CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2581 matches found

CVE•added 2026/04/08 8:30 a.m.•10 views

CVE-2026-39665

The CVE describes a DOM-Based XSS vulnerability in the WordPress plugin SEO Friendly Images (seo-image) by Vladimir Prelovac, affecting versions from n/a up to 3.0.5. Root cause: Improper neutralization of input during web page generation. Impact stated across sources as cross-site scripting acce...

6.5CVSS5.9AI score0.00161EPSS

Exploits0References1

Cvelist•added 2026/04/08 8:30 a.m.•18 views

CVE-2026-39575 WordPress Custom Query Blocks plugin <= 5.5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through = 5.5.0...

6.5CVSS0.00161EPSS

Exploits0References1

Vulnrichment•added 2026/04/08 8:30 a.m.•4 views

CVE-2026-39575 WordPress Custom Query Blocks plugin <= 5.5.0 - Cross Site Scripting (XSS) vulnerability

5.8AI score0.00161EPSS

Exploits0References1

Vulnrichment•added 2026/04/08 8:30 a.m.•3 views

CVE-2026-39482 WordPress Post Expirator plugin <= 4.9.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PublishPress Post Expirator post-expirator allows DOM-Based XSS.This issue affects Post Expirator: from n/a through = 4.9.4...

6.5CVSS5.8AI score0.00161EPSS

Exploits0References1

Atlassian•added 2026/04/08 4:29 a.m.•16 views

DOM-based XSS @remix-run/router Dependency in Confluence Data Center

This High severity DOM-based XSS vulnerability was introduced in versions 9.0.1, 9.0.3, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This DOM-based XSS vulnerability, with a CVSS Score of 8 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A...

8CVSS7.6AI score0.00327EPSS

Exploits0

Positive Technologies•added 2026/04/08 12:0 a.m.•6 views

PT-2026-31121

5.9AI score0.00161EPSS

Exploits0References3

CNNVD•added 2026/04/08 12:0 a.m.•8 views

WordPress plugin Elfsight WhatsApp Chat CC 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

6.5CVSS5.6AI score0.0013EPSS

Exploits0References1

RedhatCVE•added 2026/04/07 5:6 p.m.•4 views

CVE-2026-33403

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, a reflected DOM-based XSS vulnerability in taillog.js allows an unauthenticated attacker to inject arbitrary HTML into the Pi-hole admin interface...

6.1CVSS6AI score0.00187EPSS

Exploits0References1

NVD•added 2026/04/02 1:16 p.m.•7 views

CVE-2026-34890

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mark O’Donnell MSTW League Manager allows DOM-Based XSS.This issue affects MSTW League Manager: from n/a through 2.10...

6.5CVSS0.00133EPSS

Exploits0References1

EUVD•added 2026/04/01 3:31 p.m.•3 views

EUVD-2025-209162

The King Addons for Elementor plugin for WordPress is vulnerable to multiple Contributor+ DOM-Based Stored Cross-Site Scripting vulnerabilities in all versions up to, and including, 51.1.38. This is due to insufficient input sanitization and output escaping across multiple widgets and features. T...

6.4CVSS6AI score0.00241EPSS

Exploits0References12

Vulnrichment•added 2026/04/01 2:37 p.m.•2 views

CVE-2025-13535 King Addons for Elementor <= 51.1.38 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Widgets

6.4CVSS6AI score0.00241EPSS

Exploits0References11

CVE•added 2026/04/01 8:51 a.m.•7 views

CVE-2026-34889

The CVE concerns Brainstorm Force Ultimate Addons for WPBakery Page Builder. It is a DOM‑Based Cross‑Site Scripting (XSS) vulnerability caused by improper input neutralization during web page generation, affecting versions before 3.21.4. Impact is DOM‑XSS (user‑sensitive data exposure possible in...

6.5CVSS5.9AI score0.00173EPSS

Exploits0References1

CNNVD•added 2026/04/01 12:0 a.m.•7 views

CI4MS 跨站脚本漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the improper cleaning of user input when adding pages through the menu management feature, which could lead to...

9.1CVSS5.7AI score0.00307EPSS

Exploits1References2

CVE•added 2026/03/31 12:46 a.m.•5 views

CVE-2026-32734

CVE-2026-32734 concerns baserCMS, a website development framework. According to the provided documents, prior to version 5.2.3 baserCMS is vulnerable to a DOM-based cross-site scripting (XSS) issue in tag creation. The vulnerability is described as allowing malicious JavaScript execution in the b...

7.1CVSS6.9AI score0.00258EPSS

Exploits0References3Affected Software1

CVE•added 2026/03/26 6:48 p.m.•7 views

CVE-2026-33506

Ory Polis (formerly BoxyHQ Jackson) contains a DOM-based XSS in its login flow prior to version 26.2.0 . The vulnerability stems from trusting a URL parameter callbackUrl that is passed to router.push, allowing an attacker to lure a user into opening a malicious link, which triggers a client-side...

8.8CVSS5.9AI score0.00428EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/03/26 6:48 p.m.•19 views

CVE-2026-33506 DOM-Based XSS in Ory Polis Login Page

Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect. Versions prior to 26.2.0 contain a DOM-based Cross-Site Scripting XSS vulnerability in Ory Polis's login functionality. The application improperly trusts a URL parameter callbackUrl,...

8.8CVSS0.00428EPSS

Exploits1References2

RedhatCVE•added 2026/03/26 3:17 p.m.•4 views

CVE-2026-32455

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows DOM-Based XSS.This issue affects MDTF: from n/a through = 1.3.5...

6.5CVSS5.8AI score0.00129EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 3:17 p.m.•5 views

CVE-2026-32454

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeFusion Avada Core fusion-core allows DOM-Based XSS.This issue affects Avada Core: from n/a through 5.15.0...

6.5CVSS5.8AI score0.00129EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 3:13 p.m.•4 views

CVE-2025-62043

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in WPSight WPCasa allows DOM-Based XSS.This issue affects WPCasa: from n/a through 1.4.1...

6.5CVSS5.8AI score0.00129EPSS

Exploits0References1

SUSE CVE•added 2026/03/25 12:27 a.m.•5 views

SUSE CVE-2026-26276

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository's Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. This issue has been patched in...

7.3CVSS5.8AI score0.00184EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by