CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

59010 matches found

CNVD•added 2026/01/26 12:0 a.m.•5 views

MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-10669)

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the Download Zip feature. An attacker could exploit the...

6.1CVSS5.8AI score0.00317EPSS

Exploits1References1

CNVD•added 2026/01/26 12:0 a.m.•7 views

MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-11737)

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the modifyUser feature. An attacker could exploit the...

6.1CVSS6.1AI score0.00235EPSS

Exploits1References1

CNVD•added 2026/01/26 12:0 a.m.•6 views

MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-10670)

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the email failedjob feature. An attacker could exploit the...

6.1CVSS5.8AI score0.00286EPSS

Exploits1References1

Positive Technologies•added 2026/01/26 12:0 a.m.•4 views

PT-2026-4820

dcap-qvl implements the quote verification logic for DCAP Data Center Attestation Primitives. A vulnerability present in versions prior to 0.3.9 involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qe identity,...

9.3CVSS5.9AI score0.00208EPSS

Exploits0References2

CNVD•added 2026/01/26 12:0 a.m.•2 views

MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-10668)

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. A cross-site scripting vulnerability exists in MedDream PACS Premium and is caused by improper validation of user-supplied input by the Modify Anonymization feature. An attacker could exploit the...

6.1CVSS5.7AI score0.0026EPSS

Exploits1References1

VulnCheck KEV•added 2026/01/26 12:0 a.m.•7 views

VulnCheck KEV: CVE-2020-16040

Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.5CVSS7.3AI score0.99595EPSS

In wildExploits14References2

CNNVD•added 2026/01/26 12:0 a.m.•5 views

Openfire cross-site scripting vulnerabilities

Openfire is a real-time collaboration server developed by Ignite Realtime. Version Openfire 4.6.0 contains a cross-site scripting vulnerability. This vulnerability stems from improper handling of the path parameter by the nodejs plugin, which may lead to storage-based cross-site scripting attacks...

6.4CVSS5.6AI score0.00253EPSS

Exploits0References5

CNNVD•added 2026/01/26 12:0 a.m.•7 views

Forma LMS cross-site scripting vulnerability

Forma LMS is an open-source learning management system developed by the Italian company Forma. Version 2.3 of Forma LMS contains a cross-site scripting vulnerability. This vulnerability stems from the storage-based cross-site scripting in the user name field, which may allow for the execution of...

6.4CVSS5.9AI score0.00195EPSS

Exploits0References3

Positive Technologies•added 2026/01/26 12:0 a.m.•7 views

PT-2026-4778

Xeroneit Library Management System 3.1 contains a stored cross-site scripting vulnerability in the Book Category feature that allows administrators to inject malicious scripts. Attackers can insert a payload in the Category Name field to execute arbitrary JavaScript code when the page is loaded...

6.4CVSS6.1AI score0.0031EPSS

Exploits0References5

GithubExploit•added 2026/01/25 2:51 p.m.•157 views

POC-Generator-Burp_Suite_Extension

🎯 POC Generator - Burp Suite Extension From vulnerability...

6.1AI score

Exploits0

NVD•added 2026/01/25 1:15 p.m.•5 views

CVE-2020-36932

SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded...

6.1CVSS0.00244EPSS

Exploits1References3

OSV•added 2026/01/25 1:15 p.m.•5 views

CVE-2020-36932

6.1CVSS5.8AI score

Exploits0References3

CVE•added 2026/01/25 1:4 p.m.•12 views

CVE-2020-36932

CVE-2020-36932 affects SeaCMS 11.1. The vulnerability is a stored cross-site scripting (XSS) in the checkuser parameter of the admin settings page. The underlying issue allows an attacker to inject JavaScript payloads that execute in users’ browsers when the page loads. Affected component: admin ...

6.1CVSS5.1AI score0.00244EPSS

Exploits1References3Affected Software1

RedhatCVE•added 2026/01/25 9:16 a.m.•12 views

CVE-2026-1191

The JavaScript Notifier plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 1.2.8. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the wpfooter action. This makes it possible...

4.4CVSS5.8AI score0.00199EPSS

Exploits0References1

Cvelist•added 2026/01/24 9:8 a.m.•30 views

CVE-2026-1191 JavaScript Notifier <= 1.2.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

4.4CVSS0.00199EPSS

Exploits0References4

Vulnrichment•added 2026/01/24 9:8 a.m.•4 views

CVE-2026-1191 JavaScript Notifier <= 1.2.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

4.4CVSS6AI score0.00199EPSS

Exploits0References3

CVE•added 2026/01/24 9:8 a.m.•15 views

CVE-2026-1191

CVE-2026-1191 concerns the WordPress plugin JavaScript Notifier, vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to 1.2.8. The root cause is insufficient input sanitization and output escaping on user-supplied attributes used in the wp_footer action. Exploitation ...

4.4CVSS5.8AI score0.00199EPSS

Exploits0References4

RedhatCVE•added 2026/01/24 3:17 a.m.•7 views

CVE-2025-69908

An unauthenticated information disclosure vulnerability in Newgen OmniApp allows attackers to enumerate valid privileged usernames via a publicly accessible client-side JavaScript resource...

7.5CVSS5.5AI score0.00381EPSS

Exploits1References1

EUVD•added 2026/01/24 12:5 a.m.•6 views

EUVD-2026-4613

ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an payload containing a javascript: URI can be processed and executed in the browser context. This allow...

9.3CVSS5.4AI score0.00302EPSS

Exploits1References3

Vulnrichment•added 2026/01/24 12:5 a.m.•4 views

CVE-2026-24399 ChatterMate has Stored Cross-Site Scripting (XSS) via Chatbot Input Execution

9.3CVSS5.8AI score0.00302EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by