CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

58930 matches found

Cvelist•added 2026/04/14 5:33 p.m.•31 views

CVE-2026-27245 Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79)

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session...

9.3CVSS0.00304EPSS

Exploits0References1

ATTACKERKB•added 2026/04/14 5:33 p.m.•2 views

CVE-2026-34614

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser...

6.1CVSS5.7AI score0.00187EPSS

Exploits0References2

Vulnrichment•added 2026/04/14 5:33 p.m.•6 views

CVE-2026-27245 Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79)

9.3CVSS5.2AI score0.00304EPSS

Exploits0References1

ATTACKERKB•added 2026/04/14 5:33 p.m.•2 views

CVE-2026-27243

9.3CVSS5.2AI score0.00304EPSS

Exploits0References2

Snyk•added 2026/04/14 4:15 p.m.•7 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:leaflet is a JavaScript library for mobile-friendly interactive maps Affected versions of this package are vulnerable to Cross-site Scripting XSS via the bindPopup method. An attacker can execute arbitrary JavaScript code in the context of a user's browser session by...

6.1CVSS5.9AI score0.00191EPSS

Exploits2References2

OSV•added 2026/04/14 3:30 p.m.•4 views

GHSA-M32F-8VH9-2HH3 Keycloak: Arbitrary code execution via Stored Cross-Site Scripting (XSS) in organization selection login page

A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with manage-realm or manage-organizations administrative privileges can exploit a Stored Cross-Site Scripting XSS vulnerability. This flaw occurs because the organization.alias is placed into an...

6.9CVSS6AI score0.00226EPSS

Exploits0References5

Github Security Blog•added 2026/04/14 3:30 p.m.•5 views

Keycloak: Arbitrary code execution via Stored Cross-Site Scripting (XSS) in organization selection login page

6.9CVSS6AI score0.00226EPSS

Exploits0References5Affected Software1

EUVD•added 2026/04/14 3:30 p.m.•3 views

EUVD-2025-209449

Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting XSS via the bindPopup method. This method renders user-supplied input as raw HTML without sanitization, allowing attackers to inject arbitrary JavaScript code through event handler attributes e.g., . When a victim...

6.1CVSS5.9AI score0.00191EPSS

Exploits2References3

NVD•added 2026/04/14 3:16 p.m.•4 views

CVE-2026-37980

6.9CVSS0.00226EPSS

Exploits0References2

OSV•added 2026/04/14 3:16 p.m.•4 views

DEBIAN-CVE-2025-69993

6.1CVSS5.5AI score0.00191EPSS

Exploits2References1

UbuntuCve•added 2026/04/14 3:16 p.m.•3 views

CVE-2025-69993

6.1CVSS5.9AI score0.00191EPSS

Exploits2References3

CVE•added 2026/04/14 2:54 p.m.•17 views

CVE-2026-37980

CVE-2026-37980 affects Keycloak, specifically the organization selection login page. The vulnerability arises because the organization.alias is inserted into an inline JavaScript onclick handler, enabling a remote attacker with manage-realm or manage-organizations privileges to trigger a Stored X...

6.9CVSS6AI score0.00226EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2026/04/14 2:54 p.m.•5 views

CVE-2026-37980

6.9CVSS6AI score0.00226EPSS

Exploits0References3

Cvelist•added 2026/04/14 2:54 p.m.•28 views

CVE-2026-37980 Org.keycloak.forms.login: keycloak: keycloak: arbitrary code execution via stored cross-site scripting (xss) in organization selection login page

6.9CVSS0.00226EPSS

Exploits0References2

Tenable Product Security Advisories•added 2026/04/14 2:54 p.m.•4 views

[R3] Tenable Identity Exposure Version 3.77.17 Fixes Multiple Vulnerabilities

R3 Tenable Identity Exposure Version 3.77.17 Fixes Multiple Vulnerabilities Aaron Roy Tue, 04/14/2026 - 10:54 Tenable Identity Exposure leverages third-party software to help provide underlying functionality. Several of the third-party components .NET Windows Server Hosting, NodeJS, Erlang OTP, S...

5.9AI score

Exploits0

RedhatCVE•added 2026/04/14 2:47 p.m.•2 views

CVE-2026-37980

6.9CVSS6AI score0.00226EPSS

Exploits0References3

GithubExploit•added 2026/04/14 10:57 a.m.•394 views

darksword-Exploit

🗡️ DarkSword — iOS Full-Chain Exploit Analysis Reference:...

8.8CVSS6.1AI score0.22216EPSS

Exploits16

SUSE CVE•added 2026/04/14 8:52 a.m.•4 views

SUSE CVE-2025-1015

The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book,...

7.8CVSS6.9AI score0.01276EPSS

Exploits0References7

NVD•added 2026/04/14 3:16 a.m.•3 views

CVE-2026-4388

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field Text Box input type in form submissions in all versions up to, and including, 1.15.40. This is due to insufficient input sanitization sanitizetextfield strips tags but not quotes and...

7.2CVSS0.00241EPSS

Exploits0References5

GithubExploit•added 2026/04/14 1:25 a.m.•108 views

coruna-exploit-kit-analysis

Coruna iOS Exploit Kit — Reverse Engineering Analysis Def...

5.8AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by