CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

43 matches found

EUVD•added 2026/04/07 9:32 p.m.•2 views

EUVD-2026-19889

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows XSS Targeting Non-Script Elements.This issue affects...

6.9CVSS5.9AI score0.00067EPSS

Exploits0References3

NVD•added 2026/04/07 8:16 p.m.•3 views

CVE-2026-39840

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

6.1CVSS0.00033EPSS

Exploits1References2

Cvelist•added 2026/04/07 7:35 p.m.•13 views

CVE-2026-39840 CSS injection in multiple Cargo display formats

5.1CVSS0.00033EPSS

Exploits1References2

ATTACKERKB•added 2026/04/07 7:17 p.m.•4 views

CVE-2026-39838

6.9CVSS5.9AI score0.00067EPSS

Exploits0References3

Vulnrichment•added 2026/04/07 7:17 p.m.•2 views

CVE-2026-39838 ProofreadPage improperly sanitizes multiline styles using Sanitizer::checkCSS

6.9CVSS5.7AI score0.00067EPSS

Exploits0References2

Positive Technologies•added 2026/04/07 12:0 a.m.•3 views

PT-2026-30991

6.9CVSS5.9AI score0.00067EPSS

Exploits0References3

OSV•added 2026/03/18 8:19 p.m.•3 views

GHSA-QVC2-MG72-JJHX JustHTML Affected by Mutation XSS via Literal Text Serialization in Raw Text Elements (style/script)

Summary Sanitized DOM trees can be unsafe to serialize when a custom policy allows raw-text elements such as or . The issue affects DOM trees that are constructed or modified programmatically and then passed through sanitizedom with a policy that keeps these elements. Text nodes inside and are...

5.3CVSS5.8AI score

Exploits0References2

Snyk•added 2026/03/18 8:19 p.m.•4 views

Cross-site Scripting (XSS)

Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the serialization process of raw-text elements such as script and style when a custom sanitization policy retains these elements. An attacker can...

4.7CVSS5.8AI score

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-10858

Malware in sbrugna...

4.8CVSS5.5AI score0.00368EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2019-19226

Malware in sbrugna...

9.8CVSS9.5AI score0.00418EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-1094

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00739EPSS

Exploits1References8

RedHat Linux•added 2025/06/16 5:32 a.m.•3 views

firefox: thunderbird: Script element events leaked cross-origin resource status

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Script elements loading cross-origin resources generate load and error events which can leak information enabling XS-Leaks attacks...

4.3CVSS7.3AI score0.00434EPSS

Exploits0References6

RedHat Linux•added 2025/06/16 5:30 a.m.•4 views

firefox: thunderbird: Script element events leaked cross-origin resource status

4.3CVSS7.3AI score0.00434EPSS

Exploits0References6

RedHat Linux•added 2025/06/16 5:28 a.m.•3 views

firefox: thunderbird: Script element events leaked cross-origin resource status

4.3CVSS7.3AI score0.00434EPSS

Exploits0References6

RedHat Linux•added 2025/06/10 4:52 p.m.•1 views

firefox: thunderbird: Script element events leaked cross-origin resource status