Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

EUVD
EUVDadded 2026/03/20 1:4 a.m.3 views

EUVD-2026-13429

ChurchCRM is an open-source church management system. Versions prior to 7.0.2 allow an admin user to edit JSON type system settings to store a JavaScript payload that can execute when any admin views the system settings. The JSON input is left unescaped/unsanitized in SystemSettings.php, leading ...

6.4CVSS5.8AI score0.0032EPSS
Exploits1References1
Snyk
Snykadded 2026/02/18 10:44 p.m.3 views

Cross-site Scripting (XSS)

Overview fabric is an Object model for HTML5 canvas, and SVG-to-canvas parser. Backed by jsdom and node-canvas. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the loadFromJSON function, which is used in the FabricObjectSVGExportMixin class to deserialize...

7.6CVSS5.3AI score0.00281EPSS
Exploits1References2
Packet Storm
Packet Stormadded 2025/12/09 12:0 a.m.171 views

📄 Adobe Acrobat Chrome 1.41.100 Cross Site Scripting

Adobe Acrobat Chrome extension version 1.41.100 suffers from a cross site scripting vulnerability. ============================================================================================================================================= | Title : Adobe Acrobat Chrome V 1.41.100 Extension DOM...

6.3AI score
Exploits0
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2019-0721

Malware in sbrugna...

9.8CVSS9.3AI score0.01228EPSS
Exploits1References5
RedhatCVE
RedhatCVEadded 2025/05/22 6:23 p.m.7 views

CVE-2021-24364

The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tiegetuserweather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting XSS vulnerability...

6.1CVSS5.9AI score0.01975EPSS
Exploits2References1
RedhatCVE
RedhatCVEadded 2025/05/22 4:20 a.m.7 views

CVE-2019-10749

sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect...

9.8CVSS7.9AI score0.01228EPSS
Exploits1References1
OSV
OSVadded 2025/01/30 2:15 p.m.3 views

CVE-2024-11600

The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.9 via the 'writeconfig' function. This is due to a lack of sanitization on an imported JSON file. This makes it...

7.2CVSS6.1AI score0.01277EPSS
Exploits0References4
OSV
OSVadded 2022/07/14 1:15 p.m.2 views

CVE-2022-28375

Verizon 5G Home LVSKIHP OutDoorUnit ODU 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/rpc.lua to...

9.8CVSS6.4AI score
Exploits0References2
OSV
OSVadded 2019/11/06 5:11 p.m.4 views

GHSA-J9XP-92VC-559J SQL Injection in sequelize

Affected versions of sequelize are vulnerable to SQL Injection. The package fails to sanitize JSON path keys in the MariaDB and MySQL dialects, which may allow attackers to inject SQL statements and execute arbitrary SQL queries. Recommendation If you are using sequelize 5.x, upgrade to version...

9.8CVSS7.5AI score0.01315EPSS
Exploits1References5
Rows per page
Query Builder