CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

248 matches found

Packet Storm News•added 2026/02/02 12:0 a.m.•2 views

IlchCMS 2.1.37 Cross Site Scripting

A cross site scripting vulnerability exists in IlchCMS version 2.1.37. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score

Exploits0

NVD•added 2026/01/23 5:16 p.m.•3 views

CVE-2021-47906

BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerability in the articles text parameter that allows authenticated attackers to inject malicious scripts. Attackers can insert malicious javascript payloads in the text field to execute scripts and potentially steal authenticated users...

6.4CVSS0.00197EPSS

Exploits0References4

Snyk•added 2026/01/10 3:31 p.m.•1 views

Cross-site Scripting (XSS)

Overview @questdb/web-console is a QuestDB Web Console Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Web Console component. An attacker can inject and execute arbitrary scripts by submitting crafted input that is not properly sanitized. Details Cross-site...

5.1CVSS6AI score0.00242EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 9:16 a.m.•2 views

CVE-2025-14110

The WP Js List Pages Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5AI score0.00242EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:35 a.m.•5 views

CVE-2019-7185

This cross-site scripting XSS vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Music Station to their latest versions...

4.8CVSS5.9AI score0.01456EPSS

Exploits0References1

Cvelist•added 2026/01/06 3:52 p.m.•24 views

CVE-2020-36905 FIBARO System Home Center 5.021 Remote File Inclusion via Proxy API

FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the undocumented proxy API that allows attackers to include arbitrary client-side scripts. Attackers can exploit the 'url' GET parameter to inject malicious JavaScript and potentially hijack user sessions or...

7.5CVSS0.00443EPSS

Exploits1References7

Positive Technologies•added 2026/01/01 12:0 a.m.•3 views

PT-2026-21575

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 145.0.7632.116 Description A flaw exists in Google Chrome's DevTools due to an inappropriate implementation. An attacker could potentially convince a user to install a malicious extension. This would allow the...

8.8CVSS5.3AI score0.0017EPSS

Exploits0References11

EUVD•added 2025/12/19 8:23 a.m.•1 views

EUVD-2025-204478

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the colibriblogposts shortcode in all versions up to, and including, 1.0.345 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS4.5AI score0.00275EPSS

Exploits0References4

Vulnrichment•added 2025/12/18 7:53 p.m.•1 views

CVE-2023-53737 Kentico Xperience <= 13.0.101 Localization Application Stored XSS

A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious payloads via the Localization application. Attackers can execute scripts that could affect multiple parts of the administration interface...

5.1CVSS5.8AI score0.0014EPSS

Exploits0References2

EUVD•added 2025/12/18 12:34 a.m.•2 views

EUVD-2023-60219

Textpattern CMS 4.8.8 contains a stored cross-site scripting vulnerability in the article excerpt field that allows authenticated users to inject malicious scripts. Attackers can insert JavaScript payloads into the excerpt, which will execute when the article is viewed by other users...

5.1CVSS5.6AI score0.00255EPSS

Exploits1References4

Packet Storm•added 2025/12/16 12:0 a.m.•138 views

📄 WordPress Omnipress 1.6.3 Cross Site Scripting

WordPress Omnipress plugin versions 1.6.3 and below suffer from a persistent cross site scripting vulnerability. CVE-2025-12163: Stored Cross-Site Scripting in Omnipress WordPress Plugin Keywords: CVE-2025-XXXXX, Omnipress WordPress vulnerability, stored XSS, WordPress security, authenticated XSS...

6.4CVSS6.4AI score0.00298EPSS

Exploits2

EUVD•added 2025/12/13 6:30 p.m.•3 views

EUVD-2025-203213

The YITH WooCommerce Quick View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's yithquickview shortcode in all versions up to, and including, 2.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS4.7AI score0.00274EPSS

Exploits0References5

RedhatCVE•added 2025/12/13 3:59 a.m.•4 views

CVE-2025-14048

The SimplyConvert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'simplyconverthash' option in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS5AI score0.00189EPSS

Exploits0References1

EUVD•added 2025/12/12 6:31 a.m.•2 views

EUVD-2025-203007

The WP Dropzone plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'callback' shortcode attribute in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on user-supplied 'callback' attributes, which are evaluated as...

6.4CVSS4.8AI score0.00236EPSS

Exploits0References6

RedhatCVE•added 2025/12/11 7:1 p.m.•10 views

CVE-2025-64801

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.5AI score0.00205EPSS

Exploits0References1

EUVD•added 2025/12/10 9:31 p.m.•2 views

EUVD-2025-202572

5.4CVSS5AI score0.00205EPSS

Exploits0References2

NVD•added 2025/12/10 7:16 p.m.•3 views

CVE-2025-64604

5.4CVSS0.00205EPSS

Exploits0References1

OSV•added 2025/12/10 7:16 p.m.•5 views

CVE-2025-64575

5.4CVSS5.7AI score0.00205EPSS

Exploits0References1

CVE•added 2025/12/10 6:23 p.m.•11 views

CVE-2025-64797

Adobe Experience Manager (AEM) up to version 6.5.23 is affected by a stored Cross-Site Scripting (XSS) vulnerability that allows a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript can execute in a victim’s browser when accessing pages containin...

5.4CVSS5.1AI score0.00205EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/12/10 6:23 p.m.•17 views

CVE-2025-64579 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

5.4CVSS0.00205EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by