CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

99 matches found

GithubExploit•added 2026/05/27 8:5 a.m.•41 views

PHANTOM_old

PHANTOM Autonomous Penetration Testing Framework Recon -...

5.8AI score

Exploits0

GithubExploit•added 2026/05/26 11:45 a.m.•39 views

XSSaudit

XSSAudit v2.0 — Advanced XSS Vulnerability Scanner For au...

6AI score

Exploits0

EUVD•added 2026/04/09 12:31 a.m.•0 views

EUVD-2026-20767

Hayabusa versions prior to 3.8.0 contain a cross-site scripting XSS vulnerability in its HTML report output that allows an attacker to execute arbitrary JavaScript when a user scans JSON-exported logs containing malicious content in the Computer field. An attacker can inject JavaScript into the...

5.4CVSS6.1AI score0.00035EPSS

Exploits0References4

ATTACKERKB•added 2026/04/08 9:35 p.m.•1 views

CVE-2026-40028

5.4CVSS6.1AI score0.00035EPSS

Exploits0References4

GithubExploit•added 2026/04/08 5:27 a.m.•75 views

H4C-WEB

H4C-WEB !/bin/bash =======================================...

5.9AI score

Exploits0

CNNVD•added 2026/04/08 12:0 a.m.•3 views

Hayabusa 跨站脚本漏洞

Hayabusa is an open-source Windows event log forensic and threat hunting tool developed by Yamato Security. Versions prior to Hayabusa 3.8.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from HTML report outputs that had the same cross-site scripting vulnerabilities,...

5.4CVSS5.9AI score0.00035EPSS

Exploits0References3

Positive Technologies•added 2026/04/08 12:0 a.m.•0 views

PT-2026-31465

5.4CVSS6.1AI score0.00035EPSS

Exploits0References4

RedhatCVE•added 2026/03/26 3:9 p.m.•2 views

CVE-2026-33140

PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. PySpector versions 0.1.6 and prior are affected by a stored Cross-Site Scripting XSS vulnerability in the HTML report generator. When PySpector scans a Python file containing...

6.1CVSS5.9AI score0.00017EPSS

Exploits1References1

CVE•added 2026/03/20 8:0 p.m.•2 views

CVE-2026-33140

PySpector HTML report generation contains a stored XSS in HTML reports for PySpector versions

6.1CVSS5.9AI score0.00017EPSS

Exploits1References1Affected Software1

CNNVD•added 2026/03/20 12:0 a.m.•3 views

PySpector 跨站脚本漏洞

PySpector is a high-performance Python static security analysis framework developed by Tommaso Bona. Versions of PySpector 0.1.6 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from a storage-based cross-site scripting mechanism in the HTML report generator,...

6.1CVSS5.6AI score0.00017EPSS

Exploits1References1

Github Security Blog•added 2026/03/18 4:33 p.m.•2 views

Stored XSS in PySpector HTML Report Generation leads to Javascript Code Execution

Summary PySpector versions = 0.1.6 are affected by a stored Cross-Site Scripting XSS vulnerability in the HTML report generator. When PySpector scans a Python file containing JavaScript payloads i.e. inside a string passed to eval , the flagged code snippet is interpolated into the HTML report...

6.1CVSS6AI score0.00017EPSS

Exploits1References3Affected Software1

OSV•added 2026/03/18 4:33 p.m.•1 views

GHSA-2GMV-2R3V-JXJ2 Stored XSS in PySpector HTML Report Generation leads to Javascript Code Execution

5.3CVSS6AI score0.00017EPSS

Exploits1References3

Positive Technologies•added 2026/03/18 12:0 a.m.•1 views

PT-2026-26197

5.3CVSS6.1AI score0.00017EPSS

Exploits1References5

EUVD•added 2026/02/28 2:49 a.m.•2 views

EUVD-2026-9069

PMD Designer has Stored XSS in VBHTMLRenderer and YAHTMLRenderer via unescaped violation messages...

6.8CVSS5.9AI score0.00022EPSS

Exploits1References4

Vulnrichment•added 2026/02/27 8:28 p.m.•1 views

CVE-2026-28338 PMD Designer has Stored XSS in VBHTMLRenderer and YAHTMLRenderer via unescaped violation messages

PMD is an extensible multilanguage static code analyzer. Prior to version 7.22.0, PMD's vbhtml and yahtml report formats insert rule violation messages into HTML output without escaping. When PMD analyzes untrusted source code containing crafted string literals, the generated HTML report contains...

6.8CVSS6AI score0.00022EPSS

Exploits1References3

Positive Technologies•added 2026/01/26 12:0 a.m.•4 views

PT-2026-4843

Name of the Vulnerable Software and Affected Versions MobSF versions prior to 4.4.5 Description MobSF, a mobile application security testing tool, contains a Stored Cross-site Scripting XSS vulnerability in its Android manifest analysis feature. This flaw allows an attacker to execute arbitrary...

8.1CVSS5.9AI score0.00025EPSS

Exploits1References14

NVD•added 2025/11/12 5:15 p.m.•1 views

CVE-2025-52331

Cross-site scripting XSS vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report directory, and IP address. The generate report command includes archived file names without validation i...

6.1CVSS0.00024EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2005-2862

Malware in sbrugna...

4.3CVSS6.4AI score0.0043EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-7946

Malware in sbrugna...

9CVSS9AI score0.01023EPSS

Exploits1References2