CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2 days ago•5 views

CVE-2026-41518

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...

7.6CVSS0.00034EPSS

ATTACKERKB•added 2 days ago•4 views

CVE-2026-41518

7.6CVSS6AI score0.00034EPSS

Exploits0References2Affected Software1

CVE•added 2 days ago•9 views

CVE-2026-41518

Chartbrew (versions 4.9.0–5.0.0) is affected by a stored DOM XSS in the ChartTooltip rendering path. An authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in ChartDatasetConfig.legend, which is persisted and injected into the tooltip via an unguarded innerHTML ...

7.6CVSS6AI score0.00034EPSS

Cvelist•added 2 days ago•24 views

CVE-2026-41518 Chartbrew has a stored DOM XSS via Chart Tooltip innerHTML (ChartDatasetConfig.legend)

7.6CVSS0.00034EPSS

Vulnrichment•added 2 days ago•2 views

CVE-2026-41518 Chartbrew has a stored DOM XSS via Chart Tooltip innerHTML (ChartDatasetConfig.legend)

7.6CVSS5.8AI score0.00034EPSS

Positive Technologies•added 2 days ago•7 views

PT-2026-46317

7.6CVSS6AI score0.00034EPSS

Exploits0References2

NVD•added 2026/05/28 8:16 a.m.•7 views

CVE-2026-7634

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'User-Agent' header in all versions up to, and including, 5.4.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

7.2CVSS0.00161EPSS

Exploits0References14

ATTACKERKB•added 2026/05/28 6:45 a.m.•8 views

CVE-2026-7634

Vulnrichment•added 2026/05/28 6:45 a.m.•5 views

Exploits0References15

CVE-2026-7634 SlimStat Analytics <= 5.4.11 - Unauthenticated Stored Cross-Site Scripting via User-Agent Header

CVE•added 2026/05/28 6:45 a.m.•13 views

Exploits0References14

CVE-2026-7634

Technical details are not publicly available in the provided documents. Monitor for updates.

Positive Technologies•added 2026/05/28 12:0 a.m.•6 views

Exploits0References14

PT-2026-44203

NVD•added 2026/05/27 7:16 a.m.•8 views

Exploits0References15

CVE-2026-8894

6.4CVSS0.00032EPSS

Cvelist•added 2026/05/27 5:31 a.m.•26 views

CVE-2026-8894 iWR Tooltip <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS0.00032EPSS

CVE•added 2026/05/27 5:31 a.m.•9 views

CVE-2026-8894

The CVE-2026-8894 entry describes a Stored Cross-Site Scripting vulnerability in the WordPress plugin iWR Tooltip (versions up to 1.0). The flaw arises from insufficient input sanitization and output escaping in the iwr_tooltip() shortcode handler, where the title attribute is concatenated direct...

EUVD•added 2026/05/27 5:31 a.m.•7 views

EUVD-2026-32082

Vulnrichment•added 2026/05/27 5:31 a.m.•5 views

CVE-2026-8894 iWR Tooltip <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

Positive Technologies•added 2026/05/27 12:0 a.m.•5 views

PT-2026-43528

CNNVD•added 2026/05/27 12:0 a.m.•6 views

Exploits0References5

WordPress plugin iWR Tooltip 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.7AI score0.00032EPSS