CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13456 matches found

Sitecore - Remote Code Execution

Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3. id: CVE-2023-35813 info: name: Sitecore - Remote Code Execution author: DhiyaneshDk,iamnoooob severity: critical description: | Multiple Sitecore...

9.8CVSS7.6AI score0.86685EPSS

Exploits7References5

Nuclei•added 10 hours ago•8 views

Liferay Portal & DXP - Cross-Site Scripting

Liferay Portal 7.4.0 through 7.4.3.133 and Liferay DXP 2024.Q1.1 through 2025.Q1.4 contain a reflected XSS caused by improper sanitization in entrycoverimagecaption.jsp, letting remote non-authenticated attackers inject JavaScript. id: CVE-2025-4576 info: name: Liferay Portal & DXP - Cross-Site...

6.9CVSS5.9AI score0.00548EPSS

Exploits0References2

Nuclei•added 10 hours ago•12 views

Sitecore Experience Manager (XM) and Experience Platform (XP) - Hardcoded Credentials

Sitecore Experience Manager XM and Experience Platform XP versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access...

7.5CVSS7.6AI score0.38428EPSS

Exploits6References3

Nuclei•added 10 hours ago•15 views

Adobe Experience Manager ≤ 6.5.23.0 - XML Injection

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. id: CVE-2025-54251 info: name: Adobe Experience Manager ≤ 6.5.23.0 - XML Injection author: DhiyaneshDK,assetnote severity: medium description: |...

4.3CVSS5.8AI score0.01609EPSS

Exploits0

Nuclei•added 10 hours ago•40 views

Adobe Experience Manager - XML External Entity Injection

Adobe Experience Manager 6.5, 6.4, 6.3 and 6.2 are susceptible to XML external entity injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2019-8086 info: name: Adobe...

7.5CVSS7.2AI score0.24257EPSS

Exploits0References5

Nuclei•added 14 hours ago•207 views

Sitecore Experience Platform <= 10.4 - Arbitrary File Read

An issue was discovered in Sitecore Experience Platform XP, Experience Manager XM, and Experience Commerce XC 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files. id: CVE-2024-46938 info: name: Sitecore Experience Platform = 10.4 - Arbitrary File...

7.5CVSS6AI score0.46077EPSS

Exploits0References2

Nuclei•added 14 hours ago•11 views

Sitecore Experience Platform - Deserialization of Untrusted Data

Sitecore Experience Platform before 8.2 Update-7 and 9.0 before Update-2 is vulnerable to a remote code execution vulnerability CVE-2019-9874. An attacker can exploit this issue to execute arbitrary code on the affected system via a crafted request to the...

9.8CVSS8.3AI score0.83857EPSS

Exploits1References2

Friends Of PHP•added 6 days ago•7 views

symfony/ux-icons XSS via unsanitized SVG content in local files and Iconify on-demand responses

Description The uxicon Twig function is marked issafe='html', so Twig never escapes its output. Icon::toHtml inlines the SVG source verbatim into the page. Browsers execute elements and on event-handler attributes found inside inline SVG, making any unsanitized icon a vector for cross-site...

6AI score

Exploits0Affected Software1

RedhatCVE•added 2026/06/10 9:4 p.m.•9 views

CVE-2026-48289

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write...

3.5CVSS5.4AI score0.00299EPSS

Exploits0References1

RedhatCVE•added 2026/06/10 9:4 p.m.•7 views

CVE-2026-48288

3.5CVSS5.4AI score0.0041EPSS

Exploits0References1

RedhatCVE•added 2026/06/10 9:4 p.m.•8 views

CVE-2026-48301

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS

Exploits0References1

RedhatCVE•added 2026/06/10 9:4 p.m.•6 views

CVE-2026-48304

5.4CVSS5.4AI score0.00224EPSS

Exploits0References1

RedhatCVE•added 2026/06/10 9:4 p.m.•8 views

CVE-2026-48300

5.4CVSS5.4AI score0.00224EPSS

Exploits0References1

RedhatCVE•added 2026/06/10 9:3 p.m.•7 views

CVE-2026-48297

5.4CVSS5.4AI score0.00224EPSS

Exploits0References1

RedhatCVE•added 2026/06/10 9:3 p.m.•9 views

CVE-2026-48280

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00283EPSS

Exploits0References1

RedhatCVE•added 2026/06/10 9:3 p.m.•7 views

CVE-2026-48271

5.4CVSS5.5AI score0.00283EPSS

Exploits0References1

RedhatCVE•added 2026/06/10 9:3 p.m.•9 views

CVE-2026-48299

5.4CVSS5.4AI score0.00224EPSS

Exploits0References1

RedhatCVE•added 2026/06/10 9:3 p.m.•8 views

CVE-2026-48265