CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 4 hours ago•8 views

CVE-2026-21825 HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center

HCL Digital Experience Compose is affected by a reflected cross-site scripting XSS vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser...

6.1CVSS

EUVD•added 4 hours ago•5 views

EUVD-2026-34788

HCL Digital Experience Compose is affected by a reflected cross-site scripting XSS vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser...

CVE•added 4 hours ago•9 views

CVE-2026-21825

HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim’s browser. The CVE-2026-21825 entry lists a CVSS v3.1 base score of 6.1 (MEDIUM) with network access, low privilege...

ATTACKERKB•added 4 hours ago•1 views

CVE-2026-21825

HCL Digital Experience Compose is affected by a reflected cross-site scripting XSS vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser...

Exploits0References2Affected Software1

Nuclei•added 7 hours ago•9 views

Cisco Secure Firewall Management Center - Authentication Bypass

Cisco Secure Firewall Management Center Software contains an authentication bypass caused by improper system process creation at boot, letting unauthenticated remote attackers execute scripts and gain root access, exploit requires crafted HTTP requests. id: CVE-2026-20079 info: name: Cisco Secure...

10CVSS8.2AI score0.11141EPSS

Exploits2References2

Nuclei•added 7 hours ago•50 views

Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the ping function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through t...

10CVSS7.9AI score0.91303EPSS

Exploits1References3

Positive Technologies•added 10 hours ago•6 views

PT-2026-46904

HCL Digital Experience Compose is affected by a reflected cross-site scripting XSS vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser...

NVD•added yesterday•5 views

CVE-2026-28318

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update...

7.5CVSS

EUVD•added yesterday•4 views

EUVD-2026-34268

ATTACKERKB•added yesterday•3 views

CVE-2026-28318

Vulnrichment•added yesterday•4 views

Exploits0References3

CVE-2026-28318 SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability

The Hacker News•added yesterday•5 views

DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets

The U.S. Department of Justice DoJ on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans. The "Disruption Week" operation began May 18, 2026, leading to the...

5.9AI score

Exploits0

Nuclei•added yesterday•32 views

Extreme Management Center 8.4.1.24 - Cross-Site Scripting

Extreme Management Center 8.4.1.24 contains a cross-site scripting vulnerability via a parameter in a GET request. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.4AI score0.17063EPSS

Exploits0References5

Nuclei•added yesterday•8 views

Fides Privacy Center ≤ 2.39.1 - Server-Side URL Disclosure

Fides versions 2.19.0 to before 2.39.2rc0 contain an information disclosure caused by unauthenticated HTTP GET request to the Privacy Center, letting attackers access the SERVERSIDEFIDESAPIURL, which may reveal server configuration details, exploit requires no authentication. id: CVE-2024-31223...

5.3CVSS5.8AI score0.05947EPSS

Exploits1References3

Positive Technologies•added yesterday•7 views

PT-2026-46239

EUVD•added 2 days ago•5 views

Exploits0References3

EUVD-2026-34129

In the Linux kernel, the following vulnerability has been resolved: nfc: hci: shdlc: Stop timers and work before freeing context llcshdlcdeinit purges SHDLC skb queues and frees the llcshdlc structure while its timers and state machine work may still be active. Timer callbacks can schedule smwork...

5.7AI score0.00024EPSS

Exploits0References7

Tenable Nessus•added 2 days ago•4 views

Atlassian Jira Service Management Data Center and Server 11.3.3 < 11.3.5 (JSDSERVER-16573)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16573 advisory. - File Inclusion vulnerability, allows an unauthenticated attacker to get the application to display t...

8.2CVSS5.9AI score0.00009EPSS

Exploits3References2

NVD•added 3 days ago•7 views

CVE-2026-40619

A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admin credentials. A third party hired by Genetec found the issue. There is currently no evidence of...

7.8CVSS0.00013EPSS

EUVD•added 3 days ago•6 views

EUVD-2026-33946

7.8CVSS5.7AI score0.00013EPSS