CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

195 matches found

NVD•added 2026/05/12 6:17 p.m.•13 views

CVE-2026-41611

Improper neutralization of script-related html tags in a web page basic xss in Visual Studio Code allows an unauthorized attacker to execute code locally...

7.8CVSS0.00421EPSS

Exploits0References1

Positive Technologies•added 2026/05/07 12:0 a.m.•11 views

PT-2026-38425

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2...

8.8CVSS5.8AI score0.00327EPSS

Exploits0References2

Positive Technologies•added 2026/04/20 12:0 a.m.•4 views

PT-2026-33701

SD-330AC and AMC Manager provided by silex technology, Inc. contain a reflected cross-site scripting vulnerability. When a user logs in to the affected device and access some crafted web page, arbitrary script may be executed on the user's browser...

6.1CVSS5.7AI score0.00161EPSS

Exploits0References4

NVD•added 2026/04/08 9:16 a.m.•4 views

CVE-2026-39626

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes Armania armania allows Code Injection.This issue affects Armania: from n/a through = 1.4.8...

5.3CVSS0.00198EPSS

Exploits0References1

Positive Technologies•added 2026/04/08 12:0 a.m.•10 views

PT-2026-31274

Name of the Vulnerable Software and Affected Versions tagDiv Composer versions through 5.4.3 Description An Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS issue exists in tagDiv Composer td-composer, allowing Code Injection. This allows for potential code execution...

5.3CVSS6.2AI score0.00166EPSS

Exploits0References4

ATTACKERKB•added 2026/04/02 2:46 p.m.•1 views

CVE-2026-34822

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the newcertname parameter to /manage/ca/certificate/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00092EPSS

Exploits0References3Affected Software1

CNVD•added 2026/03/19 12:0 a.m.•3 views

Belkin F9K1122 Stack Buffer Overflow Vulnerability (CNVD-2026-14686)

The Belkin F9K1122 is a WiFi signal extender. The Belkin F9K1122 suffers from a stack buffer overflow vulnerability, which originates from a misbehavior of the webpage parameter of the function formReboot in the file /goform/formReboot, that can be exploited by an attacker to execute arbitrary co...

9CVSS7.7AI score0.00455EPSS

Exploits0References1

ATTACKERKB•added 2026/02/19 8:26 a.m.•2 views

CVE-2026-25006

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through = 9.6.4...

5.5AI score0.00236EPSS

Exploits0References2

OSV•added 2026/02/09 4:15 a.m.•3 views

CVE-2025-66604

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The library version could be displayed on the web page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN,...

5.3CVSS5.7AI score

Exploits0References1

Vulnrichment•added 2026/02/09 3:14 a.m.•4 views

CVE-2025-66604

2.1CVSS5.3AI score0.00118EPSS

Exploits0References1

NVD•added 2026/01/22 5:16 p.m.•9 views

CVE-2026-22469

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in mwtemplates DeepDigital deepdigital allows Code Injection.This issue affects DeepDigital: from n/a through = 1.0.2...

5.3CVSS0.00291EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:58 a.m.•6 views

CVE-2020-7546

A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software see security notification for version information that could allow an attacker to perform actions on behalf of the authorized user when...

5.4CVSS7AI score0.00617EPSS

Exploits0References1

Cvelist•added 2025/11/27 11:47 a.m.•10 views

CVE-2025-54057 Apache SkyWalking: Stored XSS vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache SkyWalking. This issue affects Apache SkyWalking: = 10.2.0. Users are recommended to upgrade to version 10.3.0, which fixes the issue...

0.00625EPSS

Exploits0References1

Tenable Nessus•added 2025/11/14 12:0 a.m.•5 views

Siemens RUGGEDCOM ROS Devices Improper Neutralization of Input During Web Page Generation (CVE-2021-37208)

Improper neutralization of special characters on the web server configuration page could allow an attacker, in a privileged position, to retrieve sensitive information via cross-site scripting. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for mo...

9.6CVSS8.1AI score0.00514EPSS

Exploits0References4

CVE•added 2025/10/31 2:12 p.m.•12 views

CVE-2025-64387

CVE-2025-64387 is a documented clickjacking vulnerability described across multiple feeds (NVD/Red Hat/CIRCL etc.). The core issue is UI deception via embedding the vulnerable page in an attacker‑controlled page, potentially prompting users to click or enter credentials. NVD notes a CVSS v4.0 bas...

5.1CVSS6.5AI score0.00352EPSS

Exploits0References3

EUVD•added 2025/10/27 3:30 a.m.•6 views

EUVD-2025-36041

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Code Injection.This issue affects WP Recipe Maker: from n/a through = 10.1.1...

5.3CVSS6AI score0.00274EPSS

Exploits0References2