CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3850 matches found

UbuntuCve•added 2026/02/04 7:16 a.m.•3 views

CVE-2026-21393

Movable Type contains a stored cross-site scripting vulnerability in Edit Comment. If crafted input is stored by an attacker, arbitrary script may be executed on a logged-in user's web browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life EOL, are affected by the...

5.4CVSS6.3AI score0.00208EPSS

Exploits0References4

EUVD•added 2026/02/04 7:2 a.m.•4 views

EUVD-2026-5437

5.4CVSS5.2AI score0.00208EPSS

Exploits0References3

Vulnrichment•added 2026/02/04 7:2 a.m.•2 views

CVE-2026-21393

5.4CVSS5.2AI score0.00208EPSS

Exploits0References3

Cvelist•added 2026/02/04 7:2 a.m.•24 views

CVE-2026-21393

5.4CVSS0.00208EPSS

Exploits0References3

CVE•added 2026/02/04 7:2 a.m.•12 views

CVE-2026-21393

Movable Type CVE-2026-21393 is a stored cross-site scripting vulnerability in the Edit Comment feature. A crafted input stored by an attacker can cause arbitrary script execution in a logged-in user’s browser. Affected: Movable Type 7.x and 8.4.x (including EOL series). Root cause: stored XSS in ...

5.4CVSS5.6AI score0.00208EPSS

Exploits0References3

RedhatCVE•added 2026/02/04 3:15 a.m.•15 views

CVE-2025-67187

A stack-based buffer overflow vulnerability was identified in TOTOLINK A950RG V4.1.2cu.5204B20210112. The flaw exists in the setIpQosRules interface of /lib/cstemodules/firewall.so where the comment parameter is not properly validated for length...

9.8CVSS5.7AI score0.00439EPSS

Exploits1References1

OSV•added 2026/02/04 12:12 a.m.•1 views

GHSA-RH3R-8PXM-HG4W Navidrome has XSS via comment from song metadata

Summary An XSS vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials. An attacker's maliciously crafted song has to be added to Navidrome to exploit the vulnerability. Details The frontend is using React. In...

6.1CVSS5.7AI score0.00297EPSS

Exploits1References5

Github Security Blog•added 2026/02/04 12:12 a.m.•11 views

Navidrome has XSS via comment from song metadata

6.1CVSS5.6AI score0.00297EPSS

Exploits1References5Affected Software1

Positive Technologies•added 2026/02/04 12:0 a.m.•2 views

PT-2026-6325

Name of the Vulnerable Software and Affected Versions Navidrome versions prior to 0.60.0 Description Navidrome is a web-based music collection server and streamer. A cross-site scripting issue exists in the frontend that allows a malicious attacker to inject code through the comment metadata of a...

6.1CVSS5AI score0.00297EPSS

Exploits1References11

CNNVD•added 2026/02/04 12:0 a.m.•5 views

Movable Type 跨站脚本漏洞

Movable Type is a content management system developed by Movable Type Inc. Movable Type has a cross-site scripting vulnerability, which stems from a stored-cross-site scripting vulnerability present in the comment editing feature. This vulnerability could allow arbitrary scripts to be executed on...

5.4CVSS6.2AI score0.00208EPSS

Exploits0References4

Positive Technologies•added 2026/02/04 12:0 a.m.•6 views

PT-2026-6098

Name of the Vulnerable Software and Affected Versions Movable Type versions 7.x and 8.4.x Description Movable Type has a stored cross-site scripting issue in the Edit Comment functionality. An attacker could execute arbitrary script in a logged-in user’s web browser by storing crafted input. The...

5.4CVSS5.4AI score0.00208EPSS

Exploits0References5

OSV•added 2026/02/03 10:16 p.m.•2 views

CVE-2020-37072

Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'commentauthor' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission form to execute arbitrary code in victim browsers...

6.1CVSS6AI score

Exploits0References3

NVD•added 2026/02/03 10:16 p.m.•6 views

CVE-2020-37072

7.2CVSS0.00234EPSS

Exploits1References3

Cvelist•added 2026/02/03 10:1 p.m.•26 views

CVE-2020-37072 Victor CMS 1.0 - 'comment_author' Persistent Cross-Site Scripting

7.2CVSS0.00234EPSS

Exploits1References3

ATTACKERKB•added 2026/02/03 10:1 p.m.•2 views

CVE-2020-37072

7.2CVSS5.7AI score0.00234EPSS

Exploits1References3Affected Software1

OSV•added 2026/02/03 6:16 p.m.•1 views

CVE-2025-67187

9.8CVSS6.2AI score0.00439EPSS

Exploits1References1

NVD•added 2026/02/03 6:16 p.m.•4 views

CVE-2025-67187

9.8CVSS0.00439EPSS

Exploits1References1

RedhatCVE•added 2026/02/03 3:18 a.m.•7 views

CVE-2025-67475

A flaw was found in MediaWiki. This vulnerability, identified as an Improper Neutralization of Input During Web Page Generation Cross-site Scripting or XSS, allows a remote attacker to inject malicious scripts into web pages. This can lead to information disclosure, session hijacking, or arbitrar...

4.6CVSS5.9AI score0.00211EPSS

Exploits0References4

NVD•added 2026/02/03 2:16 a.m.•7 views

CVE-2025-67475

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/CommentFormatter/CommentParser.Php. This issue affects MediaWiki: from before 1.39.16, 1.43.6,...

6.1CVSS0.00211EPSS

Exploits0References1

EUVD•added 2026/02/03 1:21 a.m.•5 views

EUVD-2025-206758

5.3AI score0.00211EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by