CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4532 matches found

OSSF Malicious Packages•added 2026/02/02 12:2 a.m.•5 views

Malicious code in hangimani (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4eb1b67eac28a42f372ecaaca274a28d15972e3cc8e063492f977364538e6c41 During importing the module, package downloads a second-stage code from GitHub, which then runs an infostealer. After that, the downloaded code is removed ---...

6AI score

Exploits0References3

OSV•added 2026/02/02 12:2 a.m.•2 views

MAL-2026-625 Malicious code in hangimani (PyPI)

6AI score

Exploits0References3

Packet Storm News•added 2026/02/02 12:0 a.m.•5 views

WordPress Blubrry PowerPress 6.0 Cross Site Scripting

A cross site scripting vulnerability exists in Blubrry PowerPress WordPress Plugin version 6.0. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

4.3CVSS5.2AI score0.00633EPSS

Exploits3

Packet Storm News•added 2026/02/02 12:0 a.m.•3 views

Flat Nuke 3.1.2 Cross Site Scripting

A cross site scripting vulnerability exists in Flat Nuke version 3.1.2. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score

Exploits0

Packet Storm News•added 2026/02/02 12:0 a.m.•2 views

Subrion CMS 3.2.2 Cross Site Scripting

A cross site scripting vulnerability exists in Subrion CMS version 3.2.2. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

4.3CVSS5.2AI score0.0033EPSS

Exploits1

Packet Storm News•added 2026/02/02 12:0 a.m.•2 views

SpiderFoot 2.7.1 Cross Site Scripting

Multiple reflected cross site scripting vulnerabilities exist in SpiderFoot version 2.7.1. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score

Exploits0

Packet Storm News•added 2026/02/02 12:0 a.m.•3 views

MailPoet Newsletters 2.6.19 Cross Site Scripting

A cross site scripting vulnerability exists in MailPoet Newsletters WordPress Plugin version 2.6.19. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

4.3CVSS5.2AI score0.00359EPSS

Exploits0

Packet Storm News•added 2026/02/02 12:0 a.m.•2 views

Storytlr 1.2.0 Cross Site Scripting

Multiple reflected cross site scripting vulnerabilities exist in Storytlr version 1.2.0. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score

Exploits0

Packet Storm News•added 2026/02/02 12:0 a.m.•3 views

TWiki 6.0.1 Cross Site Scripting

A cross site scripting vulnerability exists in TWiki version 6.0.1 via the QUERYSTRING parameter. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

4.3CVSS5.2AI score0.00336EPSS

Exploits2

OSV•added 2026/02/01 7:10 p.m.•3 views

MAL-2026-623 Malicious code in marshl (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e44ea5c8f70f7ca994880bf0bc0a6b2ffe444b3c57852ab81d0426fdbc8f6f22 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

5.9AI score

Exploits0References2

OSV•added 2026/02/01 1:15 p.m.•1 views

CVE-2022-50942

Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the EventListener.handleEvent method to execute arbitrary scripts, potentially leading to session hijacki...

4.8CVSS6AI score

Exploits0References4

NVD•added 2026/02/01 1:15 p.m.•3 views

CVE-2022-50940

Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script code in the name parameter. Attackers can exploit the vulnerability to execute arbitrary scripts in users and activity log backend modules, potentially...

6.4CVSS0.00136EPSS

Exploits0References3

Cvelist•added 2026/02/01 12:56 p.m.•27 views

CVE-2023-54343 QWE DL 2.0.1 Persistent XSS Vulnerability via Path Parameter

QWE DL 2.0.1 mobile web application contains a persistent input validation vulnerability allowing remote attackers to inject malicious script code through path parameter manipulation. Attackers can exploit the vulnerability to execute persistent cross-site scripting attacks, potentially leading t...

6.4CVSS0.00019EPSS

Exploits0References3

Cvelist•added 2026/02/01 12:15 p.m.•28 views

CVE-2022-50942 Incinga Web 2.8.2 Client-Side Cross-Site Scripting via EventListener

5.4CVSS0.00079EPSS

Exploits0References4

CVE•added 2026/02/01 12:15 p.m.•7 views

CVE-2022-50942

Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerability that enables attackers to inject scripts via the icinga.min.js file by exploiting EventListener.handleEvent. This can lead to session hijacking and non-persistent phishing attacks. The issue is described across multiple s...

5.4CVSS5.5AI score0.00079EPSS

Exploits0References4

ATTACKERKB•added 2026/02/01 12:15 p.m.•3 views

CVE-2022-50940

6.4CVSS6.1AI score0.00136EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/02/01 12:15 p.m.•1 views

CVE-2022-50797 Stripe Green Downloads Wordpress Plugin 2.03 Persistent XSS via Settings

Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session hijacking and...

6.4CVSS5.5AI score0.00039EPSS

Exploits0References3

Vulnrichment•added 2026/02/01 12:15 p.m.•3 views

CVE-2021-47920 WebMO Job Manager 20.0 Cross-Site Scripting via Search Parameters

WebMO Job Manager 20.0 contains a cross-site scripting vulnerability in search parameters that allows remote attackers to inject malicious script code. Attackers can exploit the filterSearch and filterSearchType parameters to perform non-persistent attacks including session hijacking and external...

5.4CVSS5.1AI score0.00019EPSS

Exploits0References3

ATTACKERKB•added 2026/02/01 12:15 p.m.•3 views

CVE-2022-50797

6.4CVSS6.1AI score0.00039EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/02/01 12:15 p.m.•27 views

CVE-2021-47917 Simple CMS 2.1 Persistent Cross-Site Scripting via User Input Parameters

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...

6.4CVSS0.00021EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by