CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/06/01 5:13 p.m.•7 views

EUVD-2026-33720

6.8CVSS5.7AI score0.00016EPSS

CVE•added 2026/06/01 5:13 p.m.•30 views

CVE-2026-45810

Summary: CVE-2026-45810 affects Nextcloud Server, where a missing relation check allows authenticated users with access to any file comment to read the content of all comments. Affected versions are 31.0.0–31.0.11 and 32.0.0–32.0.2; fixed in 31.0.12 and 32.0.3. Enterprise Server upgrades are prov...

6.8CVSS5.7AI score0.00016EPSS

Exploits0References3Affected Software1

CNNVD•added 2026/06/01 12:0 a.m.•3 views

NextCloud Server security vulnerabilities

NextCloud Server is an open-source NextCloud server program. There were security vulnerabilities in versions 31.0.0 to 31.0.12, and in versions 32.0.0 to 32.0.3 of NextCloud Server. These vulnerabilities stemmed from a lack of relational checks, which could allow authenticated users to read all...

6.8CVSS5.8AI score0.00016EPSS

Exploits0References4

Positive Technologies•added 2026/06/01 12:0 a.m.•5 views

PT-2026-45538

6.8CVSS5.7AI score0.00016EPSS

Exploits0References4

Positive Technologies•added 2026/06/01 12:0 a.m.•9 views

PT-2026-45488

Summary Type: Insecure Direct Object Reference. The comment endpoints POST /workspaces/workspace id/issues/issue id/comments and GET .../comments gate access on require workspace memberworkspace id only, then call CommentService.createissue id=issue id, ... and CommentService.list for issueissue ...

8.1CVSS5.9AI score

Tenable Nessus•added 2026/05/30 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-47762

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows...

Patchstack•added 2026/05/29 8:17 a.m.•6 views

WordPress Disable Comments for Any Post Types (Remove comments) plugin <= 1.3.0 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by dodoh4t in WordPress Plugin Disable Comments for Any Post Types Remove comments versions = 1.3.0...

7.1CVSS5.8AI score0.00052EPSS

Exploits0Affected Software1

Veracode•added 2026/05/29 4:37 a.m.•7 views

Stored Cross-Site Scripting (XSS)

TinyMCE is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of forged mce:protected comments, which allows an attacker to bypass content sanitization and inject malicious scripts that execute when the protected content is restored...

Exploits0References4Affected Software2

CNNVD•added 2026/05/29 12:0 a.m.•5 views

FastGPT 安全漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT prior to 4.15.0-beta1 contained a security vulnerability. This vulnerability stemmed from the JavaScript sandbox worker’s use of regular expressions. It test...

6.3CVSS5.9AI score0.0006EPSS

Snyk•added 2026/05/28 4:50 p.m.•7 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:tinymce is a WebJar for tinymce. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the mce:protected comments. An attacker can execute arbitrary scripts in the context of affected users by injecting malicious content that bypasses sanitizati...

Snyk•added 2026/05/28 4:50 p.m.•6 views

Cross-site Scripting (XSS)

Overview TinyMCE is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the mce:protected comments. An attacker can execute arbitrary scripts in the context of affected users by injecting malicious content that...

Snyk•added 2026/05/28 4:50 p.m.•8 views

Cross-site Scripting (XSS)

Overview tinymce is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the mce:protected comments. An attacker can execute arbitrary scripts in the context of affected users by injecting malicious content that...

NVD•added 2026/05/28 4:16 p.m.•11 views

CVE-2026-47762

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when content is restored. Impacts users who utilize the protect option. Thi...

8.7CVSS0.00032EPSS

OSV•added 2026/05/28 4:16 p.m.•4 views

UBUNTU-CVE-2026-47762

CVE•added 2026/05/28 3:21 p.m.•22 views

Exploits0References5

CVE-2026-47762

CVE-2026-47762 affects TinyMCE, a widely used open source rich text editor. The flaw is a stored XSS via forged mce:protected comments present before version 5.11.1, 7.9.3, and 8.5.1. An attacker could bypass sanitization and insert scripts that execute when content is restored, impacting users w...

Exploits0References3Affected Software1

ATTACKERKB•added 2026/05/28 3:21 p.m.•13 views

CVE-2026-47762

Exploits0References4Affected Software1

Cvelist•added 2026/05/28 3:21 p.m.•30 views

CVE-2026-47762 TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments

8.7CVSS0.00032EPSS

Vulnrichment•added 2026/05/28 3:21 p.m.•10 views

CVE-2026-47762 TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments