CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

Vulnrichment•added 2026/04/14 9:39 p.m.•3 views

CVE-2026-33193 Docmost vulnerable to stored XSS via MIME type spoofing

Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting XSS attack due to improper handling of MIME type spoofing GHSL-2026-052. An attacker could exploit this flaw to inject malicious scripts, potentially...

4.6CVSS5.7AI score0.00187EPSS

Exploits0References1

RedhatCVE•added 2026/01/20 7:20 p.m.•2 views

CVE-2026-23840

Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is ?categoryDeleted=. Version 0.70.0 fixes the issue...

9.3CVSS5.1AI score0.00247EPSS

Exploits1References1

ATTACKERKB•added 2026/01/19 6:35 p.m.•2 views

CVE-2026-23841

9.3CVSS5AI score0.00222EPSS

Exploits1References3Affected Software1

CVE•added 2026/01/19 6:35 p.m.•10 views

CVE-2026-23841

CVE-2026-23841 — Movary, a web app for tracking movie history, is vulnerable to cross-site scripting due to insufficient input validation in the vulnerable parameter ?categoryCreated=. Affected: Movary versions prior to 0.70.0. Impact: ability to trigger XSS payloads (high risk per citations). Fi...

9.3CVSS5AI score0.00222EPSS

Exploits1References2Affected Software1

OSV•added 2026/01/19 6:35 p.m.•5 views

CVE-2026-23841 Movary vulnerable to Cross-site Scripting with `?categoryCreated=` param

9.3CVSS5.1AI score0.00222EPSS

Exploits1References4

ATTACKERKB•added 2026/01/19 6:32 p.m.•2 views

CVE-2026-23840

9.3CVSS5AI score0.00247EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/01/19 6:32 p.m.•14 views

CVE-2026-23840 Movary vulnerable to Cross-site Scripting with `?categoryDeleted=` param

9.3CVSS0.00247EPSS

Exploits1References3

OSV•added 2026/01/19 6:32 p.m.•3 views

CVE-2026-23840 Movary vulnerable to Cross-site Scripting with `?categoryDeleted=` param

9.3CVSS5.1AI score0.00247EPSS

Exploits1References5

CVE•added 2026/01/19 6:27 p.m.•14 views

CVE-2026-23839

CVE-2026-23839 affects Movary, a web application to track and rate movie watch history. The issue arises from insufficient input validation that enables cross-site scripting via the vulnerable parameter ?categoryUpdated= in versions prior to 0.70.0. Version 0.70.0 fixes the issue. References from...

9.3CVSS5AI score0.00265EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/01/19 6:27 p.m.•17 views

CVE-2026-23839 Movary vulnerable to Cross-site Scripting with `?categoryUpdated=` param

9.3CVSS0.00265EPSS

Exploits1References3

CNNVD•added 2026/01/19 12:0 a.m.•4 views

Movary cross-site scripting vulnerabilities

Movary is a film review program developed by Lee Peuker personally. Versions of Movary prior to 0.70.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient input validation for the categoryCreated parameter, which could lead to cross-site scripting attacks...

9.3CVSS5.6AI score0.00222EPSS

Exploits1References3

CNNVD•added 2026/01/19 12:0 a.m.•5 views

Movary cross-site scripting vulnerabilities

Movary is a film review program developed by Lee Peuker personally. Versions of Movary prior to 0.70.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient input validation for the categoryUpdated parameter, which could lead to cross-site scripting attacks...

9.3CVSS5.6AI score0.00265EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by