CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added 7 hours ago•9 views

AffiliateImporterEb <= 1.0.6 - Reflected XSS

AffiliateImporterEb WordPress plugin through 1.0.6 contains a reflected XSS caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request. id: CVE-2024-12732 info: name: AffiliateImporterEb =...

6.1CVSS5.8AI score0.00521EPSS

Exploits1References1

NVD•added yesterday•5 views

CVE-2026-52725

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/core package allows bypassing script-execution restrictions during dynamic component...

5.3CVSS0.00101EPSS

Nuclei•added yesterday•36 views

osTicket < 1.10.2 - Cross-Site Scripting

Cross-site scripting XSS vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter. id: CVE-2018-7196 info: name: osTicket 1.10.2 - Cross-Site Scripting author: ritikchaddha severity: medium...

6.1CVSS6.5AI score0.02482EPSS

Exploits1References2

Nuclei•added yesterday•25 views

WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site Scripting

A cross-site scripting vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter. id: CVE-2013-4117 info: name: WordPress Plugin Category Grid View Gallery 2.3.1 -...

4.3CVSS5.9AI score0.12974EPSS

Exploits0References5

NVD•added 3 days ago•8 views

CVE-2026-56347

AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering due to missing output encoding of icon classes, URLs, and text labels. Attackers can inject malicious JavaScript through unescaped menu item fields that execute for all site...

6.1CVSS

NVD•added 5 days ago•9 views

CVE-2026-22674

Hashgraph Guardian through 3.5.0, fixed in commit ba8c566, contains a stored cross-site scripting vulnerability that allows authenticated users with the STANDARDREGISTRY role to inject malicious scripts by submitting a crafted companyName value via the branding configuration API endpoint. Attacke...

4.8CVSS

EUVD•added 5 days ago•7 views

EUVD-2026-37882

UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low privileged attackers to inject arbitrary JavaScript that executes in a victim's browser upon viewing. Because vendor contact attempts were...

5.1CVSS5.3AI score0.00293EPSS

SUSE CVE•added 5 days ago•5 views

SUSE CVE-2026-12459

Inappropriate implementation in Serial in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

6.1CVSS5.5AI score0.00176EPSS

CVE•added 6 days ago•17 views

CVE-2026-48768

TypeBot (versions ≤ 3.16.1) exposes an unauthenticated generate-upload-url API (/api/blocks/file-input/v3/generate-upload-url) that uses unsanitized fileName to derive public S3 keys and issues presigned PUT URLs that do not bind Content-Type. This allows anonymous users of a published bot with a...

9.3CVSS5.4AI score0.00268EPSS

EUVD•added 6 days ago•7 views

EUVD-2026-37544

6.1CVSS5.5AI score0.00176EPSS

NVD•added 6 days ago•6 views

CVE-2026-35065

Dell PowerFlex Manager, versions Versions, contains a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Code execution, Denial of service, Information disclosure, Informatio...

8.8CVSS0.00334EPSS

Cvelist•added 6 days ago•16 views

CVE-2026-35069

Dell PowerFlex Manager, versions Versions, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection...

5.7CVSS0.0019EPSS

EUVD•added 6 days ago•6 views

EUVD-2026-37743

5.7CVSS5.7AI score0.0019EPSS

CVE•added 6 days ago•10 views

CVE-2026-35069

Dell PowerFlex Manager is affected by an SQL Injection due to improper neutralization of special elements. The issue affects Dell PowerFlex Manager versions unspecified in the document; an attacker with adjacent network access and low privileges could potentially trigger script injection. Documen...

8CVSS5.7AI score0.0019EPSS

Exploits0References1Affected Software1

Cvelist•added 6 days ago•29 views

CVE-2026-35065

8.8CVSS0.00334EPSS

NVD•added 6 days ago•5 views

CVE-2026-12463

Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

4.7CVSS0.00161EPSS