CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/28 12:0 a.m.•6 views

rustfs 安全漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions of RustFS prior to 1.0.0-beta.2 contained a security vulnerability. This vulnerability arises when RUSTFSCORSALLOWEDORIGINS is not set; in such cases, ConditionalCorsLayer reflects the Origin value and sets a relaxed...

6CVSS5.8AI score0.00015EPSS

CNNVD•added 2026/05/27 12:0 a.m.•6 views

WordPress plugin Felan Framework 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...

7.1CVSS5.7AI score0.00036EPSS

CNNVD•added 2026/05/27 12:0 a.m.•5 views

WordPress plugin Gutenverse 跨站脚本漏洞

6.1CVSS5.7AI score0.00089EPSS

Snyk•added 2026/05/26 11:47 p.m.•5 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the REST API search and collection query endpoints. An attacker can execute arbitrary methods on model objects by supplying crafted queries, potentiall...

8.8CVSS6AI score

Exploits0References2

GithubExploit•added 2026/05/26 11:45 a.m.•42 views

XSSaudit

XSSAudit v2.0 — Advanced XSS Vulnerability Scanner For au...

6AI score

Exploits0

OSV•added 2026/05/23 12:8 a.m.•3 views

GHSA-W4G9-MXGG-J532 Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification

Summary nezha's dashboard supports two user roles: RoleAdmin Role==0 and RoleMember Role==1. The notification routes POST /api/v1/notification and PATCH /api/v1/notification/:id are wired through commonHandler rather than adminHandler — so a RoleMember user can call them. These handlers...

8.5CVSS5.8AI score

CNNVD•added 2026/05/21 12:0 a.m.•5 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of the frmaddstr POST parameter in the ics214.php file, allowing uncleane...

5.4CVSS5.8AI score0.00029EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux, bluez

In the Bluetooth Core Specification 2.1 through 5.2, Bluetooth LE and BR/EDR secure pairing mechanisms may allow a nearby man-in-the-middle attacker to identify the Passkey used during pairing in the Passkey authentication procedure by reflecting the public key and the authentication evidence of...

4.3CVSS6.8AI score0.00034EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в zabbix

The endpoint /zabbix.php?action=export.valuemaps is vulnerable to a Cross-Site Scripting attack due to the backurl parameter. This vulnerability arises from the reflection of user-provided data without proper HTML escaping or output encoding. As a result, a JavaScript payload may be injected into...

7.5CVSS7.3AI score0.00142EPSS

Exploits0References2

EUVD•added 2026/05/20 1:25 a.m.•7 views

EUVD-2026-31024

The SponsorMe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.1CVSS6AI score0.00089EPSS

Cvelist•added 2026/05/20 1:25 a.m.•31 views

CVE-2026-8626 SponsorMe <= 0.5.2 - Reflected Cross-Site Scripting via PHP_SELF Parameter

6.1CVSS0.00089EPSS

Positive Technologies•added 2026/05/20 12:0 a.m.•8 views

PT-2026-42083

Name of the Vulnerable Software and Affected Versions SponsorMe versions prior to 0.5.3 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts into pages. This occurs when a user is tricked into clicking a crafted link. The...

6.1CVSS5.9AI score0.00089EPSS

Exploits0References6

CNNVD•added 2026/05/20 12:0 a.m.•6 views

Beyaz CityPLus 跨站脚本漏洞

Beyaz CityPLus is a comprehensive management information system developed by the Turkish company Beyaz. Versions of Beyaz CityPLus prior to V24.29750.1.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input during the web page generation process, and coul...

7.6CVSS5.7AI score0.00037EPSS

CNNVD•added 2026/05/20 12:0 a.m.•7 views

WordPress plugin VatanSMS WP SMS 跨站脚本漏洞

6.1CVSS5.6AI score0.00095EPSS

CNNVD•added 2026/05/20 12:0 a.m.•6 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of Tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-based cross-site scripting vulnerability in the search.php file. It...

CNNVD•added 2026/05/20 12:0 a.m.•6 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-based cross-site scripting flaw in the dounitmail.php file. It could...

CNNVD•added 2026/05/20 12:0 a.m.•5 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-based cross-site scripting vulnerability in the single.php file. It...

CNNVD•added 2026/05/20 12:0 a.m.•7 views

tickets 跨站脚本漏洞