CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1492 matches found

Cvelist•added 2026/01/20 3:23 p.m.•14 views

CVE-2025-36397 Security vulnerabilities have been found in IBM Application Gateway

IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS0.00162EPSS

Exploits0References1

CNNVD•added 2026/01/20 12:0 a.m.•3 views

IBM Application Gateway security vulnerabilities

IBM Application Gateway is an application gateway offered by the American multinational company International Business Machines IBM. It provides a containerized secure web reverse proxy that is designed to be placed before your applications, seamlessly adding authentication and authorization...

5.4CVSS5.9AI score0.00162EPSS

Exploits0References1

RedhatCVE•added 2026/01/17 2:6 p.m.•5 views

CVE-2026-0695

In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected...

8.7CVSS7.1AI score0.00251EPSS

Exploits0References1

OSV•added 2026/01/15 9:16 p.m.•2 views

CVE-2025-70890

A stored cross-site scripting XSS vulnerability exists in Cyber Cafe Management System v1.0. An authenticated attacker can inject arbitrary JavaScript code into the username parameter via the add-users.php endpoint. The injected payload is stored and executed in the victim s browser when the...

6.1CVSS5.8AI score0.00216EPSS

Exploits2References2

EUVD•added 2026/01/14 6:27 p.m.•4 views

EUVD-2026-2437

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the Editing component. The images parameter submitted as images in a POST request is reflected into an HTML href attribute without proper context-aware output encoding in...

4.8CVSS5.1AI score0.00194EPSS

Exploits1References4

RedhatCVE•added 2026/01/13 10:53 p.m.•3 views

CVE-2025-41003

Imaster's Patient Record Management System contains a stored Cross-Site Scripting XSS vulnerability in the endpoint ‘/projects/hospital/admin/editpatient.php’. By injecting a malicious script into the ‘firstname’ parameter, the JavaScript code is stored and executed every time a user accesses the...

5.1CVSS6.2AI score0.00251EPSS

Exploits0References1

RedhatCVE•added 2026/01/01 10:28 p.m.•3 views

CVE-2025-67708

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

6.1CVSS6.7AI score0.00197EPSS

Exploits0References1

EUVD•added 2026/01/01 12:31 a.m.•3 views

EUVD-2025-206096

6.1CVSS6.2AI score0.00197EPSS

Exploits0References2

EUVD•added 2026/01/01 12:31 a.m.•2 views

EUVD-2025-206099

6.1CVSS6.2AI score0.00197EPSS

Exploits0References2

NVD•added 2025/12/31 11:15 p.m.•5 views

CVE-2025-67704

6.1CVSS0.00197EPSS

Exploits0References1

NVD•added 2025/12/31 11:15 p.m.•1 views

CVE-2025-67703

6.1CVSS0.00193EPSS

Exploits0References1

Cvelist•added 2025/12/31 10:15 p.m.•22 views

CVE-2025-67705 Reflected XSS vulnerability in ArcGIS Server.

6.1CVSS0.00193EPSS

Exploits0References1

OSV•added 2025/12/26 3:15 p.m.•2 views

CVE-2025-36230

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS5.8AI score

Exploits0References1

Cvelist•added 2025/12/26 2:22 p.m.•22 views

CVE-2025-36230 XSS in IBM Aspera Faspex

5.4CVSS0.00166EPSS

Exploits0References1

EUVD•added 2025/12/26 2:22 p.m.•1 views

EUVD-2025-205439

5.4CVSS6.1AI score0.00166EPSS

Exploits0References2

OSV•added 2025/12/18 2:15 p.m.•3 views

CVE-2025-40892

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a...

8.9CVSS5.8AI score0.0021EPSS

Exploits0References1

Cvelist•added 2025/12/18 1:16 p.m.•24 views

CVE-2025-40892 Stored Cross-Site Scripting (XSS) in Reports in Guardian/CMC before 25.5.0

8.9CVSS0.0021EPSS

Exploits0References1

Positive Technologies•added 2025/12/18 12:0 a.m.•3 views

PT-2025-52220

8.9CVSS5.2AI score0.0021EPSS

Exploits0References1

Positive Technologies•added 2025/12/18 12:0 a.m.•3 views

PT-2025-52328

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A stored cross-site scripting issue exists in Kentico Xperience. This allows attackers to inject malicious scripts through the configuration of form validation rules. Successful...

5.4CVSS5.8AI score0.00138EPSS

Exploits0References4

NOZOMI•added 2025/12/18 12:0 a.m.•3 views

Stored Cross-Site Scripting (XSS) in Reports in Guardian/CMC before 25.5.0

Summary A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. Impact An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineer...

8.9CVSS5.2AI score0.0021EPSS

Exploits0Affected Software2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by