CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5780 matches found

Snyk•added 2026/02/05 5:41 p.m.•4 views

Cross-site Scripting (XSS)

Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ui.markdown function. An attacker can execute arbitrary JavaScript in the context of the user's browser by injecting malicious HTM...

6.1CVSS5.6AI score0.00021EPSS

Exploits1References2

Github Security Blog•added 2026/02/05 5:41 p.m.•5 views

NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content

Description The ui.markdown component uses the markdown2 library to convert markdown content to HTML, which is then rendered via innerHTML. By default, markdown2 allows raw HTML to pass through unchanged. This means that if an application renders user-controlled content through ui.markdown, an...

6.1CVSS5.4AI score0.00021EPSS

Exploits1References4Affected Software1

EUVD•added 2026/02/05 5:22 p.m.•4 views

EUVD-2025-206826

The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle MitM attack to execute JavaScript code o...

5.9CVSS5.8AI score0.00043EPSS

Exploits0References8

OSV•added 2026/02/05 5:16 p.m.•6 views

CVE-2025-70792

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was...

6.1CVSS6.1AI score

Exploits0References2

Vulnrichment•added 2026/02/05 6:33 a.m.•3 views

CVE-2026-1953 Stored Cross Site Scripting(XSS) in Nukegraphic CMS V3.1.2

Nukegraphic CMS v3.1.2 contains a stored cross-site scripting XSS vulnerability in the user profile edit functionality at /ngc-cms/user-edit-profile.php. The application fails to properly sanitize user input in the name field before storing it in the database and rendering it across multiple CMS...

8.2CVSS5.6AI score0.00023EPSS

Exploits0References1

Cvelist•added 2026/02/05 12:0 a.m.•20 views

CVE-2025-70792

0.0002EPSS

Exploits1References2

EUVD•added 2026/02/05 12:0 a.m.•3 views

EUVD-2025-206823

6.1CVSS6.1AI score0.0002EPSS

Exploits1References2

ATTACKERKB•added 2026/02/05 12:0 a.m.•5 views

CVE-2025-70792

6.1CVSS6.1AI score0.0002EPSS

Exploits1References3

ATTACKERKB•added 2026/02/05 12:0 a.m.•2 views

CVE-2025-70791

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...

6.1CVSS6.1AI score0.0002EPSS

Exploits1References3

CVE•added 2026/02/05 12:0 a.m.•6 views

CVE-2025-70792

A cross-site scripting vulnerability (CVE-2025-70792) affects Microweber up to version 2.0.19, exposed via the /admin/category/create endpoint. The root cause is unsanitized manipulation of the rel_id parameter in a crafted URL, which can lure an admin-privileged user to visit the page and trigge...

6.1CVSS6.1AI score0.0002EPSS

Exploits1References2Affected Software1

RedhatCVE•added 2026/02/04 7:27 p.m.•3 views

CVE-2019-25264

Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory is viewed by other users...

6.4CVSS5.4AI score0.00045EPSS

Exploits0References1

RedhatCVE•added 2026/02/04 1:20 p.m.•3 views

CVE-2026-1592

Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This issue affects pdfonline.foxit.com: before...

6.3CVSS5.4AI score0.00049EPSS

Exploits0References1

RedhatCVE•added 2026/02/04 1:20 p.m.•3 views

CVE-2026-1591

Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed. This issue affects...

6.3CVSS5.3AI score0.00049EPSS

Exploits0References1

NVD•added 2026/02/03 6:16 p.m.•4 views

CVE-2020-37103

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...

6.4CVSS0.00061EPSS

Exploits1References4

OSV•added 2026/02/03 6:16 p.m.•2 views

CVE-2019-25264

6.4CVSS5.5AI score

Exploits0References4

Vulnrichment•added 2026/02/03 4:52 p.m.•4 views

CVE-2020-37103 DotNetNuke 9.5 - Persistent Cross-Site Scripting

6.4CVSS5.4AI score0.00061EPSS

Exploits1References4

EUVD•added 2026/02/03 4:52 p.m.•6 views

EUVD-2020-30988