
EUVDadded 2026/02/01 12:15 p.m.7 views

EUVD-2021-34751

WebMO Job Manager 20.0 contains a cross-site scripting vulnerability in search parameters that allows remote attackers to inject malicious script code. Attackers can exploit the filterSearch and filterSearchType parameters to perform non-persistent attacks including session hijacking and external...

5.4CVSS5.9AI score0.00019EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/02/01 12:15 p.m.30 views

CVE-2021-47920 WebMO Job Manager 20.0 Cross-Site Scripting via Search Parameters

WebMO Job Manager 20.0 contains a cross-site scripting vulnerability in search parameters that allows remote attackers to inject malicious script code. Attackers can exploit the filterSearch and filterSearchType parameters to perform non-persistent attacks including session hijacking and external...

5.4CVSS0.00019EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/02/01 12:0 a.m.6 views

PT-2026-5565

WebMO Job Manager 20.0 contains a cross-site scripting vulnerability in search parameters that allows remote attackers to inject malicious script code. Attackers can exploit the filterSearch and filterSearchType parameters to perform non-persistent attacks including session hijacking and external...

5.4CVSS5.9AI score0.00019EPSS
Exploits0References4
Rows per page
Query Builder