Lucene search
K

85 matches found

CVE
CVE
added 2026/06/23 4:14 p.m.10 views

CVE-2026-44960

Vulnerability summary (CVE-2026-44960) : A stored XSS exists in Revive Adserver where malicious content placed in the username could be executed when an admin views audit log details, due to missing output sanitisation. The issue is triggered by usernames being displayed in the audit log details ...

5.7AI score0.00339EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 7:17 p.m.9 views

CVE-2026-10045

Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash...

9.8CVSS0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.13 views

CVE-2026-23758

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the ticket subject field that allows authenticated staff members to inject malicious JavaScript by manipulating the editsubject POST parameter. Attackers can inject XSS payloads through inadequate sanitization in...

6.4CVSS5.6AI score0.00153EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 12:9 a.m.8 views

CVE-2025-67448

The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user input in SMS messages before storing and displaying them. An attacker can send an SMS containing a malicious XSS payload, which will be executed in the...

7.1CVSS5.8AI score0.00196EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/15 4:47 p.m.12 views

CVE-2026-45036 Tabby auto-confirms ZMODEM detection on terminal output, leading to shell command execution from displayed file content under fish, bash, and zsh

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. T...

7CVSS6.2AI score0.0013EPSS
Exploits0References1
Veracode
Veracode
added 2026/04/18 5:38 a.m.13 views

Cross-site Scripting (XSS)

Decidim is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user input in the user name field, which allows an attacker to inject and execute arbitrary code when other users view affected pages...

9.3CVSS5.8AI score0.00356EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.9 views

PT-2026-26204

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.14 and 6.7.0, a stored XSS vulnerability in SVG asset reuploads allows authenticated users with asset upload permissions to bypass SVG sanitization and inject malicious JavaScript that executes when the...

8.7CVSS5.7AI score0.00325EPSS
Exploits0References7
CVE
CVE
added 2026/02/03 11:33 a.m.13 views

CVE-2025-11598

The CVE-2025-11598 entry describes a vulnerability in the mObywatel iOS app where an unauthorized user can use the App Switcher to view the account owner’s personal information in the minimized app window after the login session has ended. The data exposed depends on the last application view sho...

1CVSS5.4AI score0.00151EPSS
Exploits0References2
NVD
NVD
added 2026/01/26 6:16 p.m.6 views

CVE-2020-36960

Forma LMS 2.3 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into user profile first and last name fields. Attackers can craft scripts like 'alertdocument.cookie' to execute arbitrary JavaScript when the profile is viewed by other users...

6.4CVSS0.00195EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/26 5:43 p.m.4 views

EUVD-2020-30854

Forma LMS 2.3 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into user profile first and last name fields. Attackers can craft scripts like 'alertdocument.cookie' to execute arbitrary JavaScript when the profile is viewed by other users...

6.4CVSS6AI score0.00195EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/29 12:0 a.m.4 views

PT-2025-53766

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The software is susceptible to a cross-site scripting XSS issue due to improper input neutralization during web page generation. This allows for the injection o...

4.8CVSS6AI score0.00145EPSS
Exploits0References4
OSV
OSV
added 2025/12/16 7:15 p.m.3 views

CVE-2025-65592

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS in the product management functionality. Malicious payloads inserted into the "Product Name" and "Short Description" fields are stored in the backend database and executed automatically whenever a user views the affected pages...

6.1CVSS6AI score
Exploits0References3
EUVD
EUVD
added 2025/11/25 6:32 p.m.12 views

EUVD-2025-199600

A stored cross-site scripting XSS vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the...

4.8CVSS5.2AI score0.00264EPSS
Exploits2References4
CVE
CVE
added 2025/10/03 8:35 p.m.11 views

CVE-2025-10696

CVE-2025-10696 affects OpenSupports 4.11.0. An endpoint allows editing the list of 'supervised users' for any account without verifying ownership, enabling a Level 1 staff member to modify the supervision relationship of a target user. This can let the target view tickets belonging to the added s...

7.1CVSS6.4AI score0.00203EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-22173

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00646EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-52746

Malicious code in bioql PyPI...

7.1CVSS6.3AI score0.00833EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-38151

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.00768EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-51745

Malicious code in bioql PyPI...

5.9CVSS6.2AI score0.00418EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-46137

Malicious code in bioql PyPI...

7.1CVSS8.7AI score0.0032EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/15 12:0 a.m.5 views

PT-2025-37788

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 18.7 iPadOS versions prior to 18.7 iOS 26 iPadOS 26 Description: The issue was addressed with improved handling of caches. An attacker with physical access to an unlocked device may be able to view an image in the most...

4CVSS5.5AI score0.00211EPSS
Exploits0References8
Rows per page
Query Builder