CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/06/03 1:2 p.m.•33 views

CVE-2026-10729 HTML injection in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens

An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: fr...

2.1CVSS0.00204EPSS

CVE•added 2026/06/03 1:2 p.m.•12 views

CVE-2026-10729

The CVE-2026-10729 entry covers an HTML injection vulnerability in Thinkst Applied Research Canarytokens specifically in the notification email delivery. Affected component: Canarytokens notification emails that render HTML. Root cause described: HTML injection can enable Interface Manipulation a...

2.1CVSS5.8AI score0.00204EPSS

ATTACKERKB•added 2026/06/03 1:2 p.m.•7 views

CVE-2026-10729

2.1CVSS5.8AI score0.00204EPSS

Positive Technologies•added 2026/06/03 12:0 a.m.•8 views

PT-2026-46043

Name of the Vulnerable Software and Affected Versions ERPNext version 16.16.0 Description An authenticated user with permissions to edit Item records can inject arbitrary HTML or JavaScript into the item name, description, or image fields of an Item. This leads to unescaped rendering in the Point...

4.8CVSS5.9AI score0.00261EPSS

Exploits0References6

Positive Technologies•added 2026/06/03 12:0 a.m.•9 views

PT-2026-46108

It was discovered that Template-Toolkit did not properly escape single quotes in the html filter function of Template::Plugin::HTML. An attacker could possibly use this issue to inject arbitrary HTML and JavaScript into generated output...

6.1CVSS5.9AI score0.00282EPSS

CNNVD•added 2026/06/03 12:0 a.m.•4 views

Canarytokens 安全漏洞

Canarytokens is a network activity tracking system open-source by Thinkst Applied Research. There is a security vulnerability in Canarytokens, which stems from HTML injection in notification emails. This vulnerability may lead to interface manipulation and cross-site scripting attacks...

2.1CVSS4.9AI score0.00204EPSS

Positive Technologies•added 2026/06/03 12:0 a.m.•11 views

PT-2026-45936

2.1CVSS5.8AI score0.00204EPSS

CNNVD•added 2026/06/02 12:0 a.m.•6 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability, which was caused by improper CSS implementation. A remote attacker could inject arbitrary scripts or HTML through a specially crafted HTML page...

6.1CVSS5.5AI score0.00159EPSS

CNNVD•added 2026/06/02 12:0 a.m.•3 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability, which was caused by improper implementations in the Keyboard component. Remote attackers could inject arbitrary scripts or HTML through specially crafted HT...

6.1CVSS5.5AI score0.00159EPSS

CNNVD•added 2026/06/02 12:0 a.m.•5 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 had a vulnerability related to input validation. This vulnerability stemmed from insufficient validation of unreliable inputs, which could allow remote attackers to exploit custom QR codes to...

6.1CVSS5.5AI score0.00147EPSS

OSV•added 2026/06/01 11:42 a.m.•6 views

BIT-KIBANA-2026-42401 Improper Neutralization of Input During Web Page Generation in Kibana Leading to Stored HTML Injection

Improper Neutralization of Input During Web Page Generation CWE-79 in Kibana can lead to stored HTML injection. A user with write access to an Elasticsearch index could persist crafted markup which, when subsequently rendered through an affected Kibana view by another user, was not sufficiently...

5.4CVSS5.7AI score0.00141EPSS

OSV•added 2026/06/01 11:39 a.m.•7 views

BIT-ELK-2026-42401 Improper Neutralization of Input During Web Page Generation in Kibana Leading to Stored HTML Injection

5.4CVSS5.7AI score0.00141EPSS

Mageia•added 2026/05/30 5:7 a.m.•20 views

Updated perl-Template-Toolkit packages fix security vulnerability

Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. CVE-2026-5090...

6.1CVSS5.8AI score0.00282EPSS

OSV•added 2026/05/30 5:7 a.m.•10 views

MGASA-2026-0166 Updated perl-Template-Toolkit packages fix security vulnerability

Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. CVE-2026-5090...

6.1CVSS5.8AI score0.00282EPSS

RedhatCVE•added 2026/05/29 8:13 p.m.•9 views

CVE-2026-42401

5.4CVSS5.8AI score0.00141EPSS

Tenable Nessus•added 2026/05/29 12:0 a.m.•13 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Postorius vulnerability (USN-8323-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8323-1 advisory. It was discovered that Postorius did not properly escape HTML in message subjects when rendering the Held...

7.2CVSS6AI score0.00237EPSS

NVD•added 2026/05/28 9:16 p.m.•12 views

CVE-2026-44655

Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2...

8.6CVSS0.00298EPSS

NVD•added 2026/05/28 9:16 p.m.•10 views

CVE-2026-41897

Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filtertarget parameter on returndynamicfilters.php normally used as an AJAX in View Issues Page allows an attacker to inject arbitrary HTML if the target is a TEXTAREA custom field. This...

5.3CVSS0.00281EPSS