CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

120 matches found

Vulnrichment•added 2026/06/03 12:0 a.m.•5 views

CVE-2026-37700

Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...

5.8AI score0.0004EPSS

Exploits0References2

EUVD•added 2026/03/25 7:52 p.m.•2 views

EUVD-2026-14494

AVideo vulnerable to Stored XSS via htmlentitydecode Reversing xssesc Sanitization in Channel About Field...

5.4CVSS5.8AI score0.00041EPSS

Exploits1References3

ATTACKERKB•added 2026/03/23 6:41 p.m.•1 views

CVE-2026-33683

WWBN AVideo is an open source video platform. In versions up to and including 26.0, a sanitization order-of-operations flaw in the user profile "about" field allows any registered user to inject arbitrary JavaScript that executes when other users visit their channel page. The xssesc function...

5.4CVSS5.9AI score0.00041EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2026/02/17 11:58 a.m.•5 views

CVE-2025-8303 XSS in EKA Software's Real Estate Script V5 (With Doping Module – Store Module – New Language System)

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in EKA Software Computer Information Advertising Services Ltd. Real Estate Script V5 With Doping Module – Store Module – New Language System allows Cross-Site Scripting XSS. This issue affects...

6.5CVSS5.4AI score0.00021EPSS

Exploits0References2

Positive Technologies•added 2026/02/09 12:0 a.m.•2 views

PT-2026-7105

In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible...

8.2CVSS5.4AI score0.00004EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 12:0 p.m.•7 views

CVE-2018-19525

An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1TRUNK-20180914.bin devices. There is CSRF via /ui/?g=objkeywordsadd and /ui/?g=objkeywordsaddsave with resultant XSS because of a lack of csrf token validation...

6.1CVSS6.1AI score0.0042EPSS

Exploits3References1

RedhatCVE•added 2026/01/09 11:10 a.m.•6 views

CVE-2016-10873

The wp-database-backup plugin before 4.3.3 for WordPress has XSS...

6.1CVSS7.1AI score0.0019EPSS

Exploits0References1

Positive Technologies•added 2025/12/09 12:0 a.m.•2 views

PT-2025-49822

An XSS vulnerability in pxc PortCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...

7.1CVSS6.3AI score0.00125EPSS

Exploits0References1

Vulnrichment•added 2025/11/17 12:0 a.m.•2 views

CVE-2024-46336

kashipara School Management System 1.0 is vulnerable to Cross Site Scripting XSS via /clientuser/feedback.php...

5.8AI score0.00033EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-3437

Malware in sbrugna...

5.4CVSS5.4AI score0.00428EPSS

Exploits5References4