CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

57686 matches found

Positive Technologies•added 3 days ago•9 views

PT-2026-46118

Name of the Vulnerable Software and Affected Versions Docling versions 2.82.0 through 2.90.x Description When the HTML backend is explicitly configured for rendering, the Playwright-based rendering feature allows JavaScript execution and unrestricted network access during the processing of...

8.2CVSS6.7AI score

Exploits0References5

EUVD•added 3 days ago•5 views

EUVD-2026-34156

A Cross Site Scripting vulnerability exists in the Kimi AI v1.0 web interface's 'Preview' feature. The application fails to properly sanitize or encode HTML/JavaScript payloads generated by the AI model. When a user switches to the 'Preview' tab to view AI-generated code, the malicious payload is...

6.3CVSS6AI score0.00042EPSS

Exploits0References2

Snyk•added 4 days ago•1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the redirect handling of unstable React Server Components RSC APIs. An attacker can execute arbitrary JavaScript code in the user's browser by supplying a crafted javascript: redirect target from an untrusted...

8CVSS5.6AI score0.00032EPSS

Exploits0References2

RedhatCVE•added 4 days ago•7 views

CVE-2026-24754

Kiteworks is a private data network PDN. Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

5.4CVSS6.1AI score0.0003EPSS

Exploits0References1

NVD•added 4 days ago•8 views

CVE-2026-10702

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3...

4.3CVSS0.00035EPSS

Exploits0References2

Vulnrichment•added 4 days ago•4 views

CVE-2026-10702 JIT miscompilation in the JavaScript Engine: JIT component

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3...

5.8AI score0.00035EPSS

Exploits0References2

EUVD•added 4 days ago•8 views

EUVD-2026-33990

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3...

5.8AI score0.00035EPSS

Exploits0References2

Cvelist•added 4 days ago•27 views

CVE-2026-10702 JIT miscompilation in the JavaScript Engine: JIT component

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3...

0.00035EPSS

Exploits0References2

CVE•added 4 days ago•7 views

CVE-2026-10702

CVE-2026-10702 is a Firefox issue involving a JIT miscompilation in the JavaScript Engine (JIT component). The vulnerability was fixed in Firefox 151.0.3. The CVSS score is 4.3 (Medium) with network attack vector, user interaction required, and availability impact of Low. Affected product: Mozill...

4.3CVSS5.8AI score0.00035EPSS

Exploits0References2Affected Software1

Debian CVE•added 4 days ago•4 views

CVE-2026-10702

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3...

4.3CVSS5.8AI score0.00035EPSS

Exploits0

ATTACKERKB•added 4 days ago•5 views

CVE-2026-10702

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3...

5.8AI score0.00035EPSS

Exploits0References3

RedhatCVE•added 4 days ago•8 views

CVE-2026-46509

deepobj provides get, set, delete deep objects in javascript. Prior to 1.0.3, prototype pollution is possible when property paths contain proto/constructor/prototype. The property path must not be exposed as user input. This vulnerability is fixed in 1.0.3...

8.2CVSS5.8AI score0.00055EPSS

Exploits0References1

IBM Security Bulletins•added 4 days ago•5 views

Security Bulletin: IBM Transformation Advisor is affected by multiple vulnerabilities found in Node.js

Summary There are multiple vulnerabilities in Node.js used by IBM Transformation Advisor. Vulnerability Details CVEID:CVE-2026-44664 DESCRIPTION: fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using...

6.1CVSS5.9AI score0.00012EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 4 days ago•6 views

Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Node.js

Summary There are multiple vulnerabilities in Node.js used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2026-41238 DESCRIPTION: DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a...

6.9CVSS5.8AI score0.00059EPSS

Exploits1Affected Software1

Nuclei•added 4 days ago•41 views

Grafana 8.0.0 <= v.8.2.2 - Angularjs Rendering Cross-Site Scripting

Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the...

6.9CVSS7AI score0.87697EPSS

Exploits0References5

IBM Security Bulletins•added 4 days ago•8 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty was affected by a prototype pollution vulnerability due to immutable (CVE-2026-29063)

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty was affected by prototype pollution vulnerability due to immutable CVE-2026-29063. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability...

9.8CVSS6.8AI score0.0008EPSS

Exploits1Affected Software1

NVD•added 4 days ago•8 views

CVE-2026-10510

Cross-Site Scripting XSS in GeniexWebView component in Transsion AI Assistant Lifestyle application com.transsion.aiassistantlifestyle all versions on Android allows remote attacker to execute arbitrary JavaScript in the WebView context via crafted webactiondata URL parameter...

6.1CVSS0.00035EPSS

Exploits0References1

EUVD•added 4 days ago•10 views

EUVD-2026-33874

6.1CVSS6.1AI score0.00035EPSS

Exploits0References1

OSV•added 4 days ago•3 views

ALSA-2026:22643 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component CVE-2026-8391 firefox: Sandbox escape in the Profile Backup component...

9.8CVSS5.9AI score0.00164EPSS

Exploits0References40

Positive Technologies•added 4 days ago•8 views

PT-2026-45967

These are all security issues fixed in the libmozjs-115-0-115.15.0-9.1 package on the GA media of openSUSE Tumbleweed...

7.3CVSS5.8AI score0.00055EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by