CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

58790 matches found

Cvelist•added 2026/03/31 8:17 p.m.•19 views

CVE-2026-3468

A stored Cross-Site Scripting XSS vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker as admin user to potentially execute arbitrary JavaScript code...

0.00018EPSS

Exploits0References1

CVE•added 2026/03/31 8:17 p.m.•6 views

CVE-2026-3468

SonicWall Email Security appliance is affected by CVE-2026-3468—a stored XSS flaw caused by improper neutralization of user-supplied input during web page generation. The vulnerability requires a remote authenticated attacker with admin privileges and could allow arbitrary JavaScript execution in...

4.8CVSS6AI score0.00018EPSS

Exploits0References1Affected Software1

NVD•added 2026/03/31 6:16 p.m.•1 views

CVE-2026-32243

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an attacker with the ability to create shared AI conversations could inject arbitrary HTML and JavaScript via crafted...

6.1CVSS0.00052EPSS

Exploits0References2

RedhatCVE•added 2026/03/31 5:0 p.m.•1 views

CVE-2026-27508

Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript in victims' browse...

5.4CVSS6AI score0.00039EPSS

Exploits0References1

NVD•added 2026/03/31 4:16 p.m.•1 views

CVE-2026-34240

JOSE is a Javascript Object Signing and Encryption JOSE library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could tre...

7.5CVSS0.00013EPSS

Exploits0References2

NVD•added 2026/03/31 4:16 p.m.•0 views

CVE-2026-34221

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, a prototype pollution vulnerability exists in the Utils.merge helper used internally by MikroORM when merging object structures. The function did not prevent...

9.1CVSS0.00048EPSS

Exploits0References1

NVD•added 2026/03/31 4:16 p.m.•2 views

CVE-2026-34231

Slippers is a UI component framework for Django. Prior to version 0.6.3, a Cross-Site Scripting XSS vulnerability exists in the % attrs % template tag of the slippers Django package. When a context variable containing untrusted data is passed to % attrs %, the value is interpolated into an HTML...

6.1CVSS0.00052EPSS

Exploits1References3

RedHat Linux•added 2026/03/31 4:12 p.m.•2 views

axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig

A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious configuration object created via...

7.5CVSS6.7AI score0.00129EPSS

Exploits1References7

EUVD•added 2026/03/31 3:44 p.m.•3 views

EUVD-2026-17498

7.5CVSS5.8AI score0.00013EPSS

Exploits0References2

EUVD•added 2026/03/31 3:31 p.m.•0 views

EUVD-2026-17429

Stored cross-site scripting XSS in Checkmk 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create hosts or services to execute arbitrary JavaScript in the browsers of other users performing searches in the Unified Search feature...

8.6CVSS6AI score0.00041EPSS

Exploits0References2

NVD•added 2026/03/31 3:16 p.m.•1 views

CVE-2026-20915

Stored cross-site scripting XSS in Checkmk version 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create pending changes to inject malicious JavaScript into the Pending Changes sidebar, which will execute in the browsers of other users viewing the sidebar...

8.5CVSS0.00037EPSS

Exploits0References1

OSV•added 2026/03/31 3:16 p.m.•3 views

UBUNTU-CVE-2026-20915

8.5CVSS5.7AI score0.00037EPSS

Exploits0References3

ATTACKERKB•added 2026/03/31 1:51 p.m.•4 views

CVE-2026-20915

8.5CVSS5.9AI score0.00037EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/03/31 1:51 p.m.•1 views

CVE-2026-20915 Stored cross-site scripting in Pending Changes sidebar

8.5CVSS5.9AI score0.00037EPSS

Exploits0References1

NVD•added 2026/03/31 9:16 a.m.•2 views

CVE-2025-41357

Reflected Cross-Site Scripting XSS vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or ...

6.1CVSS0.00013EPSS

Exploits0References1

Vulnrichment•added 2026/03/31 8:58 a.m.•1 views

CVE-2025-41357 Reflected Cross-Site Scripting on Anon Proxy Server

5.1CVSS6AI score0.00013EPSS

Exploits0References1

Veracode•added 2026/03/31 8:45 a.m.•6 views

Prototype Pollution

Axios is vulnerable to Prototype Pollution. The vulnerability is due to the mergeConfig function crashing with a TypeError when processing configuration objects containing proto as an own property, where an attacker can trigger this by providing a malicious configuration object created via...

7.5CVSS7AI score0.00129EPSS

Exploits1References7Affected Software2

NVD•added 2026/03/31 3:15 a.m.•1 views

CVE-2026-34043

Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service DoS vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object an object that inherits from Array.prototype but ha...

7.5CVSS0.00019EPSS

Exploits0References3