CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/02/12 8:49 a.m.•5 views

CVE-2025-41117 XSS in Grafana Explore stack trace

6.8CVSS5.5AI score0.0024EPSS

CNNVD•added 2026/02/12 12:0 a.m.•3 views

Grafana 安全漏洞

Grafana is a set of open-source monitoring tools developed by Grafana Open Source, which provide a visual monitoring interface. This tool is primarily used for monitoring and analyzing Graphite, InfluxDB, and Prometheus. Grafana has a security vulnerability, where stack traces in the Explore Trac...

6.8CVSS5.8AI score0.0024EPSS

ATTACKERKB•added 2026/02/11 9:5 a.m.•5 views

CVE-2025-13648

An attacker with access to the web application ZeusWeb of the provider Microcom in this case, registration is required who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Name’ and “Surname” parameters within the ‘My Account’ section at the...

4.8CVSS5.7AI score0.00227EPSS

Exploits0References5Affected Software1

RedhatCVE•added 2026/02/11 7:30 a.m.•2 views

CVE-2026-24325

SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting XSS vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets executed when the user visits the compromised page.Th...

CNNVD•added 2026/02/11 12:0 a.m.•23 views

Statamic 跨站脚本漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows for storing all content, templates, assets, and settings in files rather than in a database. Versions of Statamic 6.0.0 to 6.2.3 had a cross-site scripting vulnerability, which originated from stored cross-site...

8.7CVSS5.7AI score0.00293EPSS

Exploits0References3

OSV•added 2026/02/10 7:16 a.m.•5 views

CVE-2026-2099

AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...

5.4CVSS5.8AI score0.00165EPSS

NVD•added 2026/02/10 7:16 a.m.•5 views

CVE-2026-2099

5.4CVSS0.00165EPSS

CVE•added 2026/02/10 7:9 a.m.•10 views

CVE-2026-2099

CVE-2026-2099 concerns AgentFlow by Flowring, which presents a Stored Cross-Site Scripting (XSS) vulnerability. Authe nticated remote attackers can inject persistent JavaScript that executes in users’ browsers when the page loads. Current metrics (TW CERT references) indicate a MEDIUM severity wi...

5.4CVSS5.5AI score0.00165EPSS

Exploits0References2Affected Software1

NVD•added 2026/02/10 4:16 a.m.•7 views

CVE-2026-24325

4.8CVSS0.00185EPSS

Vulnrichment•added 2026/02/10 3:4 a.m.•3 views

CVE-2026-24325 Cross Site Scripting (XSS) vulnerability in SAP BusinessObjects Enterprise (Central Management Console)

CVE•added 2026/02/10 3:4 a.m.•9 views

CVE-2026-24325

SAP BusinessObjects Enterprise contains a Stored XSS flaw due to insufficient encoding of user-controlled inputs. An admin user could inject JavaScript that executes when visiting the affected page. The issue has a CVSS v3.1 base score of 4.8 (Medium) with Network access, Low confidentiality and ...

Exploits0References2Affected Software1

Positive Technologies•added 2026/02/10 12:0 a.m.•5 views

PT-2026-7224

Positive Technologies•added 2026/02/09 12:0 a.m.•5 views

Exploits0References3

PT-2026-7117

Hitron HI3120 v7.2.4.5.2b1 allows stored XSS via the Parental Control option when creating a new filter. The device fails to properly handle inputs, allowing an attacker to inject and execute JavaScript...

5.5AI score0.00151EPSS

RedhatCVE•added 2026/02/07 7:30 p.m.•5 views

CVE-2025-13523

Mattermost Confluence plugin version 1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connectio...

7.7CVSS5.7AI score0.00189EPSS