CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

106911 matches found

RedhatCVE•added 2026/06/10 9:3 p.m.•5 views

CVE-2026-48271

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00283EPSS

Exploits0References1

RedhatCVE•added 2026/06/10 9:3 p.m.•9 views

CVE-2026-47943

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00307EPSS

Exploits0References1

Cvelist•added 2026/06/10 8:39 p.m.•26 views

CVE-2026-53740 Yoast Duplicate Post through 4.6 Stored Cross-Site Scripting via Scheduled Republish Notice

Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice...

5.4CVSS0.00141EPSS

Exploits0References2

OSSF Malicious Packages•added 2026/06/10 6:34 p.m.•9 views

Malicious code in v018-axios-cdntest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67d30d2c9939173663f8ba1312b2591d2f86c67657bd5eeff59b19187f50b901 Package impersonates axios v0.18.0 index.js carries the genuine axios v0.18.0 | c 2018 by Matt Zabriskie header and sets window.axios=,...

5.4AI score

Exploits0References4

OSV•added 2026/06/10 6:26 p.m.•5 views

MAL-2026-5520 Malicious code in @access-risk/browser-remedy-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0de4bc9f19feea718e091e9b0a480e9b939cdffa88109375020895c99efa489c On npm install, postinstall.js executes automatically and collects host identity and environment details using os.hostname, process.cwd, and filesyst...

5.5AI score

Exploits0References2

OSSF Malicious Packages•added 2026/06/10 6:22 p.m.•11 views

Malicious code in @orion-design-system/foundation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e7fdf1bb78d6c3750adffa854f5f08c7f2fd7af6166f7234aa5cbf4974a1375 The package's npm preinstall lifecycle script runs an inline node -e payload that collects the installer's hostname os.hostname and OS username...

5.5AI score

Exploits0References5

OSV•added 2026/06/10 6:22 p.m.•6 views

MAL-2026-5523 Malicious code in @orion-design-system/foundation (npm)

5.5AI score

Exploits0References5

OSSF Malicious Packages•added 2026/06/10 6:21 p.m.•9 views

Malicious code in @orion-design-system/store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4218505b74ba258cea12df713bbc27db9fa58d6660cf83e6d0c5fd8a9f68a4c2 package.json declares a preinstall script that runs on every npm install. The script uses node -e to require os and https, reads os.hostname and...

5.4AI score

Exploits0References3

NVD•added 2026/06/10 6:16 p.m.•10 views

CVE-2026-20258

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could store a malicious script in a classic...

7.1CVSS0.00174EPSS

Exploits0References1

OSSF Malicious Packages•added 2026/06/10 5:21 p.m.•5 views

Malicious code in hello-dynamic (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 168dd7abca8ed812dcfb0119eaf80a2b05b186ee37a1e0c8f98e88f884a90602 Package attempts to test exploitation via legacy dependencylinks configuration --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages,...

5.8AI score

Exploits0References1

EUVD•added 2026/06/10 5:16 p.m.•6 views

EUVD-2026-36089

7.1CVSS5.7AI score0.00174EPSS

Exploits0References1

Cvelist•added 2026/06/10 5:16 p.m.•26 views

CVE-2026-20258 Stored Cross-Site Scripting (XSS) through Classic Dashboard in Splunk Enterprise

7.1CVSS0.00174EPSS

Exploits0References1

OSV•added 2026/06/10 4:47 p.m.•5 views

USN-8306-2 samba vulnerabilities

USN-8306-1 fixed vulnerabilities in Samba. This update provides the corresponding updates for CVE-2026-3238, CVE-2026-4408, and CVE-2026-4480 in Ubuntu 20.04 LTS. Original advisory details: Asim Viladi Oglu Manizada discovered that Samba incorrectly handled access checks on reparse point...

9.8CVSS6.2AI score0.02803EPSS

Exploits6References4

Cvelist•added 2026/06/10 2:57 p.m.•21 views

CVE-2026-53694 Potential local privileges escalation through argument injection in the nxchmod.sh script

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Nomachine allows Argument Injection.This issue affects Nomachine: before 9.5.7, before 8.23.2...

7.3CVSS0.00131EPSS

Exploits0References2

CVE•added 2026/06/10 2:57 p.m.•7 views

CVE-2026-53694

CVE-2026-53694 affects Nomachine deployments prior to 9.5.7 and pre-8.23.2, with a local privilege-escalation path via an argument-delimiter handling flaw described as an Argument Injection vulnerability. The core issue is improper neutralization of argument delimiters in a command, enabling inje...

7.3CVSS5.5AI score0.00131EPSS

Exploits0References2

NVD•added 2026/06/10 2:16 p.m.•8 views

CVE-2026-53435

In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrary types defined in Jenkins core or plugins from an attacker-controlled config.xml submission in a way that allows them to handle HTTP requests afterwards. This can be used to...

8.8CVSS0.00368EPSS

Exploits1References1