Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Cvelist
Cvelistadded 2026/02/19 2:58 p.m.21 views

CVE-2025-71241 SPIP < 4.3.6 Cross-Site Scripting in Private Area

SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site Scripting XSS in the private area. The content of the error message displayed by the 'transmettre' API is not properly sanitized, allowing an attacker to inject malicious scripts. This vulnerability is mitigated by the SPIP security screen...

6.1CVSS0.00044EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/01/09 12:30 p.m.4 views

CVE-2023-40819

ID4Portais in version V.2022.837.002a returns message parameter unsanitized in the response, resulting in a HTML Injection vulnerability...

6.1CVSS7.1AI score0.00257EPSS
Exploits1References1
Cvelist
Cvelistadded 2025/07/08 5:22 p.m.7 views

CVE-2025-7362 MsUpload: Stored Cross-Site Scripting (XSS) via unsanitized msu-continue system message

The MsUpload extension for MediaWiki is vulnerable to stored XSS via the msu-continue system message, which is inserted into the DOM without proper sanitization. The vulnerability occurs in the file upload UI when the same filename is uploaded twice. This issue affects Mediawiki - MsUpload...

0.00084EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2024/08/06 2:16 p.m.3 views

CVE-2023-40819

ID4Portais in version V.2022.837.002a returns message parameter unsanitized in the response, resulting in a HTML Injection vulnerability...

6.1CVSS5.8AI score0.00257EPSS
Exploits1References3
CVE
CVEadded 2024/08/06 12:0 a.m.24 views

CVE-2023-40819

ID4Portais contains an HTML Injection vulnerability in versions prior to V.2022.837.002a, caused by the response returning an unsanitized message parameter. Affected product: ID4Portais. Root cause: unsanitized message parameter leading to HTML injection. Impact details are described across sourc...

6.1CVSS7.3AI score0.00257EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2023/04/28 2:15 p.m.3 views

CVE-2023-28475

Concrete CMS previously concrete5 versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized...

6.1CVSS6.3AI score
Exploits0References3
OSV
OSVadded 2021/06/28 3:15 p.m.2 views

DEBIAN-CVE-2021-32718

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper tag sanitization, potentially allowing for JavaScript code execution in the...

5.4CVSS5.9AI score0.00117EPSS
Exploits1References1
OSV
OSVadded 2018/02/19 12:0 a.m.0 views

UBUNTU-CVE-2018-7225

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact e.g., an integer overflow via specially crafted VNC packets...

9.8CVSS6.8AI score0.03304EPSS
Exploits1References7
Rows per page
Query Builder