CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5941 matches found

Positive Technologies•added 2026/06/03 12:0 a.m.•15 views

PT-2026-46118

Name of the Vulnerable Software and Affected Versions Docling versions 2.82.0 through 2.90.x Description When the HTML backend is explicitly configured for rendering, the Playwright-based rendering feature allows JavaScript execution and unrestricted network access during the processing of...

8.2CVSS6.7AI score0.00162EPSS

Exploits0References5

EUVD•added 2026/06/03 12:0 a.m.•9 views

EUVD-2026-34156

A Cross Site Scripting vulnerability exists in the Kimi AI v1.0 web interface's 'Preview' feature. The application fails to properly sanitize or encode HTML/JavaScript payloads generated by the AI model. When a user switches to the 'Preview' tab to view AI-generated code, the malicious payload is...

6.3CVSS6AI score0.0027EPSS

Exploits0References2

Cvelist•added 2026/06/03 12:0 a.m.•39 views

CVE-2026-39107

0.0027EPSS

Exploits0References2

Positive Technologies•added 2026/06/03 12:0 a.m.•8 views

PT-2026-46005

Name of the Vulnerable Software and Affected Versions Kimi AI version 1.0 Description A Cross Site Scripting issue exists in the 'Preview' feature of the web interface. The application does not properly sanitize or encode HTML or JavaScript payloads produced by the AI model. When a user accesses...

6.3CVSS6.1AI score0.0027EPSS

Exploits0References4

CVE•added 2026/06/03 12:0 a.m.•20 views

CVE-2026-39107

CVE-2026-39107 affects the Kimi AI v1.0 web interface, specifically the Preview feature. The issue is a Cross Site Scripting vulnerability where HTML/JavaScript payloads generated by the AI model are not properly sanitized or encoded, causing the payload to be rendered into the DOM when users vie...

6.3CVSS6AI score0.0027EPSS

Exploits0References2

RedhatCVE•added 2026/06/02 10:2 p.m.•12 views

CVE-2026-24754

Kiteworks is a private data network PDN. Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

5.4CVSS6.1AI score0.00136EPSS

Exploits0References1

NVD•added 2026/06/02 3:16 a.m.•11 views

CVE-2026-10510

Cross-Site Scripting XSS in GeniexWebView component in Transsion AI Assistant Lifestyle application com.transsion.aiassistantlifestyle all versions on Android allows remote attacker to execute arbitrary JavaScript in the WebView context via crafted webactiondata URL parameter...

6.1CVSS0.00155EPSS

Exploits0References1

EUVD•added 2026/06/02 1:56 a.m.•11 views

EUVD-2026-33874

6.1CVSS6.1AI score0.00155EPSS

Exploits0References1

NVD•added 2026/06/01 11:16 p.m.•16 views

CVE-2026-24754

5.4CVSS0.00136EPSS

Exploits0References1

CVE•added 2026/06/01 9:46 p.m.•17 views

CVE-2026-24754

CVE-2026-24754 affects Kiteworks, where a stored XSS vulnerability exists in Secure Data Forms prior to version 9.3.0. An authenticated attacker could execute arbitrary JavaScript in other users’ sessions. The issue is mitigated by upgrading to Kiteworks version 9.3.0 or later, which provides a p...

5.4CVSS6.1AI score0.00136EPSS

Exploits0References1Affected Software1

NVD•added 2026/06/01 1:16 p.m.•18 views

CVE-2026-9308

Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. This vulnerability was...

5.4CVSS0.00157EPSS

Exploits0References2

ATTACKERKB•added 2026/06/01 11:24 a.m.•7 views

CVE-2026-9309

Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in arbitrary JavaScrip...

5.4CVSS6AI score0.00157EPSS

Exploits0References3

Vulnrichment•added 2026/06/01 11:24 a.m.•8 views

CVE-2026-9309 Arbitrary JavaScript execution in internal pages via Reader View JSON-LD injection

6AI score0.00157EPSS

Exploits0References2

CVE•added 2026/06/01 11:24 a.m.•15 views

CVE-2026-9309

CVE-2026-9309 affects Firefox for iOS Reader View. The issue is improper escaping of HTML tags in JSON-LD metadata, enabling a malicious page to inject markup that leaks sensitive URL parameters and could lead to arbitrary JavaScript execution in an internal origin. Impact is described as access ...

5.4CVSS6AI score0.00157EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/06/01 11:24 a.m.•31 views

CVE-2026-9309 Arbitrary JavaScript execution in internal pages via Reader View JSON-LD injection

0.00157EPSS

Exploits0References2

CVE•added 2026/06/01 11:24 a.m.•26 views

CVE-2026-9308

CVE-2026-9308 affects Firefox for iOS Reader View. The issue occurs when HTML templates are processed before internal placeholders are replaced, allowing a malicious page to substitute a placeholder with JSON-LD data and potentially execute arbitrary JavaScript. The fix is in Firefox for iOS 151....

5.4CVSS5.9AI score0.00157EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/06/01 11:24 a.m.•29 views

CVE-2026-9308 Arbitrary JavaScript execution in Reader View due to wrong HTML replacement order

0.00157EPSS

Exploits0References2

EUVD•added 2026/06/01 11:24 a.m.•8 views

EUVD-2026-33629

5.4CVSS5.9AI score0.00157EPSS

Exploits0References2

Vulnrichment•added 2026/06/01 11:24 a.m.•9 views

CVE-2026-9308 Arbitrary JavaScript execution in Reader View due to wrong HTML replacement order