CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/27 6:30 p.m.•9 views

CVE-2026-42197

CVE-2026-42197 affects RELATE, a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 are vulnerable to a stored XSS via an unprivileged user profile. The vulnerability arises in the get_user() method of ParticipationAdmin, which renders user-controlled ...

8.7CVSS5.9AI score0.00031EPSS

ATTACKERKB•added 2026/05/27 4:39 p.m.•4 views

CVE-2026-44460

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 3.12.0, /api/totpsetup.php is callable from a session that has only passed the password check state pendingloginuser. When the target account already has TOTP configured, the endpoint...

7.4CVSS5.8AI score0.00039EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2026/05/12 7:50 p.m.•2 views

CVE-2026-34686

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may ...

8.7CVSS5.8AI score0.00013EPSS

OSV•added 2026/05/11 5:42 a.m.•1 views

BIT-JUPYTERLAB-2026-40171 Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker

In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...

OSV•added 2026/05/11 5:41 a.m.•3 views

BIT-JUPYTER-NOTEBOOK-2026-40171 Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker

Positive Technologies•added 2026/05/11 12:0 a.m.•6 views

PT-2026-39861

Name of the Vulnerable Software and Affected Versions Vaultwarden versions prior to 1.35.5 Description Refresh tokens are not invalidated when a user's security stamp is rotated during security-sensitive operations, such as password changes, KDF changes, key rotation, email changes, organization...

6.8CVSS5.8AI score0.00035EPSS

Exploits1References3

CNNVD•added 2026/05/11 12:0 a.m.•4 views

WeGIA 跨站脚本漏洞

WeGIA is a network manager for a welfare institution developed by Nilson Lazarin. Versions of WeGIA prior to 3.7.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored-cross-site scripting, which could allow authenticated users to inject malicious JavaScript into...

6.8CVSS5.7AI score0.00039EPSS

Snyk•added 2026/05/10 2:20 p.m.•2 views

User Impersonation

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to User Impersonation via the OCSESSID cookie. An attacker can gain unauthorized access to user accounts by injecting arbitrary values into the session cookie, allowing session takeover...

9.8CVSS5.9AI score0.00068EPSS

Positive Technologies•added 2026/05/10 12:0 a.m.•7 views

PT-2026-39499

OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers can set malicious OCSESSID cookie values that the server accepts and maintains, enabling session takeover and unauthorized...

9.8CVSS5.9AI score0.00068EPSS

Exploits0References4

EUVD•added 2026/05/08 10:51 p.m.•8 views

EUVD-2026-28861

Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting XSS vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary JavaScript in a crafted EPUB file. When a victim opens the book, the script executes in their browser wi...

6.3CVSS5.7AI score0.00008EPSS

SUSE CVE•added 2026/05/08 2:22 a.m.•3 views

SUSE CVE-2026-40171

Tenable Nessus•added 2026/05/08 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-40171

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and...

8.4CVSS6.1AI score0.00054EPSS

OSV•added 2026/05/06 8:16 p.m.•1 views

DEBIAN-CVE-2026-40171

NVD•added 2026/05/06 8:16 p.m.•1 views

CVE-2026-40171

8.4CVSS0.00054EPSS

Vulnrichment•added 2026/05/06 7:36 p.m.•3 views

CVE-2026-40171 Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker

AlpineLinux•added 2026/05/06 7:36 p.m.•3 views

CVE-2026-40171

CVE•added 2026/05/06 7:36 p.m.•6 views

Exploits0

CVE-2026-40171

CVE-2026-40171 affects Jupyter components prior to fixes: Notebook 7.0.0–7.5.5, JupyterLab up to 4.5.6, and related help extensions (@jupyter-notebook/help-extension, @jupyterlab/help-extension). The root cause is a stored XSS in the CommandLinker used by the Help Extension, which can be chained ...

ATTACKERKB•added 2026/05/06 7:36 p.m.•1 views

CVE-2026-40171

Exploits0References2Affected Software3

CNNVD•added 2026/05/06 12:0 a.m.•5 views

Jupyter多款产品跨站脚本漏洞

Jupyter Notebook is an open-source web application developed by Project Jupyter, designed for creating and sharing code along with explanatory text documents. JupyterLab is another open-source project developed by JupyterLab, offering an extensible environment for interactive and reproducible...

8.4CVSS5.8AI score0.00054EPSS