CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added 17 hours ago•13 views

Adobe Experience Manager ≤ 6.5.23.0 - XML Injection

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. id: CVE-2025-54251 info: name: Adobe Experience Manager ≤ 6.5.23.0 - XML Injection author: DhiyaneshDK,assetnote severity: medium description: |...

4.3CVSS5.8AI score0.09423EPSS

Exploits0

Nuclei•added yesterday•147 views

Sitecore Experience Platform <= 10.4 - Arbitrary File Read

An issue was discovered in Sitecore Experience Platform XP, Experience Manager XM, and Experience Commerce XC 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files. id: CVE-2024-46938 info: name: Sitecore Experience Platform = 10.4 - Arbitrary File...

7.5CVSS5.9AI score0.93431EPSS

NVD•added 3 days ago•8 views

CVE-2026-9024

A Stored Cross-site Scripting XSS vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2026x could allow an attacker to execute arbitrary script code in user's browser session...

8.7CVSS0.00032EPSS

EUVD•added 3 days ago•8 views

EUVD-2026-33604

Vulnrichment•added 3 days ago•5 views

CVE-2026-9024 Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2026x

CVE•added 3 days ago•15 views

CVE-2026-9024

The CVE-2026-9024 entry describes a Stored Cross-site Scripting (XSS) vulnerability in Process Experience Studio within DELMIA Service Process Engineer, affecting releases 3DEXPERIENCE R2024x through R2026x. The underlying issue allows an attacker to execute arbitrary script in a user’s browser s...

Cvelist•added 3 days ago•34 views

8.7CVSS0.00032EPSS

ATTACKERKB•added 3 days ago•6 views

CVE-2026-9024

Nuclei•added 3 days ago•10 views

Sitecore Experience Platform - Deserialization of Untrusted Data

Sitecore Experience Platform before 8.2 Update-7 and 9.0 before Update-2 is vulnerable to a remote code execution vulnerability CVE-2019-9874. An attacker can exploit this issue to execute arbitrary code on the affected system via a crafted request to the...

9.8CVSS8.3AI score0.87631EPSS

Exploits1References2

Nuclei•added 3 days ago•288 views

Sitecore - Remote Code Execution

Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3. id: CVE-2023-35813 info: name: Sitecore - Remote Code Execution author: DhiyaneshDk,iamnoooob severity: critical description: | Multiple Sitecore...

9.8CVSS7.6AI score0.9358EPSS

Exploits7References5

CNNVD•added 3 days ago•4 views

AEM MCP Server code-related vulnerabilities

The AEM MCP Server is a model context protocol server developed by Indrasishbanerjee, designed for content, components, and asset management. The AEM MCP Server has a code vulnerability that stems from incorrect handling of the parameter assetPath in the getAssetMetadata function within the Axios...

6.5CVSS6.7AI score0.00043EPSS

Exploits0References6

CNNVD•added 3 days ago•3 views

Dassault Systèmes DELMIA Service Process Engineer security vulnerabilities

Dassault Systèmes DELMIA Service Process Engineer is a process planning software developed by Dassault Systèmes, a French company. There are security vulnerabilities in Dassault Systèmes DELMIA Service Process Engineer versions from 3DEXPERIENCE R2024x to 3DEXPERIENCE R2026x. These vulnerabilitie...

8.7CVSS6AI score0.00032EPSS

Positive Technologies•added 3 days ago•7 views

PT-2026-45388

NVD•added 2026/04/24 4:16 a.m.•2 views

CVE-2026-5488

The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 9.1.2. This is due to missing capability checks in the getadsaccesstoken and resetexperience AJAX handlers. While the mi-admin-nonce is localized...

5.3CVSS0.00049EPSS

Exploits0References8

OSV•added 2026/04/23 4:11 p.m.•1 views

MAL-2026-3018 Malicious code in microsoft-employee-experience (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c34bc4b2b8497b2f155f93295b0fe4b78eb94e7830684929547465d0b66b7a7 The package microsoft-employee-experience was found to contain malicious code. Source: ossf-package-analysis...

5.7AI score

Exploits0

CNVD•added 2026/04/15 12:0 a.m.•5 views

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2026-20002)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS5.6AI score0.00035EPSS

Exploits0

EUVD•added 2026/04/14 9:31 p.m.•5 views

EUVD-2026-22683

Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of thi...

5.4CVSS5.8AI score0.00035EPSS