Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8738 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/03 3:14 p.m.5 views

Security Bulletin: IBM Maximo Application suite Visual Inspection Component uses pytorch v2.8.0 which is vulnerable to multiple CVEs CVE-2025-55552, CVE-2025-55551, CVE-2025-3001.

Summary IBM Maximo Application suite Visual Inspection Component uses pytorch v2.8.0 which is vulnerable to multiple CVEs CVE-2025-55552, CVE-2025-55551, CVE-2025-3001.This Bulletine contains information of the vulerable product version and it's remediation. Vulnerability Details...

7.5CVSS5.3AI score0.00382EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVEadded 2026/03/02 1:43 p.m.3 views

CVE-2026-28338

PMD is an extensible multilanguage static code analyzer. Prior to version 7.22.0, PMD's vbhtml and yahtml report formats insert rule violation messages into HTML output without escaping. When PMD analyzes untrusted source code containing crafted string literals, the generated HTML report contains...

6.8CVSS6AI score0.00297EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/02 1:39 p.m.4 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses transformers-4.57.3-py3-none-any.whl which is vulnerable to CVE-2025-14920, CVE-2025-14921, CVE-2025-14924, CVE-2025-14926, CVE-2025-14927, CVE-2025-14928, CVE-2025-14929.

Summary IBM Maximo Application Suite - Visual Inspection component uses transformers-4.57.3-py3-none-any.whl which is vulnerable to CVE-2025-14920, CVE-2025-14921, CVE-2025-14924, CVE-2025-14926, CVE-2025-14927, CVE-2025-14928, CVE-2025-14929.This bulletin contains information regarding the...

7.8CVSS6.3AI score0.00315EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/02 1:35 p.m.3 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses PyTorch 2.6.0 which is vulnerable to CVE-2025-2998, CVE-2025-2999, CVE-2025-55552,CVE-2025-63396,CVE-2025-55551

Summary IBM Maximo Application Suite - Visual Inspection component uses PyTorch 2.6.0 which is vulnerable to CVE-2025-2998, CVE-2025-2999, CVE-2025-55552,CVE-2025-63396,CVE-2025-55551. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details...

7.5CVSS5.6AI score0.00382EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/02 9:20 a.m.9 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses werkzeug-3.1.3-py3-none-any.whl which is vulnerable to CVE-2025-66221

Summary IBM Maximo Application Suite - Visual Inspection component uses werkzeug-3.1.3-py3-none-any.whl which is vulnerable to CVE-2025-66221. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-66221 DESCRIPTION: Werkzeug is a...

6.3CVSS6.5AI score0.00466EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linuxadded 2026/03/02 5:58 a.m.4 views

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

10CVSS6AI score0.00622EPSS
Exploits0References39
Github Security Blog
Github Security Blogadded 2026/02/28 2:49 a.m.8 views

PMD Designer has Stored XSS in VBHTMLRenderer and YAHTMLRenderer via unescaped violation messages

Summary PMD's vbhtml and yahtml report formats insert rule violation messages into HTML output without escaping. When PMD analyzes untrusted source code containing crafted string literals, the generated HTML report contains executable JavaScript that runs when opened in a browser. While the defau...

6.8CVSS5.9AI score0.00297EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVEadded 2026/02/28 1:54 a.m.4 views

CVE-2026-26862

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting XSS via window.postMessage in the Visual Builder module. The origin validation in src/modules/visualBuilder/pageBuilder.js lines 56-60 uses the includes method to verify the originUrl contains...

8.3CVSS5.9AI score0.00366EPSS
Exploits1References1
EUVD
EUVDadded 2026/02/27 6:31 p.m.4 views

EUVD-2026-9039

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting XSS via window.postMessage in the Visual Builder module. The origin validation in src/modules/visualBuilder/pageBuilder.js lines 56-60 uses the includes method to verify the originUrl contains...

8.3CVSS5.9AI score0.00366EPSS
Exploits1References4
Github Security Blog
Github Security Blogadded 2026/02/27 6:31 p.m.9 views

CleverTap Web SDK is vulnerable to DOM-based Cross-Site Scripting (XSS) via window.postMessage

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting XSS via window.postMessage in the Visual Builder module. The origin validation in src/modules/visualBuilder/pageBuilder.js lines 56-60 uses the includes method to verify the originUrl contains...

8.3CVSS5.9AI score0.00366EPSS
Exploits1References7Affected Software1
OSV
OSVadded 2026/02/27 6:31 p.m.7 views

GHSA-JFRQ-HJ9F-C8QX CleverTap Web SDK is vulnerable to DOM-based Cross-Site Scripting (XSS) via window.postMessage

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting XSS via window.postMessage in the Visual Builder module. The origin validation in src/modules/visualBuilder/pageBuilder.js lines 56-60 uses the includes method to verify the originUrl contains...

8.3CVSS5.9AI score0.00366EPSS
Exploits1References7
OSV
OSVadded 2026/02/27 6:16 p.m.2 views

CVE-2026-26862

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting XSS via window.postMessage in the Visual Builder module. The origin validation in src/modules/visualBuilder/pageBuilder.js lines 56-60 uses the includes method to verify the originUrl contains...

8.3CVSS5.8AI score
Exploits0References3
NVD
NVDadded 2026/02/27 6:16 p.m.7 views

CVE-2026-26862

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting XSS via window.postMessage in the Visual Builder module. The origin validation in src/modules/visualBuilder/pageBuilder.js lines 56-60 uses the includes method to verify the originUrl contains...

8.3CVSS0.00366EPSS
Exploits1References3
CNNVD
CNNVDadded 2026/02/27 12:0 a.m.4 views

CleverTap Web SDK 安全漏洞

The CleverTap Web SDK is an open-source developer toolkit developed by CleverTap. Versions of the CleverTap Web SDK prior to 1.15.2 contain security vulnerabilities. These vulnerabilities stem from the source validation in the Visual Builder module, where the includes method is used to check...

8.3CVSS5.6AI score0.00366EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2026/02/27 12:0 a.m.7 views

PT-2026-22368

Name of the Vulnerable Software and Affected Versions CleverTap Web SDK versions 1.15.2 and earlier Description The CleverTap Web SDK is susceptible to a DOM-based Cross-Site Scripting XSS issue. This occurs due to insufficient origin validation within the Visual Builder module, specifically in t...

8.3CVSS5.9AI score0.00366EPSS
Exploits1References9
Vulnrichment
Vulnrichmentadded 2026/02/27 12:0 a.m.4 views

CVE-2026-26862

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting XSS via window.postMessage in the Visual Builder module. The origin validation in src/modules/visualBuilder/pageBuilder.js lines 56-60 uses the includes method to verify the originUrl contains...

5.9AI score0.00366EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/02/27 12:0 a.m.6 views

CVE-2026-26862

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting XSS via window.postMessage in the Visual Builder module. The origin validation in src/modules/visualBuilder/pageBuilder.js lines 56-60 uses the includes method to verify the originUrl contains...

8.3CVSS5.9AI score0.00366EPSS
Exploits1References4
CVE
CVEadded 2026/02/27 12:0 a.m.10 views

CVE-2026-26862

CVE-2026-26862 affects CleverTap Web SDK

8.3CVSS5.9AI score0.00366EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVEadded 2026/02/21 7:30 p.m.3 views

CVE-2025-68842

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in totalbounty Widget Logic Visual widget-logic-visual allows Reflected XSS.This issue affects Widget Logic Visual: from n/a through = 1.52...

7.1CVSS5.5AI score0.00183EPSS
Exploits0References1
NVD
NVDadded 2026/02/20 4:22 p.m.2 views

CVE-2025-68842

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in totalbounty Widget Logic Visual widget-logic-visual allows Reflected XSS.This issue affects Widget Logic Visual: from n/a through = 1.52...

7.1CVSS0.00183EPSS
Exploits0References1
Rows per page
Query Builder