Exploit Registry

Last Updated On 23 Apr, 2026

Showing 19 of 19 vulnerabilities:

CRITICAL No known CVE

Update to Gemini CLI and run-gemini-cli Trust Model

Discovered By Elad Meged Published on 23 Apr, 2026
HIGH CVE-2026-41241

Stored cross-site scripting in organiser search typeahead

Discovered By Elad Meged Published on 17 Apr, 2026
HIGH CVE-2025-70401

Stored DOM XSS via Annotation Author Field

Discovered By Novee Agent Published on 24 Feb, 2026
HIGH CVE-2025-70400

Full Read SSRF in WebViewer Server via iFrame Rendering

Discovered By Novee Agent Published on 24 Feb, 2026
CRITICAL CVE-2025-70402

DOM XSS via Remote UI Configuration (uiConfig)

Discovered By Novee Agent Published on 24 Feb, 2026
MEDIUM CVE-2026-1591

Stored XSS via Attachments Feature

Discovered By Novee Agent Published on 18 Feb, 2026
MEDIUM CVE-2026-1592

Stored XSS via Create New Layer Field

Discovered By Novee Agent Published on 18 Feb, 2026
HIGH

Path Traversal in Collaboration Feature

Discovered By Novee Agent Published on 18 Feb, 2026
MEDIUM

Stored XSS (WAF Bypass) via Collaboration Feature

Discovered By Novee Agent Published on 18 Feb, 2026
CRITICAL

OS Command Injection in Foxit PDF SDK for Web – Signature Server

Discovered By Novee Agent Published on 18 Feb, 2026
HIGH CVE-2026-26268

Cursor IDE Sandbox escape via Git hooks

Discovered By Assaf Levkovich Published on 13 Feb, 2026
MEDIUM CVE-2025-66523

Three Reflected XSS Vulnerabilities in na1.foxitesign.foxit.com

Discovered By Novee Agent Published on 20 Jan, 2026
MEDIUM CVE-2025-66520

Stored XSS via Portfolio Feature

Discovered By Lidor Ben Shitrit Published on 23 Dec, 2025
MEDIUM CVE-2025-66501

Stored XSS in Page Templates

Discovered By Lidor Ben Shitrit Published on 23 Dec, 2025
MEDIUM CVE-2025-66502

Stored XSS in Layer Import

Discovered By Lidor Ben Shitrit Published on 23 Dec, 2025
MEDIUM CVE-2025-66519

Stored XSS in Predefined Text

Discovered By Novee Agent Published on 23 Dec, 2025
MEDIUM CVE-2025-66521

Stored XSS via Trusted Certificates

Discovered By Novee Agent Published on 23 Dec, 2025
MEDIUM CVE-2025-66522

Stored XSS via Common Name in Digital ID Feature

Discovered By Novee Agent Published on 23 Dec, 2025
MEDIUM CVE-2025-66500

DOM XSS via Unsafe postMessage Handler

Discovered By Novee Agent Published on 23 Dec, 2025

Exploit Registry

Update to Gemini CLI and run-gemini-cli Trust Model

Stored cross-site scripting in organiser search typeahead

Stored DOM XSS via Annotation Author Field

Full Read SSRF in WebViewer Server via iFrame Rendering

DOM XSS via Remote UI Configuration (uiConfig)

Stored XSS via Attachments Feature

Stored XSS via Create New Layer Field

Path Traversal in Collaboration Feature

Stored XSS (WAF Bypass) via Collaboration Feature

OS Command Injection in Foxit PDF SDK for Web – Signature Server

Cursor IDE Sandbox escape via Git hooks

Three Reflected XSS Vulnerabilities in na1.foxitesign.foxit.com

Stored XSS via Portfolio Feature

Stored XSS in Page Templates

Stored XSS in Layer Import

Stored XSS in Predefined Text

Stored XSS via Trusted Certificates

Stored XSS via Common Name in Digital ID Feature

DOM XSS via Unsafe postMessage Handler

Follow the path real attackers take