CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/03/16 12:0 a.m.•8 views

CVE-2025-57543

CVE-2025-57543 describes a Cross Site Scripting (XSS) vulnerability in NetBox 4.3.5, affecting the Web UI via the "comment" field on object forms. An attacker can inject arbitrary HTML, which is rendered in the UI for other users, potentially enabling UI redress attacks or context‑specific XSS. T...

6.1CVSS5.8AI score0.00175EPSS

Exploits1References1Affected Software1

Cvelist•added 2026/03/16 12:0 a.m.•24 views

CVE-2025-57543

Cross Site scripting vulnerability XSS in NetBox 4.3.5 "comment" field on object forms. An attacker can inject arbitrary HTML, which will be rendered in the web UI when viewed by other users. This could potentially lead to user interface redress attacks or be escalated to XSS in certain contexts...

0.00175EPSS

Positive Technologies•added 2026/03/16 12:0 a.m.•2 views

PT-2026-25761

5.8AI score0.00175EPSS

Exploits1References2

Vulnrichment•added 2026/03/16 12:0 a.m.•3 views

CVE-2025-57543

5.8AI score0.00175EPSS

CNNVD•added 2026/03/16 12:0 a.m.•3 views

NetBox 安全漏洞

NetBox is a tool developed by the NetBox community, based on Django and PostgreSQL, for IP address management IPAM and data center infrastructure management DCIM. Version 4.3.5 of NetBox contains a security vulnerability. This vulnerability stems from the comment field in object forms having...

6.1CVSS5.8AI score0.00175EPSS

CNNVD•added 2026/03/16 12:0 a.m.•4 views

Mattermost Plugins 安全漏洞

Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and network/desktop applications. Versions 11.3, 11.0.3, 11.2.2, and 10.10.11.0 of Mattermost Plugins contain security vulnerabilities. These...

4.3CVSS6.4AI score0.00162EPSS

Positive Technologies•added 2026/03/16 12:0 a.m.•0 views

PT-2026-25685

Mattermost Plugins versions =11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559...

4.3CVSS5.8AI score0.00162EPSS

Exploits1References8

Vulnrichment•added 2026/03/14 9:44 p.m.•2 views

CVE-2026-32774 Vulnogram - Stored Cross-Site Scripting via Comment Hypertext

Vulnogram 1.0.0 contains a stored cross-site scripting vulnerability in comment hypertext handling that allows attackers to inject malicious scripts. Remote attackers can inject XSS payloads through comments to execute arbitrary JavaScript in victims' browsers...

6.4CVSS5.9AI score0.00277EPSS

Cvelist•added 2026/03/14 9:44 p.m.•23 views

CVE-2026-32774 Vulnogram - Stored Cross-Site Scripting via Comment Hypertext

6.4CVSS0.00277EPSS

CVE•added 2026/03/14 9:44 p.m.•13 views

CVE-2026-32774

CVE-2026-32774 affects Vulnogram 1.0.0 and describes a stored XSS vulnerability in comment hypertext handling. Remote attackers can inject XSS payloads through comments to execute arbitrary JavaScript in victims’ browsers. The root cause is stored cross-site scripting in HTML comments; exploitati...

6.4CVSS5.9AI score0.00277EPSS

Exploits0References4Affected Software1

EUVD•added 2026/03/13 9:31 p.m.•3 views

EUVD-2026-11749

wpDiscuz before 7.6.47 contains an email header injection vulnerability that allows attackers to manipulate mail recipients by injecting malicious data into the commentauthoremail cookie. Attackers can craft a malicious cookie value that, when processed through urldecode and passed to wpmail...

6.3CVSS5.8AI score0.00221EPSS

EUVD•added 2026/03/13 9:31 p.m.•3 views

EUVD-2026-11740

wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability in the inline comment preview functionality that allows authenticated users to inject malicious scripts by submitting comments with unescaped content. Attackers with unfilteredhtml capabilities can inject JavaScript...

6.1CVSS5.7AI score0.00169EPSS

EUVD•added 2026/03/13 9:31 p.m.•4 views

EUVD-2026-11742

wpDiscuz before 7.6.47 contains a shortcode injection vulnerability that allows attackers to execute arbitrary shortcodes by including them in comment content sent via email notifications. Attackers can inject shortcodes like contact-form-7 or usermeta in comments, which are executed server-side...

6.9CVSS6AI score0.00362EPSS

NVD•added 2026/03/13 7:54 p.m.•2 views

CVE-2026-22202

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that allows attackers to delete all comments associated with an email address by crafting a malicious GET request with a valid HMAC key. Attackers can embed the deletecomments action URL in image tags or other resources to...

8.1CVSS0.00166EPSS

NVD•added 2026/03/13 7:54 p.m.•2 views

CVE-2026-22204

6.3CVSS0.00221EPSS

NVD•added 2026/03/13 7:54 p.m.•3 views

CVE-2026-22191

Beghelli Sicuro24 SicuroWeb contains a template injection vulnerability that allows attackers to inject arbitrary AngularJS expressions by exploiting improper rendering of untrusted input in AngularJS template contexts. Attackers can inject malicious expressions that are compiled and executed by...

5.2CVSS0.00362EPSS

Exploits0References5

NVD•added 2026/03/13 7:54 p.m.•4 views

CVE-2026-22183

6.1CVSS0.00169EPSS

ATTACKERKB•added 2026/03/13 5:19 p.m.•1 views

CVE-2026-29079

Lexbor is a web browser engine library. Prior to 2.7.0, a type‑confusion vulnerability exists in Lexbor’s HTML fragment parser. When ns = UNDEF, a comment is created using the “unknown element” constructor. The comment’s data are written into the element’s fields via an unsafe cast, corrupting th...

8.2CVSS5.8AI score0.00263EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2026/03/13 1:18 a.m.•4 views

CVE-2026-22204

6.3CVSS5.8AI score0.00221EPSS