CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

41 matches found

OSV•added 2026/06/16 3:1 a.m.•5 views

MAL-2026-5860 Malicious code in solana-js-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 855cf386497f33e21db48ae8b87c769fd777f52b585f3d8d5f276fd4c9d42628 Package masquerades as a 'Drop-in replacement for @solana/web3.js' and lists its author as 'Solana Labs Maintainers ' to impersonate the legitimate...

5.4AI score

Exploits0References1

OSV•added 2026/05/25 7:2 p.m.•7 views

MAL-2026-4575 Malicious code in happy-dlscord.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d183bf51c0f2be0102a7a7aeeda661f895e3b075f183d76d5f0f77c09c70860 The package name 'happy-dlscord.js' is a one-character edit of the top-tier npm package 'discord.js' and ships a near-verbatim fork of the upstream...

5.8AI score

Exploits0References1

RedhatCVE•added 2026/03/26 3:13 p.m.•3 views

CVE-2025-13902

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser run arbitrary JavaScript when the victim hovers over a maliciously crafted element on a web server...

5.1CVSS5.9AI score0.00225EPSS

Exploits0References1

EUVD•added 2026/03/10 6:31 p.m.•4 views

EUVD-2025-208500

5.1CVSS5.9AI score0.00225EPSS

Exploits0References2

CVE•added 2026/03/10 5:6 p.m.•13 views

CVE-2025-13902

CVE-2025-13902 describes a Cross-site Scripting (CWE-79) vulnerability that can allow an authenticated attacker to cause a victim’s browser to execute arbitrary JavaScript when the victim visits a page containing a crafted element with the injected payload. The CVSS score is 5.1 (Medium) with NET...

5.4CVSS5.9AI score0.00225EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/03/10 5:6 p.m.•27 views

CVE-2025-13902

5.1CVSS0.00225EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:35 a.m.•5 views

CVE-2024-41453

A cross-site scripting XSS vulnerability in Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter...

4.8CVSS5.7AI score0.00336EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:49 a.m.•6 views

CVE-2022-27348

Social Codia SMS v1 was discovered to contain a stored cross-site scripting XSS vulnerability via addpost.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field...

4.8CVSS5.8AI score0.01051EPSS

Exploits3References1

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•3 views

Malicious code in geomorphology-materialize-perturbation-accretion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f950d80fddbff7c9f345af602935a4448041c71c6e3aa0a96f263a4b8a2207f1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

Exploits0

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-52909