Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Snyk
Snykadded 2026/05/29 2:7 p.m.3 views

Cross-site Scripting (XSS)

Overview @haxtheweb/haxcms-nodejs is a HAXcms nodejs backend Affected versions of this package are vulnerable to Cross-site Scripting XSS via the saveNode endpoint due to insufficient sanitization of the node.body parameter, allowing event handler attributes without whitespace to bypass the HTML...

8.7CVSS5.4AI score0.00228EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/09/09 12:0 a.m.4 views

PT-2025-36750

Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.9 Ivanti Policy Secure versions prior to 22.7R1.6 Ivanti ZTA Gateway versions prior to 2.8R2.3-723 Ivanti Neurons for Secure Access versions prior to 22.8R1.4 Description: A Cross-Site Request...

8.8CVSS6.5AI score0.00565EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2023/06/07 12:0 a.m.2 views

PT-2023-19580 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.11 through 15.11.6 GitLab CE/EE versions 16.0 through 16.0.1 Description: An issue has been discovered in GitLab CE/EE where a specially crafted merge request could lead to a stored XSS on the client side. This allows...

8.7CVSS5.7AI score0.96058EPSS
Exploits0References12
ATTACKERKB
ATTACKERKBadded 2022/10/03 12:0 a.m.5 views

CVE-2022-22503

IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks agains...

6.1CVSS6.4AI score0.00556EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTECadded 2022/02/04 12:0 a.m.2 views

The vulnerability of the GNU Mailman email distribution management package lies in its insufficient verification of the HTTP request source, allowing attackers to execute attacks by manipulating inter-site requests.

The vulnerability of the GNU Mailman email distribution management package lies in insufficient validation of the HTTP request source. Exploiting this vulnerability could allow a malicious actor to trick the victim into visiting a specially crafted web page and performing arbitrary actions on...

6.4CVSS7.7AI score0.0073EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2021/01/27 5:15 p.m.1 views

CVE-2020-4547

IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the...

5.4CVSS6.1AI score0.00821EPSS
Exploits0References2
Rows per page
Query Builder