CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

81 matches found

Vulnrichment•added 2026/05/18 12:0 a.m.•8 views

CVE-2026-29964

HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting XSS vulnerability in the /tap/tap.php endpoint due to improper neutralization of user-controlled input using alternate or obfuscated JavaScript syntax. The endpoint reflects unsanitized user input in HTTP responses without adequate output...

6.2AI score0.00042EPSS

Exploits1References3

EUVD•added 2026/05/18 12:0 a.m.•9 views

EUVD-2026-30784

6.1CVSS6.2AI score0.00042EPSS

Exploits1References3

CVE•added 2026/05/17 12:11 p.m.•8 views

CVE-2018-25331

CVE-2018-25331 affects Zenar Content Management System. The vulnerability is a Cross-Site Scripting (XSS) in the ajax.php endpoint, where unsanitized user input is reflected in the response. Exploitation is possible via POST parameters (notably the current_page parameter), enabling unauthenticate...

6.1CVSS5.9AI score0.00095EPSS

Exploits0References4

EUVD•added 2026/05/11 6:31 p.m.•6 views

EUVD-2026-29057

Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /product/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...

5.1CVSS6AI score0.00062EPSS

Exploits0References2

Cvelist•added 2026/05/11 2:26 p.m.•25 views

CVE-2026-3319 Multiple vulnerabilities in Cradle e-commerce

Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /collection/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...

5.1CVSS0.00062EPSS

Exploits0References1

Positive Technologies•added 2026/05/11 12:0 a.m.•6 views

PT-2026-39619

5.1CVSS6AI score0.00062EPSS

Exploits0References2

CNNVD•added 2026/05/11 12:0 a.m.•4 views

Cradle eCommerce 跨站脚本漏洞

Cradle eCommerce is an e-commerce platform developed by Cradle Corporation, which integrates content management and online shopping features. Cradle eCommerce has a cross-site scripting vulnerability. This vulnerability arises from insecurely reflecting user-controlled inputs at endpoints/product...

5.1CVSS5.9AI score0.00062EPSS

Exploits0References1

Positive Technologies•added 2026/05/11 12:0 a.m.•6 views

PT-2026-39618

Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /collection/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...

5.1CVSS6AI score0.00062EPSS

Exploits0References2

CNNVD•added 2026/05/11 12:0 a.m.•3 views

Cradle eCommerce 跨站脚本漏洞

5.1CVSS5.9AI score0.00062EPSS

Exploits0References1

Github Security Blog•added 2026/05/07 7:34 p.m.•3 views

FacturaScripts vulnerable to Reflected Cross-Site Scripting (XSS) via Cookie Manipulation

Summary A Reflected Cross-Site Scripting XSS vulnerability exists in the fsNick cookie parameter. The application reflects the cookie's value directly into the HTML without sanitization. Details The fsNick cookie is rendered into the DOM without encoding. While the server does reject the modified...

3.9CVSS5.9AI score0.00018EPSS

Exploits0References4Affected Software1

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в zabbix

The endpoint /zabbix.php?action=export.valuemaps is vulnerable to a Cross-Site Scripting attack due to the backurl parameter. This vulnerability arises from the reflection of user-provided data without proper HTML escaping or output encoding. As a result, a JavaScript payload may be injected into...

7.5CVSS7.3AI score0.00142EPSS

Exploits0References2

NVD•added 2026/04/27 9:16 p.m.•3 views

CVE-2026-29971

A reflected cross-site scripting XSS vulnerability exists in WebFileSys version before 2.32.0 and fixed in v.2.32.0. User-controlled input is reflected into HTML and JavaScript contexts without proper output encoding, allowing arbitrary JavaScript execution in the victim's browser via the ftpBack...

6.1CVSS0.00025EPSS

Exploits3References2

Cvelist•added 2026/04/27 12:0 a.m.•26 views

CVE-2026-29971

0.00025EPSS

Exploits3References2

CVE•added 2026/04/21 7:21 p.m.•6 views

CVE-2026-40878

CVE-2026-40878 affects mailcow: dockerized prior to 2026-03b. The web interface passes raw $_SERVER['REQUEST_URI'] to Twig as a global variable and renders it inside a JavaScript string in setLang(), relying on Twig’s HTML escaping rather than JS escaping. Additionally, the query_string() Twig he...

2.1CVSS5.8AI score0.02959EPSS

Exploits0References1

NVD•added 2026/04/21 3:16 p.m.•2 views

CVE-2026-31013

Dovestones Softwares ADPhonebook 4.0.1.1 has a reflected cross-site scripting XSS vulnerability in the search parameter of the /ADPhonebook?Department=HR endpoint. User-supplied input is reflected in the HTTP response without proper input validation or output encoding, allowing execution of...

6.1CVSS0.00043EPSS

Exploits0References2

Cvelist•added 2026/04/21 12:0 a.m.•25 views

CVE-2026-31013

0.00043EPSS

Exploits0References2

EUVD•added 2026/04/16 12:31 p.m.•0 views

EUVD-2024-55545

The authentication endpoint fails to adequately validate user-supplied input before reflecting it back in the response. This allows an attacker to inject malicious script payloads into the input parameters, which are then executed by the victim's browser. Successful exploitation can enable an...

6.1CVSS5.8AI score0.00013EPSS

Exploits0References2

Positive Technologies•added 2026/04/16 12:0 a.m.•1 views

PT-2026-33302

6.1CVSS5.8AI score0.00013EPSS

Exploits0References2

Snyk•added 2026/04/07 9:0 p.m.•4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ?describe page when user-supplied input is reflected in the response without proper sanitization. An attacker can execute JavaScript in the context of a victim's browser by convincing the user to click a...

6.1CVSS5.6AI score0.00359EPSS

Exploits0References2

Vulnrichment•added 2026/04/03 11:43 p.m.•0 views

CVE-2026-34767 Electron: HTTP Response Header Injection in custom protocol handlers and webRequest

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.3, 40.8.3, and 41.0.3, apps that register custom protocol handlers via protocol.handle / protocol.registerSchemesAsPrivileged or modify response headers via...

5.9CVSS5.8AI score0.00011EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by