CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

267 matches found

Cvelist•added 2026/05/20 6:0 p.m.•22 views

CVE-2026-47099 TeleJSON < 6.0.0 DOM-based XSS via parse() Function

TeleJSON prior to 6.0.0 contains a DOM-based cross-site scripting vulnerability in the parse function that allows attackers to execute arbitrary JavaScript by delivering a crafted JSON payload containing a malicious constructor-name property value. The custom reviver passes the constructor name...

6.1CVSS0.00036EPSS

Exploits0References3

ATTACKERKB•added 2026/05/20 6:0 p.m.•4 views

CVE-2026-47099

6.1CVSS6AI score0.00036EPSS

Exploits0References3

Tenable Nessus•added 2026/03/04 12:0 a.m.•2 views

Plone <= 6.0.5 Cross-Frame Scripting (CVE-2024-0669)

The detected version of the python package plone version 6.0.5 or prior. It is, therefore, affected by a cross-frame scripting vulnerability. A remote attacker can exploit this via cross-frame scripting to trick a user into opening a invisible i-frame to collect credentials or keystrokes. Note th...

7.1CVSS7.1AI score0.0005EPSS

Exploits0References2

RedhatCVE•added 2026/01/07 9:38 a.m.•4 views

CVE-1999-0871

Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability...

2.6CVSS6.8AI score0.11216EPSS

Exploits0References1

Packet Storm News•added 2025/12/01 12:0 a.m.•2 views

COGNITION: From Evaluation to Defense against Multimodal LLM CAPTCHA Solvers

This paper studies how multimodal large language models MLLMs undermine the security guarantees of visual CAPTCHA. We identify the attack surface where an adversary can cheaply automate CAPTCHA solving using off-the-shelf models. We evaluate 7 leading commercial and open-source MLLMs across 18...

6.9AI score

Exploits0