CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

58709 matches found

CVE-2026-41031

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 Build 63255 allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and sessio...

9.3CVSS5.6AI score0.00044EPSS

Exploits0References1

CVE•added 1 hour ago•3 views

CVE-2026-53693

A stored cross-site scripting vulnerability existed in MISP BSimVis tag rendering code. Several client-side rendering paths interpolated tag names, collection names, entity identifiers, cluster names, and tag metadata directly into HTML, HTML attributes, inline JavaScript event handlers, and CSS...

6.9CVSS5.5AI score

Exploits0References1

RedhatCVE•added 2 hours ago•1 views

CVE-2026-53472

A flaw was found in migration-planner. Insufficient validation of the AgentStatusUpdate.CredentialUrl field allows an authenticated attacker to store a malicious javascript: URL. When a victim views this URL in the Hybrid Cloud Console, it can lead to Cross-Site Scripting XSS, enabling script...

5.6AI score

Exploits0References3

Cvelist•added 2 hours ago•2 views

CVE-2026-53473 Migration-planner-ui-app: stored xss via javascript: url in agent credential link

A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser...

7.3CVSS

Exploits0References3

Vulnrichment•added 2 hours ago•2 views

CVE-2026-53473 Migration-planner-ui-app: stored xss via javascript: url in agent credential link

7.3CVSS5.3AI score

Exploits0References3

EUVD•added 2 hours ago•2 views

EUVD-2026-36029

7.3CVSS5.3AI score

Exploits0References3

RedhatCVE•added 7 hours ago•4 views

CVE-2026-8981

The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfilteredhtml capability across all paths that write to its block template code fields, allowing administrators on multisite installations or single-site installs with DISALLOWUNFILTEREDHTML defined to inject...

3.5CVSS5.7AI score0.00027EPSS

Exploits0References1

RedhatCVE•added 7 hours ago•3 views

CVE-2026-8907

The WP-Ultimate-Map plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing nonce validation on the processinit function hooked to admininit, which saves plugin settings zoom-level, focus-lat, focus-lng, selplaces, selroutes v...

6.1CVSS5.5AI score0.00012EPSS

Exploits0References1

RedhatCVE•added 7 hours ago•4 views

CVE-2026-7662

The ePaperFlip Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'publicationid' attribute of the epaperflipembed shortcode in all versions up to, and including, 1. This is due to insufficient input sanitization and output escaping on the shortcode attribute whic...

6.4CVSS5.7AI score0.00029EPSS

Exploits0References1

Nuclei•added 11 hours ago•16 views

WordPress Loco Translate < 2.6.1 - Cross-Site Scripting

Loco Translate WordPress plugin before 2.6.1 contains a stored cross-site scripting vulnerability caused by improper removal of inline events from source translation strings, allowing authenticated users to inject arbitrary JavaScript payloads. id: CVE-2022-0765 info: name: WordPress Loco Transla...

5.4CVSS5.8AI score0.02742EPSS

Exploits4References3

Nuclei•added 11 hours ago•13 views

123Solar 1.8.4.5 - Cross-Site Scripting

123Solar 1.8.4.5 is vulnerable to reflected cross-site scripting XSS via the date1 parameter in detailed.php. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2024-9007 info: name: 123Solar 1.8.4.5 - Cross-Site Scripting author: ritikchaddha...

5.4CVSS5.3AI score0.03711EPSS

Exploits1References2

Nuclei•added 11 hours ago•39 views

NeDi 1.9C - Cross-Site Scripting

NeDi 1.9C is vulnerable to cross-site scripting because of an incorrect implementation of sanitize in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a...

6.1CVSS6AI score0.15743EPSS

Exploits0References4

Nuclei•added 11 hours ago•23 views

rConfig 3.9.4 - Cross-Site Scripting

rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php id: CVE-2020-12259 info: name: rConfig 3.9.4 - Cross-Site Scripting...

5.4CVSS6.6AI score0.68306EPSS

Exploits0References5

Nuclei•added 11 hours ago•26 views

ZZcms - Cross-Site Scripting

ZZcms 2019 contains a cross-site scripting vulnerability in the user login page. An attacker can inject arbitrary JavaScript code in the referer header via user/login.php, which can allow theft of cookie-based credentials and launch of subsequent attacks. id: CVE-2020-20285 info: name: ZZcms -...

5.4CVSS5.9AI score0.06066EPSS

Exploits1References3

Nuclei•added 11 hours ago•30 views

ClinicCases 7.3.3 Cross-Site Scripting

ClinicCases 7.3.3 is susceptible to multiple reflected cross-site scripting vulnerabilities that could allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft. id: CVE-2021-38704 info: name:...

6.1CVSS6.2AI score0.04987EPSS

Exploits1References5

Nuclei•added 11 hours ago•58 views

Frigate < 0.13.0 Beta 3 - Cross-Site Scripting

Frigate is an open source network video recorder. Before version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the / base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both kn...

4.7CVSS5.6AI score0.32137EPSS

Exploits1References3

Nuclei•added 11 hours ago•23 views

MeterSphere < 2.5.0 SSRF

MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in...

7.2CVSS6.2AI score0.23569EPSS

Exploits1References4

Nuclei•added 11 hours ago•62 views

Atlassian Jira WallboardServlet <7.13.1 - Cross-Site Scripting

The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the cyclePeriod parameter. id: CVE-2018-20824 info: name: Atlassian Jira WallboardServlet 7.13.1 - Cross-Site Scripting author:...

6.1CVSS6.2AI score0.17834EPSS

Exploits0References5

Nuclei•added 11 hours ago•40 views

WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting

WordPress amty-thumb-recent-post plugin 8.1.3 contains a cross-site scripting vulnerability via the query string to amtyThumbPostsAdminPg.php. id: CVE-2017-17059 info: name: WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress...

6.1CVSS6.1AI score0.0068EPSS

Exploits1References4

Nuclei•added 11 hours ago•32 views

AvantFAX 3.3.3 - Cross-Site Scripting

AvantFAX 3.3.3 contains a cross-site scripting vulnerability via an arbitrary parameter name submitted to the default URL, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1. id: CVE-2017-18024 info: name: AvantFAX 3.3.3 - Cross-Site Scripting author: pikpikc...

6.1CVSS6.2AI score0.08402EPSS

Exploits2References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by