CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added yesterday•2 views

CVE-2026-46392

8.7CVSS5.5AI score0.00089EPSS

Exploits3References2Affected Software1

Positive Technologies•added yesterday•4 views

PT-2026-47029

8.7CVSS5.5AI score

Positive Technologies•added 2026/05/26 12:0 a.m.•6 views

PT-2026-43301

Name of the Vulnerable Software and Affected Versions Twenty versions prior to 1.18.1 Description An issue exists in the file serving endpoints '/files/' and '/file/:fileFolder/:id' where uploaded files are served using fileStream.piperes without specifying Content-Type, Content-Disposition, or...

8.7CVSS5.8AI score0.00036EPSS

Exploits1References5

ATTACKERKB•added 2026/05/22 2:57 a.m.•4 views

CVE-2026-9053

Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element...

8.2CVSS5.8AI score0.00055EPSS

Vulnrichment•added 2026/05/22 2:57 a.m.•3 views

CVE-2026-9053

Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element...

8.2CVSS5.8AI score0.00055EPSS

Cvelist•added 2026/05/22 2:57 a.m.•32 views

CVE-2026-9053

Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element...

8.2CVSS0.00055EPSS

Github Security Blog•added 2026/05/14 1:12 p.m.•5 views

Strapi Upload Plugin MIME Validation Bypass via Content API

Summary of CVE-2026-22707 Vulnerability Details - CVE: CVE-2026-22707 - CVSS v3.1 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N 5.3 — Medium - Affected Versions: @strapi/upload =5.33.3 Description of CVE-2026-22707 In Strapi versions prior to 5.33.3, the Upload plugin's...

5.4CVSS5.8AI score0.00034EPSS

Exploits0References3Affected Software1

NVD•added 2026/05/09 12:16 a.m.•8 views

CVE-2026-42455

Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In versions 2.14.0 and prior, the archive upload endpoint POST /api/v1/archives/linkId?format=4 accepts HTML files text/html without sanitizing JavaScript content. When the archive i...

8.8CVSS0.00033EPSS

Cvelist•added 2026/05/08 11:10 p.m.•37 views

CVE-2026-42455 LinkWarden: Stored XSS via Client-Side Archive Upload (Unsanitized HTML served from same origin)

8.8CVSS0.00033EPSS

NVD•added 2026/04/27 4:16 p.m.•1 views

CVE-2026-41467

ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the file upload functionality where the checkValidFileName function fails to restrict HTML and HTM file uploads. Authenticated attackers can upload HTML files containing arbitrary JavaScript through the...

5.4CVSS0.00036EPSS

EUVD•added 2026/04/27 3:11 p.m.•0 views

EUVD-2026-25870

5.4CVSS5.1AI score0.00036EPSS

CVE•added 2026/04/27 3:11 p.m.•4 views

CVE-2026-41467

ProjeQtor versions 7.0–12.4.3 are affected by a stored XSS in the file upload flow. The checkValidFileName() function fails to restrict HTML/HTM uploads, allowing authenticated attackers to place HTML files containing arbitrary JavaScript via image upload or attachment endpoints. When any user ac...

5.4CVSS5.1AI score0.00036EPSS

CNNVD•added 2026/04/27 12:0 a.m.•4 views

ProjeQtOr 跨站脚本漏洞

ProjeQtOr is a project management software developed by the French company ProjeQtOr. Versions 7.0 to 12.4.3 of ProjeQtOr contain cross-site scripting vulnerabilities. These vulnerabilities stem from the lack of restrictions on the upload of HTML and HTM files through the checkValidFileName...

5.4CVSS5.6AI score0.00036EPSS

ATTACKERKB•added 2026/04/22 3:40 a.m.•1 views

CVE-2026-6835

The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload arbitrary files to any path, including HTML documents, which may result in a XSS-like effect...

6.1CVSS5.9AI score0.00035EPSS

Exploits0References3

CNNVD•added 2026/04/17 12:0 a.m.•4 views

Note Mark 安全漏洞

Note Mark is a web-based Markdown note-taking application developed by Leo Spratt. Versions of Note Mark prior to 0.19.1 contained security vulnerabilities. These vulnerabilities stemmed from the asset delivery handler’s inline handling of uploaded files and its reliance on magic bytes to detect...

8.7CVSS5.8AI score0.00012EPSS

Cvelist•added 2026/04/14 9:12 p.m.•16 views

CVE-2026-34161 Chamilo LMS: Stored XSS via Malicious File Upload in Social Post Attachments Leads to Arbitrary JavaScript Execution

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting XSS vulnerability exists in the social post attachment upload functionality, where an authenticated user can upload a malicious HTML file containing JavaScript via the...

5.1CVSS0.00012EPSS

CNNVD•added 2026/03/10 12:0 a.m.•2 views

Janitza UMG 96RM-E 24V和Janitza UMG 96RM-E 230V 安全漏洞

Both Janitza UMG 96RM-E 24V and Janitza UMG 96RM-E 230V are multi-functional power quality analyzers from the German company Janitza. There are security vulnerabilities associated with these devices. These vulnerabilities stem from improper assignment of permissions to web servers, which may allo...

6.5CVSS5.8AI score0.00042EPSS

Exploits0References5

Vulnrichment•added 2026/03/03 10:20 p.m.•3 views

CVE-2026-26272 HomeBox affected by Stored XSS via HTML/SVG Attachment Upload

HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, a stored cross-site scripting XSS vulnerability exists in the item attachment upload functionality. The application does not properly validate or restrict uploaded file types, allowing an authenticated user to upload...

4.6CVSS5.8AI score0.00041EPSS