CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3295 matches found

EUVD•added 2026/05/22 2:18 p.m.•9 views

EUVD-2026-31443

Concrete CMS version 9.0 to 9.5.0 is vulnerable to Stored XSS via page name in the Atomik theme. A rogue editor can inject arbitrary JavaScript that executes in the context of any authenticated user visiting the affected account pages. This can lead to session hijacking, credential theft, malicio...

4.8CVSS5.9AI score0.00196EPSS

Exploits0References1

Tenable Nessus•added 2026/05/22 12:0 a.m.•10 views

Linux Distros Unpatched Vulnerability : CVE-2026-6073

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allow...

8.7CVSS6AI score0.00188EPSS

Exploits0References2

Positive Technologies•added 2026/05/21 12:0 a.m.•8 views

PT-2026-42586

Summary A cross-site scripting XSS vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including tags—is processed and injected into the resulting page without sanitization, allowing arbitrary JavaScript execution ...

7.2CVSS6AI score

Exploits0References3

Vulnrichment•added 2026/05/20 6:0 p.m.•7 views

CVE-2026-47099 TeleJSON < 6.0.0 DOM-based XSS via parse() Function

TeleJSON prior to 6.0.0 contains a DOM-based cross-site scripting vulnerability in the parse function that allows attackers to execute arbitrary JavaScript by delivering a crafted JSON payload containing a malicious constructor-name property value. The custom reviver passes the constructor name...

6.1CVSS6AI score0.00358EPSS

Exploits0References3

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в firefox, thunderbird

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution within the PDF.js context. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...

8.8CVSS7.5AI score0.72648EPSS

Exploits14References2

CNNVD•added 2026/05/20 12:0 a.m.•7 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of Tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-based cross-site scripting vulnerability in the search.php file. It...

5.1CVSS5.8AI score0.00221EPSS

Exploits0References1

RedhatCVE•added 2026/05/19 1:56 p.m.•9 views

CVE-2026-44721

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a stored cross-site scripting XSS vulnerability that allows any authenticated user with model creation permission workspace.models to execute arbitrary JavaScript in the browser of a...

7.3CVSS7.4AI score0.00308EPSS

Exploits1References1

Snyk•added 2026/05/18 9:45 a.m.•9 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the error page composition process. An attacker can execute arbitrary JavaScript code in the context of affected users by injecting malicious content into unescaped variables when editing certain site...

5.1CVSS5.8AI score0.00142EPSS

Exploits0References2

Snyk•added 2026/05/15 7:30 p.m.•12 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Display template option of the Set field type, where user-supplied input is processed by the $interpolate function and rendered via Vue's v-html directive without proper sanitization. An attacker can...

5.4CVSS5.8AI score0.00138EPSS

Exploits0References2

RedhatCVE•added 2026/05/15 7:57 a.m.•8 views

CVE-2026-6073

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to execute arbitrary JavaScript in other users' browsers due to improper input sanitization...

8.7CVSS6.1AI score0.00188EPSS

Exploits0References1

ATTACKERKB•added 2026/05/14 1:24 p.m.•8 views

CVE-2026-1630

WEBCON BPS is vulnerable to Reflected XSS via one of parameters used by "/openinmobileapp" endpoint. An attacker can send a specially crafted URL that, when opened by an authenticated user, results in arbitrary JavaScript execution in the victim's browser. This issue was fixed in versions...

5.1CVSS6AI score0.0043EPSS

Exploits0References4Affected Software1

NVD•added 2026/05/14 6:16 a.m.•9 views

CVE-2026-7481

GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to execute arbitrary JavaScript in other users' browsers due to improper input...

8.7CVSS0.00256EPSS

Exploits0References3

UbuntuCve•added 2026/05/14 6:16 a.m.•3 views

CVE-2026-6073

8.7CVSS6.1AI score0.00188EPSS

Exploits0References4

OSV•added 2026/05/14 6:16 a.m.•3 views

UBUNTU-CVE-2026-7377

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers d...

8.7CVSS6.1AI score0.00256EPSS

Exploits0References5

UbuntuCve•added 2026/05/14 6:16 a.m.•5 views

CVE-2026-7377

8.7CVSS6AI score0.00256EPSS

Exploits0References4

OSV•added 2026/05/14 6:16 a.m.•2 views

UBUNTU-CVE-2026-7481

8.7CVSS6.1AI score0.00256EPSS

Exploits0References5

EUVD•added 2026/05/14 5:33 a.m.•5 views

EUVD-2026-30238