CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1123494 matches found

CVE-2026-40545 Reflected XSS in SOPlanning

SOPlanning is vulnerable to Reflected XSS via the taches parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue affects SOPlanning version 1.55 and below...

5.1CVSS6AI score0.00101EPSS

Exploits0References2

EUVD•added last week•11 views

EUVD-2026-33610

SOPlanning is vulnerable to Stored Cross-Site Scripting XSS via /process/uploadbackup endpoint. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a malicious user.csv file with embedded JavaScript. The injected code is executed in the...

8.8CVSS5.9AI score0.00088EPSS

Exploits0References2

Vulnrichment•added last week•8 views

CVE-2026-40544 Stored XSS in SOPlanning

5.1CVSS5.9AI score0.00052EPSS

Exploits0References2

Cvelist•added last week•36 views

CVE-2026-40544 Stored XSS in SOPlanning

5.1CVSS0.00052EPSS

Exploits0References2

CVE•added last week•15 views

CVE-2026-40544

SOPlanning is affected by a Stored XSS in the backup feature. An authenticated attacker with backup access can upload a crafted ZIP containing a malicious user.csv; the injected script executes in victims’ browsers when they click Edit on the malicious backup. Affected: SOPlanning v1.55 and earli...

5.1CVSS5.9AI score0.00052EPSS

Exploits0References2

Patchstack•added last week•9 views

WordPress HT Contact Form plugin <= 2.8.2 - Unauthenticated Stored Cross-Site Scripting via File Upload Field vulnerability

Unauthenticated Stored Cross-Site Scripting via File Upload Field vulnerability discovered by Azril Fathoni kiseki - Heroes Cyber Security in WordPress Plugin HT Contact Form 7 versions = 2.8.2...

7.2CVSS5.8AI score0.00211EPSS

Exploits0References1Affected Software1

EUVD•added last week•10 views

EUVD-2026-33604

A Stored Cross-site Scripting XSS vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2026x could allow an attacker to execute arbitrary script code in user's browser session...

8.7CVSS6.1AI score0.00033EPSS

Exploits0References1

Cvelist•added last week•35 views

CVE-2026-9024 Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2026x

8.7CVSS0.00033EPSS

Exploits0References1

ATTACKERKB•added last week•7 views

CVE-2026-9024

8.7CVSS6.1AI score0.00033EPSS

Exploits0References2

NVD•added last week•11 views

CVE-2026-10234

A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be...

5.1CVSS0.00035EPSS

Exploits0References7

NVD•added last week•10 views

CVE-2026-10228

A vulnerability was found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The impacted element is an unknown function of the file admissionformcheck.php. The manipulation of the argument Message results in cross site scripting. The attack can be...

5.1CVSS0.00035EPSS

Exploits0References6

IBM Security Bulletins•added last week•6 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.3.2.tgz which is vulnerable to CVE-2026-41238, CVE-2026-41239, CVE-2026-41240

Summary IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.3.2.tgz which is vulnerable to CVE-2026-41238, CVE-2026-41239, CVE-2026-41240 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-41238...

6.9CVSS5.8AI score0.00059EPSS

Exploits1Affected Software1

Cvelist•added last week•34 views

CVE-2026-8474 Possible to run a Cross Site Scripting request on the login API available on Stormshield SNS appliances.

A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41, 4.8.0 to 4.8.15, 5.0.0 to 5.0.5 It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim's machine. The risks include the theft of...

5.3CVSS0.0004EPSS

Exploits0References1

ATTACKERKB•added last week•6 views

CVE-2026-8474

5.3CVSS5.9AI score0.0004EPSS

Exploits0References2Affected Software1

CVE•added last week•14 views

CVE-2026-8474

Stormshield Network Security (Stormshield SNS) is affected by CVE-2026-8474. The issue affects SNS appliances running: 4.3.0–4.3.41, 4.8.0–4.8.15, and 5.0.0–5.0.5. It enables a reflected cross-site scripting (XSS) attack targeting the login API, achievable by executing a script on the victim’s br...

5.3CVSS5.9AI score0.0004EPSS

Exploits0References1

Vulnrichment•added last week•6 views

CVE-2026-8474 Possible to run a Cross Site Scripting request on the login API available on Stormshield SNS appliances.

5.3CVSS5.9AI score0.0004EPSS

Exploits0References1

EUVD•added 2026/06/01 7:23 a.m.•9 views

EUVD-2026-33578

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies every JMS message property into an HTTP response header without any validation. This can allow...

6.1CVSS5.8AI score0.00236EPSS

Exploits0References1

ATTACKERKB•added 2026/06/01 7:23 a.m.•7 views

CVE-2026-42253

5.8AI score0.00236EPSS

Exploits0References2Affected Software2

Vulnrichment•added 2026/06/01 7:23 a.m.•6 views

CVE-2026-42253 Apache ActiveMQ, Apache ActiveMQ Web: HTTP Response Header Injection via JMS Message Properties

5.8AI score0.00236EPSS

Exploits0References1