CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

124 matches found

Astra Linux – Vulnerability in Firefox

Firefox’s HTML parser did not correctly interpret HTML comment tags, leading to inconsistencies with other browsers. This vulnerability could have been exploited to embed user-controlled data within HTML comments on pages. This issue affects Firefox versions prior to 101...

6.5CVSS6.3AI score0.00428EPSS

Exploits0References1

NVD•added 6 days ago•10 views

CVE-2026-11402

The Services Section Block – Showcase Service Details in Grid or Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'link' Block Attribute in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00212EPSS

Exploits0References4

Cvelist•added 6 days ago•21 views

CVE-2026-11402 Services Section Block <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link' Block Attribute

6.4CVSS0.00212EPSS

Exploits0References4

NVD•added 2026/04/02 8:16 a.m.•5 views

CVE-2026-5032

The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...

7.5CVSS0.00956EPSS

Exploits0References3

CNNVD•added 2026/03/16 12:0 a.m.•4 views

Vulnogram 跨站脚本漏洞

Vulnogram is an open-source CVE vulnerability management and publishing tool developed by Vulnogram. Version 1.0.0 of Vulnogram contains a cross-site scripting vulnerability. This vulnerability stems from stored-xss annotations in HTML comments, which may allow remote attackers to inject XSS...

6.4CVSS5.9AI score0.00277EPSS

Exploits0References3

Packet Storm News•added 2026/02/10 12:0 a.m.•4 views

When Skills Lie: Hidden-Comment Injection in LLM Agents

LLM agents often rely on Skills to describe available tools and recommended procedures. We study a hidden-comment prompt injection risk in this documentation layer: when a Markdown Skill is rendered to HTML, HTML comment blocks can become invisible to human reviewers, yet the raw text may still b...

5.5AI score

Exploits0

RedhatCVE•added 2026/01/09 9:15 a.m.•8 views

CVE-2022-23549

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta16 on the beta and tests-passed branches, users can create posts with raw body longer than the maxlength site setting by including html comments that are not counted toward the...

6.5CVSS6.5AI score0.0057EPSS

Exploits0References1