CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/04/20 6:31 p.m.•1 views

EUVD-2026-23910

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the ticket subject field that allows authenticated staff members to inject malicious JavaScript by manipulating the editsubject POST parameter. Attackers can inject XSS payloads through inadequate sanitization in...

NVD•added 2026/04/20 6:16 p.m.•1 views

CVE-2026-23758

6.4CVSS0.00034EPSS

ATTACKERKB•added 2026/04/20 5:30 p.m.•0 views

CVE-2026-23756

5.4CVSS5.7AI score0.00034EPSS

Cvelist•added 2026/04/20 5:30 p.m.•25 views

CVE-2026-23756 GFI HelpDesk < 4.99.9 Stored XSS via Troubleshooter Step Subject

5.4CVSS0.00034EPSS

ATTACKERKB•added 2026/04/20 5:30 p.m.•2 views

CVE-2026-23758

Cvelist•added 2026/04/20 5:30 p.m.•25 views

CVE-2026-23758 GFI HelpDesk < 4.99.9 Stored XSS via editsubject Parameter

6.4CVSS0.00034EPSS

Vulnrichment•added 2026/04/20 5:30 p.m.•1 views

CVE-2026-23758 GFI HelpDesk < 4.99.9 Stored XSS via editsubject Parameter

CVE•added 2026/04/20 5:30 p.m.•6 views

CVE-2026-23758

GFI HelpDesk prior to 4.99.9 is affected by a stored XSS in the ticket subject via the editsubject POST parameter. The issue arises from insufficient sanitization in Controller_Ticket.EditSubmit(), which bypasses the incomplete SanitizeForXSS() method, permitting an authenticated staff member to ...

Exploits0References2Affected Software1

Positive Technologies•added 2026/04/20 12:0 a.m.•2 views

PT-2026-33815

6.4CVSS6AI score0.00034EPSS

Exploits0References5

GithubExploit•added 2026/04/11 7:15 p.m.•78 views

Exploit for Cross-site Scripting in Saleor

CVE-2026-23499: Saleor vulnerable to stored XSS via Unrestrict...

8.5CVSS5.9AI score0.00061EPSS

Exploits1

RedhatCVE•added 2026/04/08 7:34 p.m.•2 views

CVE-2026-39340

ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in PropertyTypeEditor.php, part of the administration functionality for managing property type categories People → Person Properties / Family Properties. The vulnerability was introduced whe...

8.1CVSS5.9AI score0.00033EPSS

Exploits0References1

Cvelist•added 2026/03/25 11:40 p.m.•25 views

CVE-2026-33933 Reflected XSS via Unescaped contextName Parameter in Custom Template Editor

OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting XSS vulnerability in the custom template editor allows an attacker to execute arbitrary JavaScript in...

6.1CVSS0.00022EPSS

Exploits1References4

EUVD•added 2026/03/25 11:40 p.m.•0 views

EUVD-2026-16040

6.1CVSS5.9AI score0.00022EPSS

Exploits1References4

Positive Technologies•added 2026/03/25 12:0 a.m.•2 views

PT-2026-28153

6.1CVSS5.9AI score0.00022EPSS

Exploits1References5

CVE•added 2026/03/13 7:23 a.m.•4 views

CVE-2026-1704

CVE-2026-1704 affects the WordPress plugin Appointment Booking Calendar — Simply Schedule Appointments (all versions up to and including 1.6.9.29). The root cause is Insecure Direct Object Reference via get_item_permissions_check, which grants access to the ssa_manage_appointments capability with...

4.3CVSS5.8AI score0.00036EPSS

Exploits0References6

Vulnrichment•added 2026/01/27 9:57 p.m.•2 views

CVE-2026-24778 Ghost vulnerable to XSS via malicious Portal preview links

Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions, potentially...

8.8CVSS5.9AI score0.0002EPSS