Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Drupal
Drupaladded 2025/09/24 12:0 a.m.5 views

Umami Analytics - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-109

This module enables you to add Umami Analytics web statistics tracking system to your website. The "administer umami analytics" permission allows inserting an arbitrary JavaScript file on every page. While this is an expected feature, the permission lacks the "restrict access" flag, which should...

3.8CVSS5.4AI score0.00032EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2023/10/06 12:0 a.m.3 views

PT-2023-29284 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS version 9.2.1 Description: The issue concerns multiple Cross Site Scripting XSS vulnerabilities that allow an attacker to execute arbitrary code via a crafted script. This can be done by exploiting the Header and Footer Tracking...

4.8CVSS5.7AI score0.00233EPSS
Exploits2References14
WPVulnDB
WPVulnDBadded 2022/04/21 12:0 a.m.25 views

VikBooking Hotel Booking Engine & PMS < 1.5.7 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS payloads in them via a CSRF attack PoC XSS will be triggered...

6.5CVSS1.9AI score0.00142EPSS
Exploits2Affected Software1
wpexploit
wpexploitadded 2022/04/21 12:0 a.m.385 views

VikBooking Hotel Booking Engine & PMS < 1.5.7 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS payloads in them via a CSRF attack XSS will be triggered in...

6.5CVSS0.8AI score0.00142EPSS
Exploits2
securityvulns
securityvulnsadded 2005/03/16 12:0 a.m.32 views

[SECURITYREASON.COM] phpAdsNew 2.0.4-pr1 Multiple vulnerabilities cXIb8O3.9

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpAdsNew 2.0.4-pr1 Multiple vulnerabilities cXIb8O3.9 Author: Maksymilian Arciemowicz cXIb8O3 Date: 13.3.2005 from securityreason.com TEAM - --- 0.Description --- phpAdsNew is an open-source ad server, with an integrated banner management interface a...

6.8AI score
Exploits0
exploitpack
exploitpackadded 2002/09/10 12:0 a.m.11 views

UDP Stress Tester - Denial of Service

UDP Stress Tester - Denial of Service include include include include include include include include include define shit "BLEAHD" timet elapsed; long sendcount = 0, kbs; void statsint signum kbs = sendcount6/time0-elapsed/1024; // i dont think this is right but... printf"\npid: %d, ran for %u...

0.4AI score
Exploits0
Rows per page
Query Builder