CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7641 matches found

Positive Technologies•added 2026/02/01 12:0 a.m.•7 views

PT-2026-5564

Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks...

6.4CVSS6.1AI score0.00288EPSS

Exploits1References4

CNNVD•added 2026/02/01 12:0 a.m.•5 views

PHPSUGAR PHP Melody 跨站脚本漏洞

PHPSUGAR PHP Melody is a content management system developed by PHPSUGAR. The PHPSUGAR PHP Melody 3.0 version has a cross-site scripting vulnerability. This vulnerability stems from the submitted parameter in the edit-video.php file, which has a persistent cross-site scripting vulnerability. This...

6.4CVSS5.7AI score0.00303EPSS

Exploits1References4

Positive Technologies•added 2026/02/01 12:0 a.m.•5 views

PT-2026-5574

QWE DL 2.0.1 mobile web application contains a persistent input validation vulnerability allowing remote attackers to inject malicious script code through path parameter manipulation. Attackers can exploit the vulnerability to execute persistent cross-site scripting attacks, potentially leading t...

6.4CVSS6AI score0.00305EPSS

Exploits0References4

Positive Technologies•added 2026/02/01 12:0 a.m.•6 views

PT-2026-5558

PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation...

6.4CVSS5.9AI score0.00217EPSS

Exploits1References5

NVD•added 2026/01/30 5:16 p.m.•3 views

CVE-2020-37003

Sellacious eCommerce 4.6 contains a persistent cross-site scripting vulnerability in the Manage Your Addresses module that allows attackers to inject malicious scripts. Attackers can exploit multiple address input fields like full name, company, and address to execute persistent script code that...

6.4CVSS0.00252EPSS

Exploits0References5

UbuntuCve•added 2026/01/30 5:16 p.m.•3 views

CVE-2020-37014

Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user...

6.4CVSS6AI score0.00311EPSS

Exploits0References7

ATTACKERKB•added 2026/01/30 4:16 p.m.•6 views

CVE-2020-37022

OpenZ ERP 3.6.60 contains a persistent cross-site scripting vulnerability in the Employee module's name and description parameters. Attackers can inject malicious scripts through POST requests to , enabling session hijacking and manipulation of application modules...

6.4CVSS5.8AI score0.00252EPSS

Exploits0References5

Vulnrichment•added 2026/01/30 4:16 p.m.•5 views

CVE-2020-37014 Tryton 5.4 - Persistent Cross-Site Scripting

6.4CVSS5.9AI score0.00311EPSS

Exploits0References5

ATTACKERKB•added 2026/01/30 4:16 p.m.•6 views

CVE-2020-37003

6.4CVSS6AI score0.00252EPSS

Exploits0References5

EUVD•added 2026/01/30 4:16 p.m.•4 views

EUVD-2020-30961

6.4CVSS6AI score0.00252EPSS

Exploits0References5

Cvelist•added 2026/01/30 4:16 p.m.•29 views

CVE-2020-37003 Sellacious eCommerce 4.6 - Persistent Cross-Site Scripting

6.4CVSS0.00252EPSS

Exploits0References5

CVE•added 2026/01/30 4:16 p.m.•15 views

CVE-2020-36966

CVE-2020-36966 affects Dolibarr 11.0.3: a persistent XSS in LDAP synchronization (/dolibarr/admin/ldap.php) allows injection via host, slave, and port parameters, enabling arbitrary JavaScript execution and potential cookie theft. Public sources describe the vulnerability; no patch details are pr...

6.4CVSS6AI score0.00244EPSS

Exploits0References3

Cvelist•added 2026/01/30 4:16 p.m.•32 views

CVE-2020-36998 forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting

Forma.lms The E-Learning Suite 2.3.0.2 contains a persistent cross-site scripting vulnerability in multiple course and profile parameters. Attackers can inject malicious scripts in course code, name, description fields, and email parameter to execute arbitrary JavaScript without proper input...

6.4CVSS0.00252EPSS

Exploits0References4

Positive Technologies•added 2026/01/30 12:0 a.m.•8 views

PT-2026-5413

6.4CVSS6AI score0.00252EPSS

Exploits0References5

Packet Storm News•added 2026/01/30 12:0 a.m.•6 views

Semantic-Aware Advanced Persistent Threat Detection Using Autoencoders on LLM-Encoded System Logs

Advanced Persistent Threats APTs are among the most challenging cyberattacks to detect. They are carried out by highly skilled attackers who carefully study their targets and operate in a stealthy, long-term manner. Because APTs exhibit "low-and-slow" behavior, traditional statistical methods and...

5.4AI score

Exploits0

ATTACKERKB•added 2026/01/29 2:28 p.m.•3 views

CVE-2020-37018

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through message subjects. Attackers can craft messages with embedded JavaScript that will execute when an administrator reads the message, potentially stealing...

6.4CVSS5.9AI score0.0024EPSS

Exploits0References3Affected Software1

CVE•added 2026/01/29 2:28 p.m.•9 views

CVE-2020-37018

CVE-2020-37018 ffects GOautodial 4.0: a persistent cross-site scripting (XSS) vulnerability allows authenticated agents to inject malicious scripts via message subjects. Crafted messages with embedded JavaScript can execute when an administrator reads the message, potentially leaking session cook...

6.4CVSS5.9AI score0.0024EPSS

Exploits0References3

CNNVD•added 2026/01/29 12:0 a.m.•5 views

GOautodial cross-site scripting vulnerability

GOautodial is an open-source next-generation omnichannel contact center suite developed by GOautodial. Version 4.0 of GOautodial contains a cross-site scripting vulnerability. This vulnerability arises because authenticated proxies can inject malicious scripts through message subjects, potentiall...

6.4CVSS5.6AI score0.0024EPSS

Exploits0References3

NCSC•added 2026/01/28 3:46 p.m.•19 views

Vulnerabilities fixed in Fortinet products

Fortinet has fixed vulnerabilities in FortiOS, FortiProxy, FortiWeb and FortiSwitchManager. The vulnerabilities allow unauthenticated attackers to gain access to systems by using various techniques, including bypassing FortiCloud SSO login authentication via specially crafted SAML messages,...

9.8CVSS7.6AI score0.65825EPSS

Exploits1References9

Veracode•added 2026/01/28 8:31 a.m.•11 views

Arbitrary File Write

Shopware is vulnerable to Arbitrary file write. The vulnerability is due to insufficient validation of uploaded plugin files, which allows an attacker to write files to arbitrary directories and upload a PHP shell, resulting in persistent shell access on on-premises installations...

6AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by