CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

222284 matches found

RedhatCVE•added 2026/03/11 7:8 a.m.•2 views

CVE-2025-11158

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE...

9.1CVSS5.9AI score0.00382EPSS

Exploits0References1

OSV•added 2026/03/11 6:17 a.m.•3 views

CVE-2026-2358

The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wpulikelikersbox shortcode template attribute in all versions up to, and including, 5.0.1. This is due to the use of htmlentitydecode on shortcode attributes without subsequent output sanitization, which...

6.4CVSS6AI score

Exploits0References7

Snyk•added 2026/03/11 4:39 a.m.•2 views

Cross-site Scripting (XSS)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS. Adobe Vulnerability Report:This vulnerability could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields...

8.7CVSS5.5AI score0.00452EPSS

Exploits0References2

NVD•added 2026/03/11 3:15 a.m.•4 views

CVE-2026-21361

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting XSS vvulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript m...

8.1CVSS0.00445EPSS

Exploits0References1

OSV•added 2026/03/11 3:15 a.m.•2 views

CVE-2026-21284

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript ma...

8.1CVSS5.7AI score

Exploits0References1

ATTACKERKB•added 2026/03/11 1:22 a.m.•3 views

CVE-2026-2324

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.7. This is due to missing or incorrect nonce validation on the reloadpreview function. This makes it possible for...

6.1CVSS5.6AI score0.00095EPSS

Exploits0References3

NVD•added 2026/03/11 1:16 a.m.•2 views

CVE-2026-27263

Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority...

0.0003EPSS

Exploits0

NVD•added 2026/03/11 1:16 a.m.•1 views

CVE-2026-27259

Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority...

0.0003EPSS

Exploits0

NVD•added 2026/03/11 1:16 a.m.•4 views

CVE-2026-27248

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS0.00167EPSS

Exploits0References1

OSV•added 2026/03/11 1:16 a.m.•0 views

CVE-2026-27235

5.4CVSS5.7AI score0.00167EPSS

Exploits0References1

OSV•added 2026/03/11 1:16 a.m.•2 views

CVE-2026-27239

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

5.4CVSS5.7AI score0.00167EPSS

Exploits0References1

OSV•added 2026/03/11 1:16 a.m.•3 views

CVE-2026-27231

5.4CVSS5.7AI score0.00205EPSS

Exploits0References1

NVD•added 2026/03/11 1:16 a.m.•5 views

CVE-2026-27231

5.4CVSS0.00205EPSS

Exploits0References1

OSV•added 2026/03/11 1:16 a.m.•2 views

CVE-2026-27224