CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10240 matches found

CNNVD•added 2026/05/12 12:0 a.m.•9 views

Adobe Commerce 跨站脚本漏洞

Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. Adobe Commerce has a cross-site scripting vulnerability, which stems from a storage-based cross-site scripting issue. This vulnerability could allow high-privilege attacke...

4.8CVSS5.6AI score0.00274EPSS

Exploits0References1

CNNVD•added 2026/05/12 12:0 a.m.•6 views

WordPress plugin Advanced Custom Fields Extended 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.5CVSS6.2AI score0.00381EPSS

Exploits0References1

CNNVD•added 2026/05/12 12:0 a.m.•9 views

Adobe Commerce 跨站脚本漏洞

4.8CVSS5.6AI score0.00368EPSS

Exploits0References1

Positive Technologies•added 2026/05/12 12:0 a.m.•8 views

PT-2026-40402

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may...

4.8CVSS5.8AI score0.00274EPSS

Exploits0References2

Positive Technologies•added 2026/05/12 12:0 a.m.•13 views

PT-2026-40456

Name of the Vulnerable Software and Affected Versions Advanced Custom Fields: Extended versions prior to 0.9.2.4 Description The Advanced Custom Fields: Extended plugin for WordPress allows unauthenticated attackers to execute arbitrary shortcodes. This occurs because the software fails to proper...

6.5CVSS6.1AI score0.00381EPSS

Exploits0References6

EUVD•added 2026/05/11 9:31 p.m.•6 views

EUVD-2026-29192

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cowsse:event/1 in cowlib guards the id and event fields against \n but not against bare \r, and the internal prefixlines/2 function...

6.3CVSS6AI score0.00218EPSS

Exploits0References4

EUVD•added 2026/05/11 9:31 p.m.•39 views

EUVD-2026-29193

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cowcookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value pairs...

2.1CVSS6AI score0.00145EPSS

Exploits0References4

Github Security Blog•added 2026/05/11 9:31 p.m.•9 views

cowlib: Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1

3.2CVSS6AI score0.00145EPSS

Exploits0References5Affected Software1

Github Security Blog•added 2026/05/11 9:31 p.m.•9 views

ninenines cowlib: Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability allows SSE event splitting and injection via unvalidated field values

6.3CVSS6AI score0.00218EPSS

Exploits0References6Affected Software1

OSV•added 2026/05/11 9:31 p.m.•2 views

GHSA-HV23-4QP7-8C8R ninenines cowlib: Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability allows SSE event splitting and injection via unvalidated field values

6.3CVSS6AI score0.00218EPSS

Exploits0References6

OSV•added 2026/05/11 9:31 p.m.•3 views

GHSA-G2WM-735Q-3F56 cowlib: Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1

3.2CVSS5.9AI score0.00145EPSS

Exploits0References5

CVE•added 2026/05/11 8:29 p.m.•10 views

CVE-2026-43874

CVE-2026-43874 affects WWBN AVideo up to version 29.0, involving YPTSocket message handling. The server-side strip that removes autoEvalCodeOnHTML only targets $json['msg'] and not other outbound carriers; the relay logic prefers $msg['json'] when present, causing an unauthenticated attacker who ...

7.2CVSS5.7AI score0.00238EPSS

Exploits0References2

GithubExploit•added 2026/05/11 7:55 p.m.•66 views

Exploit for CVE-2026-8161

CVE-2026-8161 Proof of concept of CVE-2026-8161 Multiparty...

5.8AI score0.00473EPSS

Exploits1

Snyk•added 2026/05/11 7:39 p.m.•6 views

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the returndynamicfilters.php process when handling the filtertarget parameter. An attacker can execute arbitrary HTML or scripts in the context of a user's browser ...

5.4CVSS5.8AI score0.00281EPSS

Exploits0References2

NVD•added 2026/05/11 7:16 p.m.•10 views

CVE-2026-43968

6.3CVSS0.00218EPSS

Exploits0References3

Github Security Blog•added 2026/05/11 6:31 p.m.•8 views

SQL injection vulnerability in pgAdmin 4 Maintenance Tool

SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields bufferusagelimit, vacuumparallel, vacuumindexcleanup, reindextablespace were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An authenticated user with th...

8.8CVSS6.2AI score0.00456EPSS

Exploits0References4Affected Software1

EUVD•added 2026/05/11 6:31 p.m.•7 views

EUVD-2026-29083

8.8CVSS6.2AI score0.00456EPSS

Exploits0References2

EUVD•added 2026/05/11 6:31 p.m.•9 views

EUVD-2026-29081

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

9.9CVSS6.1AI score0.00455EPSS

Exploits0References3