CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

132 matches found

Amazon•added 2026/06/08 12:0 a.m.•6 views

Medium: python3.13

Issue Overview: http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie valu...

6.1CVSS5.4AI score0.00229EPSS

Exploits1

RedhatCVE•added 2026/06/05 7:26 p.m.•9 views

CVE-2026-39841

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

6.3CVSS5.4AI score0.00158EPSS

Exploits1References1

EUVD•added 2026/05/12 4:58 p.m.•8 views

EUVD-2026-29694

Improper neutralization of script-related html tags in a web page basic xss in Visual Studio Code allows an unauthorized attacker to execute code locally...

7.8CVSS6AI score0.00421EPSS

Exploits0References1

RedhatCVE•added 2026/05/12 2:27 a.m.•8 views

CVE-2026-40038

Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, commentbody, articlecontent, description, and message parameters...

7.2CVSS6AI score0.00161EPSS

Exploits1References1

CNNVD•added 2026/05/07 12:0 a.m.•8 views

DivvyDrive 安全漏洞

DivvyDrive is a file storage and sharing management platform developed by DivvyDrive Inc. in Turkey. Versions of DivvyDrive from 4.8.2.9 to 4.8.3.2 contained security vulnerabilities. These vulnerabilities were caused by improper use of HTML tags related to scripts in web pages, which could lead ...

8.8CVSS5.6AI score0.00327EPSS

Exploits0References1

ATTACKERKB•added 2026/03/15 1:35 p.m.•4 views

CVE-2016-20032

ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holidayname' and 'memo' POST parameters. Attackers can submit crafted requests with script code i...

7.2CVSS6AI score0.00259EPSS

Exploits1References5Affected Software1

NVD•added 2025/10/22 3:15 p.m.•3 views

CVE-2025-58970

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in AmentoTech Doctreat doctreat allows Code Injection.This issue affects Doctreat: from n/a through = 1.6.7...

6.3CVSS0.00247EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•8 views

EUVD-2012-3383

Malware in sbrugna...

4.3CVSS6.1AI score0.02477EPSS

Exploits0References11

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2020-25220

Malware in sbrugna...

9.3CVSS9AI score0.01309EPSS

Exploits0References2