CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

58906 matches found

Positive Technologies•added 2026/03/24 12:0 a.m.•1 views

PT-2026-27421

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 149 Thunderbird versions prior to 149 Description A use-after-free issue exists in the JavaScript Engine component. This condition may allow for unexpected behavior. Recommendations Update Firefox to version 149 or...

10CVSS7.1AI score0.01238EPSS

Exploits1References54

FreeBSD•added 2026/03/24 12:0 a.m.•7 views

Mozilla -- Multiple vulnerabilities

CVE-2026-4688: Sandbox escape due to use-after-free in Disability Access APIs. CVE-2026-4695: Incorrect boundary conditions in the Audio/Video: Web Codecs component. CVE-2026-4697: Incorrect boundary conditions in the Audio/Video: Web Codecs component. CVE-2026-4700: Mitigation bypass in the...

10CVSS7.3AI score0.00505EPSS

Exploits0

Tenable Nessus•added 2026/03/24 12:0 a.m.•2 views

Fedora 43 : chromium (2026-ae897eb928)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ae897eb928 advisory. Update to 146.0.7680.153 CVE-2026-4439: Out of bounds memory access in WebGL CVE-2026-4440: Out of bounds read and write in WebGL CVE-2026-4441: Use...

8.8CVSS6.2AI score0.00415EPSS

Exploits1References27

NVD•added 2026/03/23 10:16 p.m.•2 views

CVE-2025-60948

Census CSWeb 8.0.1 allows stored cross-site scripting in user supplied fields. A remote, authenticated attacker could store malicious javascript that executes in a victim's browser. Fixed in 8.1.0 alpha...

5.4CVSS0.00206EPSS

Exploits0References4

EUVD•added 2026/03/23 9:30 p.m.•3 views

EUVD-2024-55496

A Reflected Cross-Site Scripting XSS vulnerability exists in the POST request data zipPath of tiki-adminsystem.php in Tiki version 21.2. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or...

6.2AI score0.00195EPSS

Exploits1References4

CVE•added 2026/03/23 9:0 p.m.•8 views

CVE-2025-60948

CVE-2025-60948 affects Census CSWeb 8.0.1, which allows stored cross-site scripting in user-supplied fields. A remote, authenticated attacker could store malicious JavaScript that executes in a victim’s browser. The issue is fixed in version 8.1.0 alpha. If you use CSWeb, upgrade to 8.1.0 alpha o...

5.4CVSS5.6AI score0.00206EPSS

Exploits0References4Affected Software1

NVD•added 2026/03/23 8:16 p.m.•3 views

CVE-2026-33517

Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, when deleting a Tag tagdelete.php, improper escaping of its name when displaying the confirmation message allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript. Versi...

8.6CVSS0.00243EPSS

Exploits0References3

NVD•added 2026/03/23 8:16 p.m.•4 views

CVE-2026-32851

MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the StartDate parameter in...

6.1CVSS0.00307EPSS

Exploits1References5

NVD•added 2026/03/23 8:16 p.m.•2 views

CVE-2026-32852

6.1CVSS0.00296EPSS

Exploits1References5

NVD•added 2026/03/23 8:16 p.m.•2 views

CVE-2026-33548

Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, improper escaping of tag names retrieved from History in Timeline myviewpage.php allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when displaying a tag that has...

8.6CVSS0.00196EPSS

Exploits0References2

NVD•added 2026/03/23 7:16 p.m.•2 views

CVE-2026-33683

WWBN AVideo is an open source video platform. In versions up to and including 26.0, a sanitization order-of-operations flaw in the user profile "about" field allows any registered user to inject arbitrary JavaScript that executes when other users visit their channel page. The xssesc function...

5.4CVSS0.00176EPSS

Exploits1References2

ATTACKERKB•added 2026/03/23 7:15 p.m.•3 views

CVE-2026-33548

8.6CVSS6AI score0.00196EPSS

Exploits0References3

ATTACKERKB•added 2026/03/23 7:13 p.m.•3 views

CVE-2026-33517

8.6CVSS6AI score0.00243EPSS

Exploits0References4

Vulnrichment•added 2026/03/23 7:13 p.m.•1 views

CVE-2026-33517 MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation

8.6CVSS6AI score0.00243EPSS

Exploits0References3

Vulnrichment•added 2026/03/23 7:6 p.m.•2 views

CVE-2026-32852 MailEnable < 10.55 Reflected XSS via FreeBusy.aspx StartDate Parameter

5.1CVSS6AI score0.00296EPSS

Exploits1References5

ATTACKERKB•added 2026/03/23 6:41 p.m.•2 views

CVE-2026-33683

5.4CVSS5.9AI score0.00176EPSS

Exploits1References3Affected Software1

Snyk•added 2026/03/23 6:14 p.m.•2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized processing of Bazaar package metadata. An attacker can execute arbitrary JavaScript code in the context of the application, potentially leading to remote code execution by submitting crafted...

9CVSS6.5AI score0.00549EPSS

Exploits2References3

Vulnrichment•added 2026/03/23 4:24 p.m.•4 views

CVE-2026-33500 AVideo Vulnerable to Stored XSS via Markdown `javascript:` URI Bypasses ParsedownSafeWithLinks Sanitization

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fix for CVE-2026-27568 GHSA-rcqw-6466-3mv7 introduced a custom ParsedownSafeWithLinks class that sanitizes raw HTML and tags in comments, but explicitly disables Parsedown's safeMode. This creates a bypass:...

5.4CVSS5.8AI score0.00218EPSS

Exploits1References2