CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

108 matches found

CVE•added 2026/05/19 1:21 p.m.•8 views

CVE-2025-40902

CVE-2025-40902 describes a Stored HTML Injection in the Guardian/CMC Users feature prior to 26.1.0. An authenticated admin can create a user whose username contains HTML tags; when a victim deletes a group containing that user, the injected HTML may render in the browser, enabling phishing and po...

5.9CVSS5.8AI score0.00029EPSS

Exploits0References1Affected Software2

ATTACKERKB•added 2026/04/27 8:8 p.m.•2 views

CVE-2026-7191

Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Conten...

8.6CVSS6.1AI score0.00102EPSS

Exploits0References3

Positive Technologies•added 2026/04/22 12:0 a.m.•2 views

PT-2026-34298

Name of the Vulnerable Software and Affected Versions Sentence To SEO versions prior to 1.1 Description The Sentence To SEO plugin for WordPress contains a Stored Cross-Site Scripting issue. The problem occurs because the plugin fails to properly sanitize input and escape output for the 'Permanen...

4.4CVSS5.9AI score0.00027EPSS

Exploits0References15

RedhatCVE•added 2026/04/20 7:23 p.m.•1 views

CVE-2026-6439

The VideoZen plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping in the videozenconf function. The 'lang' POST parameter is stored directly via updateoption without any...

4.4CVSS5.9AI score0.00043EPSS

Exploits0References1

Positive Technologies•added 2026/03/16 12:0 a.m.•4 views

PT-2026-25852

Name of the Vulnerable Software and Affected Versions SiYuan versions 3.6.0 and below Description SiYuan, a personal knowledge management system, has an issue in the globalCopyFiles API. This API reads source files using filepath.Abs without proper workspace boundary checks. It relies on the...

6.8CVSS5.9AI score0.00095EPSS

Exploits1References9

NVD•added 2026/03/04 3:16 a.m.•2 views

CVE-2026-3242

In Concrete CMS below version 9.4.8, a rogue administrator can add stored XSS via the Switch Language block. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks M3dium for reporting...

4.8CVSS0.00011EPSS

Exploits1References2

ATTACKERKB•added 2026/03/04 1:21 a.m.•2 views

CVE-2026-2289

The Taskbuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS5.9AI score0.00011EPSS

Exploits0References7

CVE•added 2026/02/11 12:18 p.m.•8 views

CVE-2025-54161

Technical details about CVE-2025-54161 are not publicly provided in the supplied documents; monitor for updates.

6.9CVSS5.6AI score0.00147EPSS

Exploits0References1Affected Software1

OSV•added 2026/02/10 4:16 a.m.•2 views

CVE-2026-24325

SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting XSS vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets executed when the user visits the compromised page.Th...

4.8CVSS5.8AI score0.00012EPSS

Exploits0References2

Cvelist•added 2025/10/23 9:37 a.m.•4 views

CVE-2025-9981 Multiple Stored XSS in QuickCMS

QuickCMS is vulnerable to multiple Stored XSS in slider editor functionality sliders-form. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. T...

4.8CVSS0.00022EPSS

Exploits0References2