Lucene search
K

238514 matches found

Cvelist
Cvelist
added 1 hour ago5 views

CVE-2026-10857 Reflected XSS in Akinsoft's e-Commerce

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. E-Commerce allows Reflected XSS. This issue affects e-Commerce: before 1.25.01.06...

6.1CVSS
Exploits0References1
RedHat Linux
RedHat Linux
added 4 hours ago9 views

webkitgtk: An app may be able to access sensitive user data

A flaw was found in WebKitGTK. Processing or loading malicious web content can allow an app to access sensitive user data due to improper data protection...

5.5CVSS5.8AI score0.0014EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 hours ago6 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

7.5CVSS6AI score0.00349EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 hours ago7 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash

A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash...

8.8CVSS6AI score0.00308EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 hours ago7 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

7.5CVSS6AI score0.00314EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 hours ago6 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

6.5CVSS5.8AI score0.003EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 hours ago7 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

7.5CVSS6AI score0.00264EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 hours ago6 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash

A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash...

6.5CVSS6AI score0.00255EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 4 hours ago7 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash

A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash...

6.5CVSS5.8AI score0.00356EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 hours ago6 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

7.5CVSS6AI score0.00349EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 hours ago6 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

8.8CVSS6.6AI score0.00513EPSS
Exploits0References5
CVE
CVE
added 7 hours ago4 views

CVE-2026-9733

Affected software: Mojolicious::Plugin::Web::Auth::OAuth2 (Perl) up to version 0.17. Root cause: when no state generator is set, the module uses a SHA-1 hash of low-entropy sources (including epoch time leaked via the HTTP Date header) and Perl rand(), producing a predictable OAuth2 state. Impact...

5.4AI score
Exploits0References4
Nuclei
Nuclei
added 9 hours ago27 views

OpenCATS 0.9.6 - Cross-Site Scripting

OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the joborderID parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch...

6.1CVSS6.4AI score0.01278EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago19 views

WordPress E2Pdf <1.16.45 - Cross-Site Scripting

WordPress E2Pdf plugin before 1.16.45 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, even when the unfilteredhtml capability is disallowed. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context o...

4.8CVSS5.9AI score0.01268EPSS
Exploits2References5
Nuclei
Nuclei
added 9 hours ago40 views

Atmail 6.5.0 - Cross-Site Scripting

Atmail 6.5.0 contains a cross-site scripting vulnerability in WebAdmin Control Pane via the format parameter to the default URI, which allows remote attackers to inject arbitrary web script or HTML via the “format” parameter. id: CVE-2021-43574 info: name: Atmail 6.5.0 - Cross-Site Scripting...

6.1CVSS6.5AI score0.02422EPSS
Exploits0References5
Nuclei
Nuclei
added 9 hours ago63 views

Parallels H-Sphere 3.0.0 P9/3.1 P1 - Cross-Site Scripting

Parallels H-Sphere 3.0.0 P9 and 3.1 P1 contains multiple cross-site scripting vulnerabilities in login.php in webshell4. An attacker can inject arbitrary web script or HTML via the err, errorcode, and login parameters, thus allowing theft of cookie-based authentication credentials and launch of...

4.3CVSS5.9AI score0.05114EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago50 views

Kaseya Virtual System Administrator - Open Redirect

Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. id: CVE-2015-286...

4.3CVSS6AI score0.10317EPSS
Exploits2References5
Nuclei
Nuclei
added 9 hours ago25 views

eShop 3.0.4 - Cross-Site Scripting

eShop 3.0.4 contains a reflected cross-site scripting vulnerability in json search parse and json response in wrteam.in. id: CVE-2022-35493 info: name: eShop 3.0.4 - Cross-Site Scripting author: arafatansari severity: medium description: | eShop 3.0.4 contains a reflected cross-site scripting...

6.1CVSS6.2AI score0.01422EPSS
Exploits1References4
Nuclei
Nuclei
added 9 hours ago33 views

Aajoda Testimonials < 2.2.2 - Cross-Site Scripting

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. id: CVE-2023-2178 info: name: Aajoda Testimonials...

4.8CVSS6.2AI score0.00773EPSS
Exploits2References3
Nuclei
Nuclei
added 9 hours ago41 views

MOVEit Transfer - SQL Injection

In Progress MOVEit Transfer before 2020.1.11 12.1.11, 2021.0.9 13.0.9, 2021.1.7 13.1.7, 2022.0.7 14.0.7, 2022.1.8 14.1.8, and 2023.0.4 15.0.4, a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized...

9.1CVSS7.4AI score0.94836EPSS
Exploits0References5
Rows per page
Query Builder