CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

87 matches found

EUVD•added 2026/05/19 1:19 p.m.•2 views

EUVD-2025-209894

A Stored HTML Injection vulnerability was discovered in the Credentials Manager functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious identity containing HTML tags. When a victim attempts to delete the affected...

5.9CVSS5.8AI score0.00029EPSS

Exploits0References1

OSV•added 2026/05/06 11:34 p.m.•0 views

GHSA-GPXG-FX2G-QXJ2 Kanidm: Stored HTML injection in "passkey-enrolment" partial via displayname → htmx-driven authenticated request forgery

Summary The kanidmd web UI renders the WebAuthn passkey-registration challenge as raw JSON inside an inline element using the Askama |safe filter. The challenge embeds the account's displayname, which serdejson serialises without escaping . A displayname containing therefore terminates the script...

6.1CVSS5.9AI score

Exploits0References2

NVD•added 2026/05/05 8:16 p.m.•2 views

CVE-2026-35453

PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.3 and earlier, 2.0.0 through 2.1.15, 2.2.0 through 2.4.4, 3.3.0 through 3.10.4, and 4.0.0 through 5.6.0, the HTML Writer skips htmlspecialchars output escaping when a cell uses a custom number format containin...

5.4CVSS0.0001EPSS

Exploits1References1

ATTACKERKB•added 2026/04/13 9:10 a.m.•1 views

CVE-2026-35565

Stored Cross-Site Scripting XSS via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 Description: The Storm UI visualization component interpolates topology metadata including component IDs, stream names, and grouping values directly into HTML via innerHTML in...

5.9AI score0.0001EPSS

Exploits0References2

RedhatCVE•added 2026/04/03 5:8 a.m.•2 views

CVE-2025-66486

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

6.1CVSS5.9AI score0.00011EPSS

Exploits0References1

ATTACKERKB•added 2026/03/30 12:0 a.m.•2 views

CVE-2026-30565

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the viewsupplier.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or...

6.1CVSS6AI score0.00057EPSS

Exploits1References2

RedhatCVE•added 2026/03/27 10:51 p.m.•2 views

CVE-2026-33664

Kestra is an open-source, event-driven orchestration platform Versions up to and including 1.3.3 render user-supplied flow YAML metadata fields — description, inputs.displayName, inputs.description — through the Markdown.vue component instantiated with html: true. The resulting HTML is injected...

7.3CVSS6.1AI score0.00062EPSS

Exploits2References1

Vulnrichment•added 2026/03/19 10:7 p.m.•1 views

CVE-2026-32040 OpenClaw < 2026.2.23 - HTML Injection via Unvalidated Image MIME Type in Data-URL Interpolation

OpenClaw versions prior to 2026.2.23 contain an html injection vulnerability in the HTML session exporter that allows attackers to execute arbitrary javascript by injecting malicious mimeType values in image content blocks. Attackers can craft session entries with specially crafted mimeType...

4.6CVSS5.9AI score0.00031EPSS

Exploits1References3

Cvelist•added 2026/03/17 12:2 p.m.•20 views

CVE-2025-62320 HTML Injection Leading to Data Exfiltration to External Server vulnerability affects HCL Unica Platform

HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external...

4.7CVSS0.0004EPSS

Exploits0References1

CNNVD•added 2026/01/08 12:0 a.m.•3 views

preact 安全漏洞

preact is a Java library from Preact open source. A security vulnerability exists in preact version 10.26.5, which stems from weakened JSON serialization protection and could lead to HTML injection...

9.2CVSS6.4AI score0.00081EPSS

Exploits1References2

Cvelist•added 2025/12/19 12:0 a.m.•17 views

CVE-2025-67845

A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing path traversal sequences...

6.4CVSS0.00104EPSS

Exploits1References5

RedhatCVE•added 2025/11/19 8:18 a.m.•3 views

CVE-2025-11265

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'vkExUnitctaurl' and 'vkExUnitctabuttontext' parameters in all versions up to, and including, 9.112.1. This is due to a logic error in the CTA save function that reads sanitization callbacks...

6.4CVSS5AI score0.00063EPSS

Exploits0References1

EUVD•added 2025/10/27 2:56 p.m.•2 views

EUVD-2025-36194

IBM OpenPages 9.1 and 9.0 is vulnerable to HTML injection. A remotely authenticated attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS6AI score0.0002EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2017-18399

Malware in sbrugna...

6.1CVSS6.6AI score0.0059EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2011-4206

Malware in sbrugna...

4.3CVSS6.4AI score0.00225EPSS

Exploits0References3