CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2555 matches found

CVE•added 2026/03/19 8:25 a.m.•4 views

CVE-2025-62043

CVE-2025-62043: WPCasa WordPress plugin is affected up to version 1.4.1 by a DOM-based XSS due to improper neutralization of input during web page generation. The vulnerability affects WPCasa (and related WPSight/WPCasa references) with a CVSS v3.1 base score of 6.5 (Medium) and requires user int...

6.5CVSS5.8AI score0.00021EPSS

Exploits0References1

EUVD•added 2026/03/13 9:31 p.m.•2 views

EUVD-2026-11839

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Elementor Elementor Website Builder elementor allows DOM-Based XSS.This issue affects Elementor Website Builder: from n/a through = 3.35.5...

6.5CVSS5.8AI score0.00045EPSS

Exploits0References2

NVD•added 2026/03/13 7:55 p.m.•3 views

CVE-2026-32462

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liton Arefin Master Addons for Elementor master-addons allows DOM-Based XSS.This issue affects Master Addons for Elementor: from n/a through = 2.1.3...

5.9CVSS0.00014EPSS

Exploits0References1

NVD•added 2026/03/13 7:55 p.m.•4 views

CVE-2026-32454

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeFusion Avada Core fusion-core allows DOM-Based XSS.This issue affects Avada Core: from n/a through 5.15.0...

6.5CVSS0.00045EPSS

Exploits0References1

NVD•added 2026/03/13 7:55 p.m.•3 views

CVE-2026-32450

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DOM-Based XSS.This issue affects Active Products Tables for WooCommerce: from n/a through = 1.0.7...

6.5CVSS0.00045EPSS

Exploits0References1

NVD•added 2026/03/13 7:54 p.m.•3 views

CVE-2026-32419

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fernando Briano List category posts list-category-posts allows DOM-Based XSS.This issue affects List category posts: from n/a through = 0.93.1...

5.9CVSS0.00042EPSS

Exploits0References1

NVD•added 2026/03/13 7:54 p.m.•3 views

CVE-2026-32403

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through = 1.194...

6.5CVSS0.00045EPSS

Exploits0References1

CVE•added 2026/03/13 11:42 a.m.•2 views

CVE-2026-32455

CVE-2026-32455 describes a DOM-based XSS in the WordPress MDTF plugin wp-meta-data-filter-and-taxonomy-filter

6.5CVSS5.8AI score0.00045EPSS

Exploits0References1

Vulnrichment•added 2026/03/13 11:42 a.m.•3 views

CVE-2026-32403 WordPress Toocheke Companion plugin <= 1.194 - Cross Site Scripting (XSS) vulnerability

6.5CVSS5.8AI score0.00045EPSS

Exploits0References1

CVE•added 2026/03/13 11:42 a.m.•4 views

CVE-2026-32361

CVE-2026-32361 affects the WordPress Editorial Calendar plugin (editorial-calendar) up to version 3.9.0. The root cause is improper neutralization of input during web page generation, leading to DOM-based Cross-Site Scripting (XSS). Impact is DOM-based XSS for affected pages; public exploitation ...

6.5CVSS5.8AI score0.00045EPSS

Exploits0References1

Vulnrichment•added 2026/03/13 11:41 a.m.•1 views

CVE-2026-32352 WordPress Elementor Website Builder plugin <= 3.35.5 - Cross Site Scripting (XSS) vulnerability

5.8AI score0.00045EPSS

Exploits0References1

Positive Technologies•added 2026/03/13 12:0 a.m.•3 views

PT-2026-25299

CVE-2026-32455 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows DOM-Based XSS.This issue affects ... https://t.co/yGGoLxAaYH...

6.5CVSS5.8AI score0.00045EPSS

Exploits0References3

CVE•added 2026/03/11 12:23 a.m.•6 views

CVE-2026-27247

Adobe Experience Manager (AEM) versions 6.5.23 and earlier are affected by a stored XSS vulnerability. The issue arises from insufficient input sanitization/escaping in form fields, allowing a low-privileged attacker to inject malicious JavaScript that is executed in a victim’s browser when visit...

5.4CVSS5.8AI score0.00041EPSS

Exploits0References1Affected Software1

NVD•added 2026/03/10 8:16 p.m.•1 views

CVE-2026-2266

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed DOM-based cross-site scripting via task list content. The task list content extraction logic did not properly re-encode browser-decoded text nodes before rendering, allowing user-supplied HTM...

7.4CVSS0.00034EPSS

Exploits0References2

ATTACKERKB•added 2026/03/10 6:55 p.m.•2 views

CVE-2026-2266

7.4CVSS5.9AI score0.00034EPSS

Exploits0References3Affected Software1

EUVD•added 2026/03/10 6:31 p.m.•2 views

EUVD-2026-10441

Due to insufficient validation of user-controlled input in the URLs query parameter. SAP Business One Job Service could allow an unauthenticated attacker to inject specially crafted input which upon user interaction could result in a DOM-based Cross-Site Scripting XSS vulnerability. This issue ha...

6.1CVSS5.8AI score0.0005EPSS

Exploits0References3

OSV•added 2026/03/10 6:28 p.m.•3 views

GO-2026-4627 Gogs: DOM-based XSS via milestone selection in gogs.io/gogs

Gogs: DOM-based XSS via milestone selection in gogs.io/gogs...

7.3CVSS5.8AI score0.0004EPSS

Exploits0References5

ATTACKERKB•added 2026/03/10 12:17 a.m.•1 views

CVE-2026-0489

6.1CVSS5.8AI score0.0005EPSS

Exploits0References3

Cvelist•added 2026/03/10 12:17 a.m.•24 views

CVE-2026-0489 DOM-based Cross-Site Scripting (XSS) Vulnerability in SAP Business One (Job Service)

6.1CVSS0.0005EPSS

Exploits0References2

RedhatCVE•added 2026/03/08 7:56 a.m.•0 views

CVE-2026-2433

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via postMessage in all versions up to, and including, 5.0.11. This is due to the plugin's admin-shell.js registering a global message event listener...

6.1CVSS6AI score0.00071EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by