CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

176 matches found

Vulnrichment•added 2026/06/10 7:56 p.m.•8 views

CVE-2026-45106 Weblate: Stored HTML injection in editor search preview

Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a...

4.6CVSS5.3AI score0.00208EPSS

Exploits0References3

ATTACKERKB•added 2026/06/05 6:20 p.m.•5 views

CVE-2026-46392

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the saveFile endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the .htaccess rule that forces Content-Disposition: attachment on HTML...

8.7CVSS5.5AI score0.01036EPSS

Exploits3References2Affected Software1

Positive Technologies•added 2026/02/23 12:0 a.m.•5 views

PT-2026-21530

Name of the Vulnerable Software and Affected Versions Shenzhen Tenda F3 Wireless Router firmware version V12.01.01.55 multi Description The administrative interface of the software lacks the X-Content-Type-Options: nosniff header in responses and includes attacker-influenced content that can be...

6.1CVSS5.4AI score0.00183EPSS

Exploits0References4

OSV•added 2026/02/17 9:22 p.m.•4 views

CVE-2025-14289

IBM webMethods Integration Server 12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS5.8AI score0.00162EPSS

Exploits0References1

ATTACKERKB•added 2026/02/10 8:38 p.m.•7 views

CVE-2025-12699

The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields run number, incident, call sign, notes are interpreted as HTML/JS when the app prints or renders that content. In the proof of concept POC, injected scripts return loca...

6.7CVSS5.7AI score0.00172EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2026/01/21 10:51 p.m.•4 views

CVE-2026-23630 Docmost is vulnerable to stored Cross-Site Scripting (XSS) through Mermaid rendering

Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting XSS. The frontend can render attacker-controlled Mermaid diagrams using mermaid.render, then inject the returned SVG/HT...

6.3CVSS5.8AI score0.00243EPSS

Exploits1References3

Positive Technologies•added 2026/01/20 12:0 a.m.•4 views

PT-2026-3623

IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS5.5AI score0.00162EPSS

Exploits0References2

RedhatCVE•added 2026/01/07 9:49 a.m.•7 views

CVE-2022-27105

InMailX Outlook Plugin 3.22.0101 is vulnerable to Cross Site Scripting XSS. InMailX Connection names are not sanitzed in the Outlook tab, which allows a local user or network administrator to execute HTML / Javascript in the Outlook of users...

5.4CVSS6.3AI score0.0059EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:37 a.m.•15 views

CVE-2019-7169

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3...

4.8CVSS6.1AI score0.0061EPSS

Exploits1References1

RedhatCVE•added 2025/12/16 12:26 a.m.•7 views

CVE-2025-65778

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Uploaded attachments can be served with attacker-controlled Content-Type text/html, allowing execution of attacker-supplied HTML/JS in the application's origin and enabling session/token thef...

8.1CVSS7.1AI score0.00317EPSS

Exploits0References1

CNNVD•added 2025/12/15 12:0 a.m.•2 views

WeKan 安全漏洞

WeKan is a Kanban application from the WeKan open source. A security vulnerability exists in WeKan version 18.15 and earlier, which stems from the fact that uploaded attachments can use an attacker-controlled Content-Type, which could lead to the execution of attacker-supplied HTML or JS...

8.1CVSS6.6AI score0.00317EPSS

Exploits0References5

Vulnrichment•added 2025/12/15 12:0 a.m.•2 views

CVE-2025-65778

6.7AI score0.00317EPSS

Exploits0References4

Cvelist•added 2025/11/06 8:43 p.m.•8 views

CVE-2025-33110 IBM OpenPages Vulnerable to HTML Injection

IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS0.00168EPSS

Exploits0References1