CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

189 matches found

Malwarebytes•added 2026/04/09 9:40 a.m.•5 views

This fake Windows support website delivers password-stealing malware

A fake Microsoft support website is tricking people into downloading what looks like a normal Windows update. Instead, it installs malware designed to steal passwords, payment details, and account access. Because the file looks legitimate and avoids detection, it can slip past both users and...

5.9AI score

Exploits0

RedhatCVE•added 2026/02/13 1:22 p.m.•4 views

CVE-2026-2276

Reflected Cross-Site Scripting XSS vulnerability in the Wix web application, where the endpoint ' https://manage.wix.com/account/account-settings ', responsible for uploading SVG images, does not properly sanitize the content. An authenticated attacker could upload an SVG file containing embedded...

5.3CVSS5.8AI score0.00023EPSS

Exploits0References1

NVD•added 2026/02/12 11:15 a.m.•3 views

CVE-2026-2276

5.3CVSS0.00023EPSS

Exploits0References1

ATTACKERKB•added 2026/02/12 10:26 a.m.•3 views

CVE-2026-2276

5.3CVSS5.8AI score0.00023EPSS

Exploits0References2

CVE•added 2026/02/12 10:26 a.m.•10 views

CVE-2026-2276

CVE-2026-2276 describes a reflected XSS in Wix’s web app where uploading SVGs to the endpoint https://manage.wix.com/account/account-settings permits embedded JavaScript execution after storage. Authenticated users could upload crafted SVG content; when others view the image, script executes in t...

5.3CVSS5.8AI score0.00023EPSS

Exploits0References1

Cvelist•added 2026/02/12 10:26 a.m.•23 views

CVE-2026-2276 Reflected Cross-Site Scripting in the Wix web application

5.3CVSS0.00023EPSS

Exploits0References1

Vulnrichment•added 2026/02/12 10:26 a.m.•2 views

CVE-2026-2276 Reflected Cross-Site Scripting in the Wix web application

5.3CVSS5.8AI score0.00023EPSS

Exploits0References1

Positive Technologies•added 2026/02/12 12:0 a.m.•2 views

PT-2026-7835

Name of the Vulnerable Software and Affected Versions Wix affected versions not specified Description A Reflected Cross-Site Scripting XSS issue exists in the Wix web application. The vulnerability is located in the SVG image upload functionality at the...

5.3CVSS6.2AI score0.00023EPSS

Exploits0References6

CNNVD•added 2026/02/12 12:0 a.m.•2 views

Wix 跨站脚本漏洞

Wix is a website building platform provided by the Israeli company Wix. Wix has a cross-site scripting vulnerability, which stems from the improper cleanup of content by the endpoint responsible for uploading SVG images. This vulnerability may lead to reflective cross-site scripting attacks...

5.3CVSS5.6AI score0.00023EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:30 a.m.•5 views

CVE-2019-16511

An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment.Compression.Cab.dll and Microsoft.Deployment.Compression.Zip.dll allow directory traversal during CAB or ZIP archive extraction, because the full name of an archive file even with a ../ sequence is...

5.8CVSS7AI score0.04635EPSS

Exploits0References1

Packet Storm•added 2025/12/16 12:0 a.m.•219 views

📄 WIX.com Cross Site Scripting

WIX.com appears to suffer from a cross site scripting vulnerability. The researcher contacted them months ago and they have ignored his report, so we are posting this to encourage them to address it and to let their users know that they could be affected by this vulnerability. Titles: WIX.com /...

6.4AI score

Exploits0