CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/02/09 4:15 a.m.•3 views

CVE-2025-66606

9.6CVSS5.7AI score0.00217EPSS

NVD•added 2026/02/09 4:15 a.m.•4 views

CVE-2025-66606

9.6CVSS0.00217EPSS

Vulnrichment•added 2026/02/09 3:6 a.m.•3 views

CVE-2025-66606

2.1CVSS5.3AI score0.00217EPSS

ATTACKERKB•added 2026/02/09 3:6 a.m.•5 views

CVE-2025-66606

2.1CVSS5.3AI score0.00217EPSS

Positive Technologies•added 2026/02/09 12:0 a.m.•3 views

PT-2026-7054

2.1CVSS5.3AI score0.00217EPSS

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-23979

Malicious code in bioql PyPI...

4.6CVSS4.2AI score0.00193EPSS

CVE•added 2025/08/08 4:34 a.m.•57 views

CVE-2025-54940

Summary of CVE-2025-54940 : A HTML injection vulnerability exists in WordPress plugin Advanced Custom Fields prior to version 6.4.3 . Attackers may have crafted HTML that is rendered, potentially tampering with page display. This vulnerability is evidenced across multiple feeds (NVD, RH, JVN, CNV...

4.6CVSS4AI score0.00193EPSS

CNVD•added 2025/07/23 12:0 a.m.•0 views

WordPress WP Delicious Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress WP Delicious, which stems from improper input neutralization, and can be exploited by attackers to tamper with web...

6.5CVSS6.2AI score0.00165EPSS

OSV•added 2024/06/05 5:24 p.m.•5 views

GHSA-4542-P56H-8XWW Cross-Site Scripting (XSS) vulnerabilities in Neos

It has been discovered that Neos is vulnerable to several XSS attacks. Through these vulnerabilities, an attacker could tamper with page rendering, redirect victims to a fake login page, or capture user credentials such as cookies. With the potential backdoor upload an attacker could gain access ...

6.4AI score

Exploits0References3

BDU FSTEC•added 2023/04/12 12:0 a.m.•2 views

The vulnerability of the OpenID Connect Login service for the Keycloak identity and access management software allows a hacker to disclose protected information, alter the appearance of the web page, and perform phishing attacks.

The vulnerability of the OpenID Connect Login service for the Keycloak identity management and access control system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information, alter the...

9.4CVSS6.6AI score0.01149EPSS

Exploits0References3Affected Software2

BDU FSTEC•added 2022/10/06 12:0 a.m.•4 views

The vulnerabilities of Firefox browsers, Firefox ESR, and the Thunderbird email client stem from the lack of measures taken to protect the structure of web pages. This allows attackers to disclose protected information, alter the appearance of web pages, and perform phishing attacks.

The vulnerability in web browsers Firefox, Firefox ESR, and the email client Thunderbird exists due to the lack of security measures for protecting the structure of web pages. Exploiting this vulnerability allows a malicious actor to disclose protected information, alter the appearance of web...

6.4CVSS6.6AI score0.00493EPSS

Exploits0References13Affected Software15

CNNVD•added 2022/04/28 12:0 a.m.•2 views

Limbas 跨站脚本漏洞

Limbas is a web-based enterprise software factory. A cross-site scripting vulnerability exists in Limbas version 4.3.36.1319, which can be exploited to execute malicious code, tamper with pages to perform phishing attacks, and trick users into logging in again and then obtaining their login...

6.1CVSS5.3AI score0.01085EPSS

Exploits1References4

CNNVD•added 2022/04/28 12:0 a.m.•2 views

WBCE CMS 跨站脚本漏洞

WBCE CMS is a WBCB CMS forum that converts HTML to WBCB CMS templates.A cross-site scripting vulnerability exists in WBCE CMS version 1.5.2, which can be exploited by attackers to execute malicious code, tamper with pages to perform phishing attacks, and trick users into logging in again and then...

6.1CVSS5.2AI score0.00928EPSS

Exploits1References3

CNVD•added 2018/03/07 12:0 a.m.•2 views

Jspxcms has an XSS vulnerability

jspxcms is an open source, Java-based content management system CMS. Jspxcms suffers from an XSS vulnerability, which is due to the system failing to strictly filter user input information. An attacker can exploit this vulnerability to insert XSS execution code to directly trigger pop-up window...

6.7AI score

OSV•added 2018/01/08 3:38 p.m.•1 views

USN-3519-1 tomcat7, tomcat8 vulnerabilities

It was discovered that Tomcat incorrectly handled certain pipelined requests when sendfile was used. A remote attacker could use this issue to obtain wrong responses possibly containing sensitive information. CVE-2017-5647 It was discovered that Tomcat incorrectly used the appropriate facade...

9.1CVSS6.7AI score0.1684EPSS

Exploits1References5

CNVD•added 2017/12/20 12:0 a.m.•1 views

Cross-Site Request Forgery Vulnerability in ECshop

ECShop is a B2C independent online store system, suitable for enterprises and individuals to quickly build a personalized online store. The system is based on PHP language and MYSQL database structure development of cross-platform open source program. ECshop cross-site request forgery...

6.9AI score

CNVD•added 2017/04/27 12:0 a.m.•1 views

Reflective XSS cross-site scripting vulnerability in Youdiancms enterprise website management system

Youdiancms Enterprise Website Management System is an enterprise website building system developed by Changsha Youdian Software Technology Co. An XSS cross-site scripting vulnerability exists in the index.php/channel/search/ page of the Youdiancms enterprise website management system. An attacker...

5.8AI score

Packet Storm•added 2015/04/01 12:0 a.m.•46 views

NASA.gov Cross Site Scripting

Exploit Title: NASA.gov main-domain DOM-XSS Date: 01/04/2015 Author: Yann CAM - Georges TAUPIN @ Synetis - ASafety Vendor or Software Link: www.nasa.gov Version: / Category: DOM-XSS Google dork: Tested on: NASA.gov main-domain NASA description :...

7.4AI score