CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5651 matches found

NVD•added 2026/05/19 11:16 p.m.•9 views

CVE-2026-8493

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox Inline allows Cross-Site Scripting XSS. This issue affects Colorbox Inline: from 0.0.0 before 2.1.1...

5.4CVSS0.00177EPSS

Exploits0References1

Vulnrichment•added 2026/05/19 10:28 p.m.•5 views

CVE-2026-6871 Obfuscate - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-033

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Obfuscate allows Cross-Site Scripting XSS. This issue affects Obfuscate: from 0.0.0 before 2.0.2...

5.8AI score0.00196EPSS

Exploits0References1

ATTACKERKB•added 2026/05/19 10:27 p.m.•6 views

CVE-2026-6365

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...

5.8AI score0.00238EPSS

Exploits0References2Affected Software1

CVE•added 2026/05/19 10:26 p.m.•14 views

CVE-2026-6095

The CVE-2026-6095 issue affects Orejime (0.0.0 to 2.0.15) and is a Cross-site Scripting (XSS) vulnerability caused by Improper Neutralization of Input During Web Page Generation, specifically the IframeConsent element writing HTML attributes without escaping. This can allow malicious input to inj...

6.1CVSS5.8AI score0.00196EPSS

Exploits0References1Affected Software1

RedHat Linux•added 2026/05/19 9:22 a.m.•8 views

org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation

An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...

9.6CVSS7.3AI score0.09244EPSS

Exploits0References6

Vulnrichment•added 2026/05/18 8:54 a.m.•7 views

CVE-2026-7498 Stored XSS in Basamak Informatics' DernekWeb

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Basamak Information Technology Consulting and Organization Trade Ltd. Co. DernekWeb allows Stored XSS. This issue affects DernekWeb: through 30122025...

8.8CVSS5.8AI score0.00303EPSS

Exploits0References1

CVE•added 2026/05/18 8:54 a.m.•17 views

CVE-2026-7498

CVE-2026-7498 describes a Stored XSS in DernekWeb (Basamak Information Technology Consulting and Organization Trade Ltd. Co.) caused by improper neutralization of input during web page generation. Affected: DernekWeb up to 30122025. CVSSv3.1: 8.8 (HIGH) with NETWORK attack, NO privileges, UI requ...

8.8CVSS5.8AI score0.00303EPSS

Exploits0References1

Positive Technologies•added 2026/05/18 12:0 a.m.•8 views

PT-2026-41708

HSC MailInspector 5.3.3-7 is vulnerable to Cross Site Scripting XSS in the /police/WarningUrlPage.php endpoint due to improper neutralization of user-supplied input that uses alternate or obfuscated JavaScript syntax...

5.8AI score0.00195EPSS

Exploits1References4

EUVD•added 2026/05/18 12:0 a.m.•12 views

EUVD-2026-30782

6.1CVSS5.8AI score0.00195EPSS

Exploits1References3

Cvelist•added 2026/05/18 12:0 a.m.•42 views

CVE-2026-29965

0.00195EPSS

Exploits1References3

RedhatCVE•added 2026/05/15 7:57 p.m.•9 views

CVE-2026-42897

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...

8.1CVSS6AI score0.02509EPSS

Exploits1References1

RedhatCVE•added 2026/05/13 8:23 p.m.•9 views

CVE-2026-41610

Improper neutralization of input during web page generation 'cross-site scripting' in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

6.3CVSS5.8AI score0.00599EPSS

Exploits0References1

ATTACKERKB•added 2026/05/12 4:58 p.m.•3 views

CVE-2026-41610

Improper neutralization of input during web page generation 'cross-site scripting' in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

6.3CVSS5.8AI score0.00599EPSS

Exploits0References2Affected Software1

EUVD•added 2026/05/07 3:38 p.m.•14 views

EUVD-2026-28369

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through 1.9.2 to 2.2...

7.1CVSS5.8AI score0.00142EPSS

Exploits0References2

Microsoft CVE•added 2026/05/07 2:0 p.m.•7 views

Azure Machine Learning Notebook Spoofing Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network...

8.8CVSS5.8AI score0.00579EPSS

Exploits0

NVD•added 2026/05/07 1:16 p.m.•9 views

CVE-2026-5784

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2...

8.8CVSS0.00327EPSS

Exploits0References1

ATTACKERKB•added 2026/05/07 12:54 p.m.•4 views

CVE-2026-5784

8.8CVSS5.8AI score0.00327EPSS

Exploits0References2Affected Software1

EUVD•added 2026/05/07 12:31 p.m.•8 views

EUVD-2026-28349

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Gosoft Software Industry and Trade Ltd. Co. Proticaret E-Commerce allows Cross-Site Scripting XSS, Reflected XSS. This issue affects Proticaret E-Commerce: from v5.0.0 before V 6.0.1767.1383...

8.8CVSS5.8AI score0.00339EPSS

Exploits0References2

ATTACKERKB•added 2026/05/07 7:54 a.m.•6 views

CVE-2025-62127

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WEN Themes WEN Logo Slider allows DOM-Based XSS. This issue affects WEN Logo Slider: from n/a through 3.4.0...

5.9CVSS5.8AI score0.00136EPSS

Exploits0References2

ATTACKERKB•added 2026/05/07 7:31 a.m.•4 views

CVE-2026-27421

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WProyal Royal Elementor Addons allows Stored XSS. This issue affects Royal Elementor Addons: from n/a before 1.7.1053...

6.5CVSS5.8AI score0.00127EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by