CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

52 matches found

CVE-2026-11195

Inappropriate implementation in MHTML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.5AI score0.00014EPSS

Exploits0References2

Positive Technologies•added 2026/03/25 12:0 a.m.•3 views

PT-2026-28090

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.27 n8n versions prior to 2.13.3 n8n versions prior to 2.14.1 Description n8n is a workflow automation platform. An authenticated user with appropriate permissions could create a workflow that generates HTML binary...

9CVSS5.8AI score0.0005EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-1200

Malware in sbrugna...

6.1CVSS6.1AI score0.01194EPSS

Exploits0References15

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-1398

Malware in sbrugna...

6.1CVSS6.5AI score0.65532EPSS

Exploits0References17

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-31992

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00093EPSS

Exploits0References1

Tenable Nessus•added 2025/08/27 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2021-33829

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executab...

6.1CVSS6.4AI score0.65532EPSS

Exploits0References2

CNNVD•added 2025/01/17 12:0 a.m.•3 views

KaTeX 安全漏洞

KaTeX is a fast, easy-to-use JavaScript library open-sourced by KaTeX for TeX math rendering on the web. A security vulnerability exists in KaTeX prior to version v0.16.21, which stems from the htmlData command that allows embedding of HTML data, and an improper configuration of the trust option...

7.2CVSS6.5AI score0.00038EPSS

Exploits0References4

NVD•added 2025/01/14 1:15 a.m.•6 views

CVE-2025-0059

Applications based on SAP GUI for HTML in SAP NetWeaver Application Server ABAP store user input in the local browser storage to improve usability. An attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data...

6CVSS0.00024EPSS

Exploits0References2

Vulnrichment•added 2024/08/08 4:31 a.m.•14 views

CVE-2024-5668 Lightbox & Modal Popup WordPress Plugin – FooBox <= 2.7.28 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes

The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 2.7.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

6.4CVSS5.7AI score0.00218EPSS

Exploits0References2

Patchstack•added 2024/07/01 3:52 a.m.•1 views

WordPress Gutenberg Blocks with AI by Kadence WP plugin <= 3.2.45 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via HTML Data Attributes vulnerability discovered by Webbernaut in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.2.45...

6.4CVSS6AI score0.00218EPSS

Exploits0References1Affected Software1

OSV•added 2024/03/06 11:8 a.m.•19 views

BIT-MOODLE-2021-36401

In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk...

4.8CVSS4.8AI score0.00265EPSS

Exploits0References2

OSV•added 2024/03/06 10:55 a.m.•19 views

BIT-DRUPAL-2020-9281

A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...

6.1CVSS5.5AI score0.01194EPSS

Exploits0References10

OSV•added 2024/03/06 10:55 a.m.•26 views

BIT-DRUPAL-2021-33829

A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...

6.1CVSS5.8AI score0.65532EPSS

Exploits0References7

SUSE CVE•added 2024/01/30 3:1 a.m.•1 views

SUSE CVE-2021-33829

6.1CVSS6.9AI score0.65532EPSS

Exploits0References3

Tenable Nessus•added 2023/10/23 12:0 a.m.•33 views

Ubuntu 16.04 ESM : CKEditor vulnerabilities (USN-5340-2)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5340-2 advisory. USN-5340-1 fixed several vulnerabilities in CKEditor. This update provides the fixes for CVE-2018-9861, CVE-2020-9281, CVE-2021-32809, CVE-2021-33829 and...

7.3CVSS6.6AI score0.65532EPSS

Exploits0References6

RedHat Linux•added 2023/10/04 1:48 p.m.•2 views

libvpx: Heap buffer overflow in vp8 encoding in libvpx

A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a w...

8.8CVSS7.8AI score0.04976EPSS

Exploits3References6