CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

5.4CVSS5.4AI score0.00029EPSS

CVE-2026-8493

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox Inline allows Cross-Site Scripting XSS. This issue affects Colorbox Inline: from 0.0.0 before 2.1.1...

CVE-2026-34679

CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service...

RedhatCVE•added 6 days ago•7 views

CVE-2026-34688

RedhatCVE•added 6 days ago•7 views

CVE-2026-34666

CVE-2026-34668

CVE-2026-34670

CVE-2026-34669

7.8CVSS5.4AI score0.00025EPSS

CVE-2026-21010

Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigger privileged functions...

6.8CVSS5.4AI score0.00046EPSS

CVE-2026-21021

Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity...

6.8CVSS5.4AI score0.0005EPSS

CVE-2026-21003

Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 allows physical attackers to bypass the restrictions...

RedhatCVE•added 6 days ago•8 views

CVE-2026-1782

The MetForm Pro plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 3.9.7 This is due to the payment integrations Stripe/PayPal trusting a user-submitted calculation field value without recomputing or validating it against the configured form pric...

5.3CVSS5.5AI score0.00072EPSS

7.5CVSS5.7AI score0.00068EPSS

CVE-2025-71256

In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed...

8.7CVSS5.3AI score0.00041EPSS

CVE-2025-35990

Improper input validation for some Intel Endpoint Management Assistant EMA software before version 1.14.5 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable escalation...

RedhatCVE•added 6 days ago•4 views

CVE-2026-48968

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Averta Master Slider allows DOM-Based XSS. This issue affects Master Slider: from n/a through 3.10.8...

6.5CVSS5.4AI score0.00034EPSS

6.1CVSS5.4AI score0.00033EPSS

CVE-2026-39840

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

Exploits1References1

RedhatCVE•added 6 days ago•4 views

CVE-2026-41952

Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP Windows before build 9.0.93212, Acronis Cyber Protect Cloud Agent Windows before build 42183...

7.8CVSS7.2AI score0.00018EPSS

7.8CVSS7.2AI score0.00018EPSS

CVE-2026-41220

8.6CVSS5.5AI score0.00027EPSS

CVE-2026-9157

Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from 3.0 before 3.1...

7.2CVSS6.3AI score0.04792EPSS

CVE-2026-6973

A configuration control vulnerability in the Ivanti Endpoint Manager Mobile before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to inject arbitrary Apache directives, leading to remote code execution...