Lucene search
K

26092 matches found

NVD
NVD
added yesterday3 views

CVE-2026-40957

o CVE-2026-40957 is a frameable content vulnerability in the Secure Access server login page prior to 14.55. Attackers with control of a malicious web site could use it to potentially steal credentials from an unwary administrator...

6.1CVSS
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-40957

CVE-2026-40957 is a frameable content vulnerability in the Secure Access server login page prior to 14.55. The flaw allows an attacker who controls a malicious website to potentially steal credentials from an unwary administrator. According to the provided metrics, the CVSSv4 base score is 6.1 (M...

6.1CVSS6AI score
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-14961

Pegatron Tdelo64.sys exposes a privileged device interface, \.\TdeIo, that fails to properly restrict access to sensitive IOCTL functionality. The driver's IOCTL dispatcher does not validate caller privileges or verify user-supplied kernel memory addresses before performing memory operations. By...

6.2CVSS
Exploits1References1
EUVD
EUVD
added yesterday3 views

EUVD-2026-44731

Pegatron Tdelo64.sys exposes a privileged device interface, \.\TdeIo, that fails to properly restrict access to sensitive IOCTL functionality. The driver's IOCTL dispatcher does not validate caller privileges or verify user-supplied kernel memory addresses before performing memory operations. By...

6.2CVSS6.2AI score
Exploits1References1
CVE
CVE
added yesterday5 views

CVE-2026-45150

Zen Browser is a Firefox-based browser. The CVE-2026-45150 issue affects Zen prior to version 1.19.13b, where there was no persistent, clearly visible security notification when a page entered fullscreen. This could allow an attacker-controlled page to hide the real browser UI and origin informat...

6.3CVSS6.1AI score0.00027EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday8 views

CVE-2026-45150 Zen Browser - Missing Fullscreen Security Notification Allows Origin Spoofing

Zen is a firefox-based browser. Prior to 1.19.13b, Zen Browser did not provide a persistent, clearly visible security notification when a webpage entered fullscreen mode, allowing an attacker-controlled page to hide the real browser UI and origin information, imitate a trusted website UI, and...

6.3CVSS0.00027EPSS
Exploits0References1
EUVD
EUVD
added yesterday3 views

EUVD-2026-44703

Zen is a firefox-based browser. Prior to 1.19.13b, Zen Browser did not provide a persistent, clearly visible security notification when a webpage entered fullscreen mode, allowing an attacker-controlled page to hide the real browser UI and origin information, imitate a trusted website UI, and...

6.3CVSS6.1AI score0.00027EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-56398

Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs...

8.5CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday7 views

CVE-2026-56398 Open WebUI - Stored Cross-Site Scripting via OAuth Picture Claim SVG Data URI

Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs...

8.5CVSS
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-44628

Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs...

8.5CVSS6.2AI score
Exploits0References2
Nuclei
Nuclei
added yesterday42 views

Agentejo Cockpit 0.10.2 - Cross-Site Scripting

Agentejo Cockpit 0.10.2 contains a reflected cross-site scripting vulnerability due to insufficient sanitization of the to parameter in the /auth/login route, which allows for injection of arbitrary JavaScript code into a web page's content. id: CVE-2020-14408 info: name: Agentejo Cockpit 0.10.2 ...

6.1CVSS6.5AI score0.03003EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday90 views

WordPress MF Gig Calendar <=1.1 - Cross-Site Scripting

WordPress MF Gig Calendar plugin 1.1 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize or escape the id GET parameter before outputting back in the admin dashboard when editing an event. id: CVE-2021-24510 info: name: WordPress MF Gig Calendar =1.2 which...

6.1CVSS6.4AI score0.02721EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday103 views

Ghost CMS <=4.32 - Cross-Site Scripting

Ghost CMS 4.0.0 to 4.3.2 contains a DOM cross-site scripting vulnerability. An unused endpoint added during the development of 4.0.0 allows attackers to gain access by getting logged-in users to click a link containing malicious code. id: CVE-2021-29484 info: name: Ghost CMS =4.32 - Cross-Site...

6.8CVSS6.6AI score0.07935EPSS
Exploits1References7
Nuclei
Nuclei
added yesterday72 views

Redwood Report2Web 4.3.4.5 & 4.5.3 - Cross-Site Scripting

Redwood Report2Web 4.3.4.5 and 4.5.3 contains a cross-site scripting vulnerability in the login panel which allows remote attackers to inject JavaScript via the signIn.do urll parameter. id: CVE-2021-26710 info: name: Redwood Report2Web 4.3.4.5 & 4.5.3 - Cross-Site Scripting author: pikpikcu...

6.1CVSS6.4AI score0.075EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday35 views

MaxSite CMS > V106 - Cross-Site Scripting

A reflected cross-site scripting vulnerability in MaxSite CMS before V106 via product/page/ allows remote attackers to inject arbitrary web script to a page." id: CVE-2021-35265 info: name: MaxSite CMS V106 - Cross-Site Scripting author: pikpikcu severity: medium description: | A reflected...

6.1CVSS6.5AI score0.03436EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday35 views

WordPress Post Grid <2.1.8 - Cross-Site Scripting

WordPress Post Grid plugin before 2.1.8 contains a reflected cross-site scripting vulnerability. The slider import search feature and tab parameter of thesettings are not properly sanitized before being output back in the pages, id: CVE-2021-24488 info: name: WordPress Post Grid 2.1.8 - Cross-Sit...

6.1CVSS6.4AI score0.11241EPSS
Exploits5References4
Nuclei
Nuclei
added yesterday26 views

Spotweb <= 1.5.1 - Cross Site Scripting

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter. id: CVE-2021-40971 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat...

6.1CVSS6.5AI score0.02204EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday13 views

KevinLAB BEMS 1.0 - SQL Injection

KevinLAB BEMS 1.0 contains a SQL injection vulnerability. Input passed through inputid POST parameter in /http/index.php is not properly sanitized before being returned to the user or used in SQL queries. An attacker can possibly obtain sensitive information from a database, modify data, and...

9.8CVSS7.1AI score0.08146EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday56 views

Admidio - Cross-Site Scripting

A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The reflected cross-site scripting vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious...

8.8CVSS6.4AI score0.05784EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday163 views

UpdraftPlus < 1.22.9 - Cross-Site Scripting

The plugin does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability. id: CVE-2022-0864 info: name: UpdraftPlus 1.22.9 - Cross-Site Scripting author: DhiyaneshDk severity: medium description...

6.1CVSS6.4AI score0.07355EPSS
Exploits4References4
Rows per page
Query Builder