CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5782 matches found

Positive Technologies•added 2026/02/09 12:0 a.m.•9 views

PT-2026-7180

Name of the Vulnerable Software and Affected Versions vscode-spell-checker versions prior to 4.5.4 Description The vscode-spell-checker extension is susceptible to a workspace-trust bypass that can lead to code execution. The DocumentSettings. determineIsTrusted function incorrectly relies on the...

7.8CVSS6.2AI score0.00021EPSS

Exploits0References12

Cvelist•added 2026/02/09 12:0 a.m.•28 views

CVE-2025-63354

Hitron HI3120 v7.2.4.5.2b1 allows stored XSS via the Parental Control option when creating a new filter. The device fails to properly handle inputs, allowing an attacker to inject and execute JavaScript...

0.00036EPSS

Exploits0References1

RedhatCVE•added 2026/02/07 7:31 p.m.•3 views

CVE-2026-24903

OrcaStatLLM Researcher is an LLM Based Research Paper Generator. A Stored Cross-Site Scripting XSS vulnerability was discovered in the Log Message in the Session Page in OrcaStatLLM-Researcher that allows attackers to inject and execute arbitrary JavaScript code in victims' browsers through...

5.4CVSS5.8AI score0.00041EPSS

Exploits1References1

ATTACKERKB•added 2026/02/06 7:3 p.m.•4 views

CVE-2026-25647

Lute is a structured Markdown engine supporting Go and JavaScript. Lute 1.7.6 and earlier as used in SiYuan before has a Stored Cross-Site Scripting XSS vulnerability in the Markdown rendering engine. An attacker can inject malicious JavaScript into a Markdown text/note. When another user clicks...

4.6CVSS5.5AI score0.00014EPSS

Exploits1References3Affected Software1

NVD•added 2026/02/06 6:15 p.m.•4 views

CVE-2026-24903

5.4CVSS0.00041EPSS

Exploits1References1

EUVD•added 2026/02/06 5:46 p.m.•4 views

EUVD-2026-5643

5.3CVSS5.8AI score0.00041EPSS

Exploits1References1

OSV•added 2026/02/06 5:46 p.m.•1 views

CVE-2026-24903 OrcaStatLLM Researcher Stored Cross-Site Scripting (XSS) via Log Message Injection in Session Page

5.3CVSS6AI score0.00041EPSS

Exploits1References3

Cvelist•added 2026/02/06 5:46 p.m.•24 views

CVE-2026-24903 OrcaStatLLM Researcher Stored Cross-Site Scripting (XSS) via Log Message Injection in Session Page

5.3CVSS0.00041EPSS

Exploits1References1

Vulnrichment•added 2026/02/06 4:41 p.m.•4 views

CVE-2019-25294 html5_snmp 1.11 - 'Remark' Persistent Cross-Site Scripting

html5snmp 1.11 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through the 'Remark' parameter in addrouteroperation.php. Attackers can craft a POST request with a script payload in the Remark field to execute arbitrary JavaScript in victi...

6.4CVSS5.4AI score0.00033EPSS

Exploits1References3

CVE•added 2026/02/06 4:41 p.m.•7 views

CVE-2019-25294

The vulnerability (CVE-2019-25294) affects html5_snmp 1.11. A persistent cross-site scripting flaw exists in add_router_operation.php via the Remark parameter. An attacker can send a crafted POST request containing a script payload in Remark, causing arbitrary JavaScript to execute in a victim’s ...

6.4CVSS5.4AI score0.00033EPSS

Exploits1References3Affected Software1

EUVD•added 2026/02/06 4:41 p.m.•6 views

EUVD-2019-19404

6.4CVSS5.4AI score0.00033EPSS

Exploits1References3

EUVD•added 2026/02/06 3:52 p.m.•5 views

EUVD-2025-206888

Mattermost Confluence plugin version 1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connectio...

7.7CVSS5.7AI score0.00015EPSS

Exploits0References1

Veracode•added 2026/02/06 10:13 a.m.•6 views

Reflected DOM-based Cross-Site Scripting (XSS)

gi-docgen is vulnerable to a reflected DOM-based Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in the q GET parameter, which allows an attacker to exploit it via a crafted URL to execute arbitrary JavaScript in the victim’s browser...

6.1CVSS5.9AI score0.00007EPSS

Exploits0References5Affected Software1

OSV•added 2026/02/06 7:16 a.m.•0 views

CVE-2026-0521

A reflected cross-site scripting XSS vulnerability in the PDF export functionality of the TYDAC AG MAP+ solution allows unauthenticated attackers to craft a malicious URL, that if visited by a victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered through...

6.1CVSS5.9AI score0.0003EPSS

Exploits1References2

CVE•added 2026/02/06 6:17 a.m.•9 views

CVE-2026-0521

CVE-2026-0521 is a reflected XSS in TYDAC AG MAP+ PDF export. Affects MAP+ 3.4.0; an unauthenticated attacker can craft a malicious URL that, when visited by a victim, executes arbitrary JavaScript in the victim’s context. Verified in MAP+: 3.4.0. Remediation: there is no confirmed fixed version ...

7.1CVSS5.4AI score0.0003EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/02/06 6:17 a.m.•3 views

CVE-2026-0521 Reflected Cross-Site Scripting in PDF Export Error Message

7.1CVSS5.4AI score0.0003EPSS

Exploits1References2

RedhatCVE•added 2026/02/06 1:26 a.m.•5 views

CVE-2025-70791

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...

6.1CVSS6AI score0.0002EPSS

Exploits1References1

RedhatCVE•added 2026/02/06 1:26 a.m.•6 views

CVE-2025-70792

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was...

6.1CVSS6AI score0.0002EPSS

Exploits1References1

Positive Technologies•added 2026/02/06 12:0 a.m.•4 views

PT-2026-6678

Name of the Vulnerable Software and Affected Versions TYDAC AG MAP+ version 3.4.0 Description A reflected cross-site scripting XSS flaw exists in the PDF export functionality. This allows unauthenticated attackers to create a malicious URL. If a victim accesses this URL, arbitrary JavaScript code...

7.1CVSS5.2AI score0.0003EPSS

Exploits1References6

OSV•added 2026/02/05 6:30 p.m.•4 views

GHSA-5JG5-XQFW-RV92 Microweber has a Cross-site Scripting vulnerability

Cross-site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...

6.3CVSS6.2AI score0.0002EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by