CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

58685 matches found

UbuntuCve•added 2026/05/14 6:16 a.m.•3 views

CVE-2026-6073

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to execute arbitrary JavaScript in other users' browsers due to improper input sanitization...

8.7CVSS6.1AI score0.00061EPSS

Exploits0References4

OSV•added 2026/05/14 6:16 a.m.•2 views

UBUNTU-CVE-2026-6073

8.7CVSS6.1AI score0.00061EPSS

Exploits0References5

UbuntuCve•added 2026/05/14 6:16 a.m.•4 views

CVE-2026-7377

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers d...

8.7CVSS6AI score0.00048EPSS

Exploits0References4

Debian CVE•added 2026/05/14 5:38 a.m.•9 views

CVE-2025-12669

Removed by vendor...

5.4CVSS5.8AI score0.0003EPSS

Exploits0

EUVD•added 2026/05/14 5:34 a.m.•3 views

EUVD-2026-30234

8.7CVSS6.1AI score0.00061EPSS

Exploits0References3

Vulnrichment•added 2026/05/14 5:34 a.m.•3 views

CVE-2026-6073 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

8.7CVSS6.1AI score0.00061EPSS

Exploits0References3

ATTACKERKB•added 2026/05/14 5:34 a.m.•5 views

CVE-2026-6073

8.7CVSS6.1AI score0.00061EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/14 5:33 a.m.•7 views

CVE-2026-7377 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

8.7CVSS6.1AI score0.00048EPSS

Exploits0References3

EUVD•added 2026/05/14 5:33 a.m.•3 views

EUVD-2026-30238

8.7CVSS6.1AI score0.00048EPSS

Exploits0References3

ATTACKERKB•added 2026/05/14 5:33 a.m.•3 views

CVE-2026-7377

8.7CVSS6.1AI score0.00048EPSS

Exploits0References4Affected Software1

EUVD•added 2026/05/14 5:33 a.m.•6 views

EUVD-2026-30240

GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to execute arbitrary JavaScript in other users' browsers due to improper input...

8.7CVSS6.1AI score0.00039EPSS

Exploits0References3

CVE•added 2026/05/14 5:33 a.m.•12 views

CVE-2026-7481

GitLab CVE-2026-7481 affects GitLab Enterprise Edition (EE) across all 16.4–18.x lines prior to specific patch releases. The issue is a Cross-site Scripting (XSS) flaw caused by improper input sanitization that could allow an authenticated user with developer-role permissions to cause arbitrary J...

8.7CVSS6.1AI score0.00039EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/05/14 5:33 a.m.•4 views

CVE-2026-7481 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

8.7CVSS6.1AI score0.00039EPSS

Exploits0References3

ATTACKERKB•added 2026/05/14 5:33 a.m.•6 views

CVE-2026-7481

8.7CVSS6.1AI score0.00039EPSS

Exploits0References4Affected Software1

EUVD•added 2026/05/14 3:27 a.m.•5 views

EUVD-2026-30215

The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in the updategallerydata function and improper output escaping in the galleryinit function. The...

6.4CVSS6AI score0.00016EPSS

Exploits0References6

Tenable Nessus•added 2026/05/14 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-8388

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11,...

6.5CVSS5.8AI score0.00043EPSS

Exploits0References3

Tenable Nessus•added 2026/05/14 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-8336

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - After invoking $internalJsEmit, which is not intended to be directly accessible, or mapreduce command's map function in a certain way, an authenticated user can...

7.7CVSS5.8AI score0.00082EPSS

Exploits0References2

Positive Technologies•added 2026/05/14 12:0 a.m.•4 views

PT-2026-41153

Summary A stored cross-site scripting vulnerability was identified in the image widget functionality. A user with the Editor role can configure an image widget link to use a javascript: URL payload. Because editors have permission to publish pages, the malicious widget can be published to the liv...

7.3CVSS5.8AI score

Exploits0References4

Positive Technologies•added 2026/05/14 12:0 a.m.•7 views

PT-2026-41019

Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in a department they cannot read. The endpoint accepts arbitrary chat object fields, so the user can...

8.1CVSS5.9AI score0.00032EPSS

Exploits0References2

Tenable Nessus•added 2026/05/14 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-8389

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3. CVE-2026-8389 Note that Nessus relies on the presen...

8.8CVSS5.8AI score0.00016EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by