CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/03/30 7:43 p.m.•2 views

CVE-2026-32275 Tautulli: Unsanitized JSONP callback parameter allows cross-origin script injection and API key theft

7.4CVSS5.8AI score0.00026EPSS

Cvelist•added 2026/03/30 7:43 p.m.•19 views

CVE-2026-32275 Tautulli: Unsanitized JSONP callback parameter allows cross-origin script injection and API key theft

7.4CVSS0.00026EPSS

EUVD•added 2026/03/30 6:31 p.m.•3 views

EUVD-2026-17096

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the addcategory.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HT...

EUVD•added 2026/03/30 6:31 p.m.•2 views

EUVD-2026-17099

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the addsupplier.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HT...

NVD•added 2026/03/30 5:16 p.m.•0 views

CVE-2026-26352

Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPNIP parameter. Authenticated attackers can inject arbitrary JavaScript through VPN configuration settings that executes whe...

5.4CVSS0.00039EPSS

Exploits0References2

NVD•added 2026/03/30 4:16 p.m.•3 views

CVE-2026-30556

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via...

6.1CVSS0.00021EPSS

NVD•added 2026/03/30 3:16 p.m.•3 views

CVE-2026-30565

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the viewsupplier.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or...

6.1CVSS0.00066EPSS

RedhatCVE•added 2026/03/30 5:0 a.m.•4 views

CVE-2026-2602

The Twentig plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'featuredImageSizeWidth' parameter in versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS6AI score0.00043EPSS

Exploits0References1

Vulnrichment•added 2026/03/30 12:0 a.m.•2 views

CVE-2026-30559

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the addsales.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML...

Vulnrichment•added 2026/03/30 12:0 a.m.•2 views

CVE-2026-30556

Positive Technologies•added 2026/03/30 12:0 a.m.•4 views

PT-2026-29040

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add customer.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or...

Positive Technologies•added 2026/03/30 12:0 a.m.•1 views

PT-2026-29033

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view customers.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script ...

6.1CVSS6AI score0.00066EPSS

RedhatCVE•added 2026/03/27 2:24 p.m.•7 views

CVE-2021-27678

Cross-site scripting XSS vulnerability in Snippets in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name...

5.4CVSS5.9AI score0.0014EPSS

Vulnrichment•added 2026/03/27 12:0 a.m.•3 views

CVE-2026-30568

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0 in in the viewpurchase.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL...

6AI score0.00019EPSS

CVE•added 2026/03/27 12:0 a.m.•6 views

CVE-2026-30568

CVE-2026-30568 affects SourceCodester Inventory System 1.0. The vulnerability is a Reflected XSS in the file view_purchase.php, exploitable via the limit parameter where user input is not properly sanitized. An attacker can craft a URL to inject arbitrary script/HTML, potentially compromising use...

4.8CVSS6AI score0.00019EPSS

Exploits1References1Affected Software1

Cvelist•added 2026/03/27 12:0 a.m.•22 views

CVE-2026-30567

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the viewproduct.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL...

0.00021EPSS

Vulnrichment•added 2026/03/27 12:0 a.m.•1 views

CVE-2026-30571

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the viewcategory.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL...

Positive Technologies•added 2026/03/27 12:0 a.m.•3 views

PT-2026-28411

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Inventory System 1.0 in the view sales.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL...