CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6398 matches found

NVD•added 2026/04/09 4:17 a.m.•1 views

CVE-2026-4429

The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'markername' and 'filecolorlist' shortcode attribute of the osmmapv3 shortcode in all versions up to and including 6.1.15. This is due to insufficient input sanitization and output escaping. This mak...

6.4CVSS0.00073EPSS

Exploits0References10

Cvelist•added 2026/04/09 2:25 a.m.•23 views

CVE-2026-4429 OSM <= 6.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'marker_name' Shortcode Attribute

6.4CVSS0.00073EPSS

Exploits0References10

ATTACKERKB•added 2026/04/09 2:25 a.m.•0 views

CVE-2026-4429

6.4CVSS6.1AI score0.00073EPSS

Exploits0References11

CVE•added 2026/04/09 2:25 a.m.•5 views

CVE-2026-4429

CVE-2026-4429 concerns the WordPress plugin OSM – OpenStreetMap (vulnerable up to 6.1.15). The flaw is a Stored Cross‑Site Scripting via the [osm_map_v3] shortcode attributes, specifically marker_name and file_color_list , due to insufficient input sanitization and output escaping. With authentic...

6.4CVSS6.1AI score0.00073EPSS

Exploits0References10

SUSE Linux•added 2026/04/09 1:53 a.m.•2 views

Security update for the Linux Kernel (Live Patch 15 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.70 fixes various security issues The following security issues were fixed: CVE-2025-39973: i40e: add validation for ringlen param bsc1252036. CVE-2025-40018: ipvs: Defer ipvsftp unregister during netns cleanup bsc1252689...

8.7CVSS6.6AI score0.00063EPSS

Exploits5References32

Positive Technologies•added 2026/04/09 12:0 a.m.•3 views

PT-2026-31701

Name of the Vulnerable Software and Affected Versions EnTech Taiwan PowerStrip versions up to and including 3.90.736 Description The pstrip64.sys driver in EnTech Taiwan PowerStrip allows local users to escalate privileges to SYSTEM via a crafted IOCTL request. This enables unprivileged users to...

7.8CVSS5.8AI score0.00015EPSS

Exploits1References10

Positive Technologies•added 2026/04/09 12:0 a.m.•4 views

PT-2026-31633

A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation,...

6.2AI score0.00015EPSS

Exploits0References4

OPENSUSE Linux•added 2026/04/09 12:0 a.m.•2 views

Security update for mapserver (moderate)

openSUSE security update: security update for mapserver ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20476-1 Rating: moderate References: bsc1260869 Cross-References: CVE-2026-33721 Affected Products: openSUSE Leap 16.0...

7.5CVSS5.9AI score0.003EPSS

Exploits1References1

Positive Technologies•added 2026/04/09 12:0 a.m.•1 views

PT-2026-31728

Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the filter keyword parameter. Attackers can craft URLs containing JavaScript payloads in the filter keyword GET parameter of the...

6.1CVSS6.2AI score0.00042EPSS

Exploits0References5

SUSE CVE•added 2026/04/08 11:25 p.m.•2 views

SUSE CVE-2026-32288

tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...

4.3CVSS5.8AI score0.00004EPSS

Exploits0References9

EUVD•added 2026/04/08 9:33 p.m.•3 views

EUVD-2026-20645

The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elevation-track' shortcode in all versions up to, and including, 4.14. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

6.4CVSS6.1AI score0.00046EPSS

Exploits0References7

NVD•added 2026/04/08 9:17 p.m.•1 views

CVE-2026-5451

6.4CVSS0.00046EPSS

Exploits0References6

CVE•added 2026/04/08 8:25 p.m.•5 views

CVE-2026-5451

CVE-2026-5451 affects the WordPress plugin Extensions for Leaflet Map . The vulnerability is a stored XSS via the elevation-track shortcode in all versions up to and including 4.14, caused by insufficient input sanitization and output escaping on user-supplied attributes. An attacker with Contrib...

6.4CVSS6.1AI score0.00046EPSS

Exploits0References6

ATTACKERKB•added 2026/04/08 8:25 p.m.•0 views

CVE-2026-5451

6.4CVSS6.1AI score0.00046EPSS

Exploits0References7

Cvelist•added 2026/04/08 8:25 p.m.•18 views

CVE-2026-5451 Extensions for Leaflet Map <= 4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'elevation-track' Shortcode

6.4CVSS0.00046EPSS

Exploits0References6

Vulnrichment•added 2026/04/08 8:25 p.m.•1 views

CVE-2026-5451 Extensions for Leaflet Map <= 4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'elevation-track' Shortcode

6.4CVSS6.1AI score0.00046EPSS

Exploits0References6

EUVD•added 2026/04/08 9:31 a.m.•1 views

EUVD-2026-20307

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through = 3.4.4...

5.9AI score0.00039EPSS

Exploits0References2

NVD•added 2026/04/08 9:16 a.m.•1 views

CVE-2026-39646

6.5CVSS0.00039EPSS

Exploits0References1

Cvelist•added 2026/04/08 8:30 a.m.•18 views

CVE-2026-39646 WordPress Leaflet Map plugin <= 3.4.4 - Cross Site Scripting (XSS) vulnerability

6.5CVSS0.00039EPSS

Exploits0References1

Vulnrichment•added 2026/04/08 8:30 a.m.•1 views

CVE-2026-39646 WordPress Leaflet Map plugin <= 3.4.4 - Cross Site Scripting (XSS) vulnerability