CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

CVE•added 2026/06/09 7:35 a.m.•20 views

CVE-2026-34033

CVE-2026-34033 affects Apache Answer up to version 2.0.0. The issue is an HTML content injection (basic XSS) where user-supplied content included in notification emails was not properly escaped, allowing authenticated users to inject arbitrary HTML into emails sent to other users. The CVSS vector...

5.4CVSS5.5AI score0.0035EPSS

Exploits0References2Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2019-7650

Malware in sbrugna...

6.1CVSS7AI score0.01843EPSS

Exploits1References4

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-49962

Malicious code in bioql PyPI...

6.1CVSS7.1AI score0.00387EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-39152

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00272EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-1857

Malicious code in bioql PyPI...

6.5CVSS7.4AI score0.02359EPSS

Exploits1References17

RedhatCVE•added 2025/05/23 8:52 a.m.•8 views

CVE-2024-41707

An issue was discovered in Archer Platform 6 before 2024.06. Authenticated users can achieve HTML content injection. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data stor...

5.4CVSS6.9AI score0.00272EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 8:13 a.m.•10 views

CVE-2019-17233

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection...

6.1CVSS6.9AI score0.01843EPSS

Exploits1References1

NVD•added 2024/07/25 8:15 a.m.•18 views

CVE-2024-41707

5.4CVSS0.00272EPSS

Exploits0References2

Cvelist•added 2024/07/25 12:0 a.m.•11 views

CVE-2024-41707

4.8CVSS0.00272EPSS

Exploits0References2

Vulnrichment•added 2024/07/25 12:0 a.m.•27 views

CVE-2024-41707

4.8CVSS6.9AI score0.00272EPSS

Exploits0References2

CVE•added 2024/07/25 12:0 a.m.•57 views

CVE-2024-41707

Archer Platform (v6) prior to 2024.06 is vulnerable to stored HTML content injection. Authenticated users can store malicious HTML in the trusted application data store, which is then executed by victim users’ browsers in the vulnerable app context. Remediation cited in available sources is to up...

5.4CVSS6.9AI score0.00272EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2024/06/04 9:16 a.m.•12 views

CVE-2023-45635 WordPress Responsive Tabs plugin < 4.0.6 - HTML Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in WP Darko Responsive Tabs allows Code Injection.This issue affects Responsive Tabs: from n/a before 4.0.6...

5.4CVSS6.9AI score0.00337EPSS

Exploits0References1

Cvelist•added 2024/06/04 9:16 a.m.•14 views

CVE-2023-45635 WordPress Responsive Tabs plugin < 4.0.6 - HTML Content Injection vulnerability

5.4CVSS5.6AI score0.00337EPSS

Exploits0References1

Cvelist•added 2023/12/12 12:0 a.m.•13 views

CVE-2023-48642

Archer Platform 6.x before 6.13 P2 6.13.0.2 contains an authenticated HTML content injection vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data store through...

5.8AI score0.00463EPSS

Exploits0References1

CNNVD•added 2023/12/12 12:0 a.m.•3 views

Archer Platform Security Vulnerability

Archer Platform is a modern integrated risk management solution from Archer, Inc. A security vulnerability exists in Archer Platform version 6.x prior to 6.13 P2 6.13.0.2 that stems from the presence of an HTML content injection vulnerability...

5.4CVSS6.9AI score0.00463EPSS

Exploits0References2

CVE•added 2023/12/12 12:0 a.m.•29 views

CVE-2023-48642

CVE-2023-48642 affects Archer Platform 6.x up to 6.13 P2 (6.13.0.2). The issue is an authenticated HTML content injection vulnerability in the data store; a remote authenticated Archer user can store malicious HTML code in a trusted application data store, with victim users’ browsers executing it...

5.4CVSS5.4AI score0.00463EPSS

Exploits0References1Affected Software1

OSV•added 2022/05/14 3:25 a.m.•15 views

GHSA-M2R2-QC49-GQW4 Gleez CMS Stored XSS

Cross-site scripting XSS vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers users to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode ...

5.4CVSS5.3AI score0.0098EPSS

Exploits1References5

Github Security Blog•added 2020/01/27 7:28 p.m.•99 views

Default development error handler in Ratpack is vulnerable to HTML content injection (XSS)

Versions of Ratpack from 0.9.10 through 1.7.5 are vulnerable to CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' aka. XSS in the development error handler. An attacker can utilize this to perform XSS when an exception message contains untrusted data. As a...

6.1CVSS1.4AI score0.00857EPSS

Exploits1References5Affected Software1

OSV•added 2019/10/07 11:15 p.m.•3 views

CVE-2019-17233

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection...

6.1CVSS5.8AI score0.01843EPSS

Exploits1References3

CVE•added 2019/10/07 10:11 p.m.•221 views

CVE-2019-17233

The CVE affects WordPress plugin Ultimate FAQ (WordPress) up to version 1.8.24. The vulnerability originates in Functions/EWD_UFAQ_Import.php, allowing unauthenticated HTML content injection during FAQ import, potentially exposing malicious content to site visitors. Exploitation details are not p...

6.1CVSS7.1AI score0.01843EPSS

In wildExploits1References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by