CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25 matches found

EUVD•added 2026/05/22 12:31 a.m.•6 views

EUVD-2026-31380

Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName because updateCollectionAliasExternal bypasses being sanitized. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with...

2CVSS5.8AI score0.00022EPSS

Exploits0References2

Vulnrichment•added 2026/05/21 9:45 p.m.•5 views

CVE-2026-8139 Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName

2CVSS5.8AI score0.00022EPSS

Exploits0References1

Cvelist•added 2026/05/21 9:45 p.m.•23 views

CVE-2026-8139 Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName

2CVSS0.00022EPSS

Exploits0References1

CVE•added 2026/05/21 9:45 p.m.•14 views

CVE-2026-8139

Concrete CMS versions 9.5.0 and earlier are vulnerable to stored XSS on the external-link page cvName due to updateCollectionAliasExternal bypassing sanitization. The issue is triggered by the sanitize bypass in updateCollectionAliasExternal, enabling stored scripts delivered to users. Affected p...

5.4CVSS5.8AI score0.00022EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/21 9:45 p.m.•2 views

CVE-2026-8139

2CVSS5.8AI score0.00022EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/05/21 12:0 a.m.•5 views

PT-2026-42581

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description Stored Cross-Site Scripting XSS occurs via the 'external-link' page cvName because the updateCollectionAliasExternal function bypasses sanitization. Stored XSS is a flaw where malicious scripts...

5.4CVSS5.8AI score0.00022EPSS

Exploits0References4

OSV•added 2026/03/27 9:23 p.m.•0 views

CVE-2026-33954 LinkAce discloses private notesto unauthorized authenticated users via the web link detail page

LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...

6.5CVSS5.9AI score0.00044EPSS

Exploits1References3

CNVD•added 2026/01/19 12:0 a.m.•1 views

WordPress Short Link plugin cross-site scripting vulnerability

WordPress Short Link plugin is a class of tools for generating and managing short links Shortlinks. A cross-site scripting vulnerability exists in the WordPress Short Link plugin, which stems from insufficient input cleanup and output escaping of the shortlinkposttitle and shortlinkpagetitle...

4.4CVSS6AI score0.00048EPSS

Exploits0References1

Circl•added 2025/12/12 8:55 p.m.•1 views

CVE-2024-58299

creationtimestamp| type| source ---|---|--- 2025-12-12 20:55:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m7sxxqvu6g2m...

9.8CVSS5.8AI score0.00291EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2010-2050

Malware in sbrugna...

4.3CVSS6.4AI score0.0024EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-34475

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00656EPSS

Exploits0References1

CVE•added 2022/07/19 2:7 p.m.•51 views

CVE-2022-2192

CVE-2022-2192 describes a forced browsing vulnerability in HYPR Server spanning versions 6.10 to 6.15.1. An attacker with a valid one-time recovery token can perform path tampering on the Magic Link page to elevate privileges, yielding a remote, network-attack surface with high impact to confiden...

8.8CVSS8.5AI score0.00656EPSS

Exploits0References1Affected Software1

OSV•added 2022/04/24 9:54 p.m.•10 views

GSD-2022-1001912 mm,hwpoison: unmap poisoned page before invalidation

mm,hwpoison: unmap poisoned page before invalidation This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.33 by commit...

7.2AI score

Exploits0

OSV•added 2018/10/29 12:29 p.m.•0 views

CVE-2018-18740

An XSS issue was discovered in SEMCMS 3.4 via the first input field to the admin/SEMCMSLink.php?lgid=1 URI...

4.8CVSS5.8AI score0.00235EPSS

Exploits1References1

OSV•added 2018/10/29 12:29 p.m.•1 views

CVE-2018-18721

An XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1.5...

4.8CVSS5.8AI score

Exploits0References1

CNVD•added 2017/10/30 12:0 a.m.•1 views

SQL Injection Vulnerability in MIPCMS ApiAdminLink.php Page

MIPCMS is a free and open source based on Baidu Mobile Accelerator MIP engine based on the development of articles, information, content management system, but also the system for the Internet webmasters, entrepreneurs and other groups to create SEO-optimized after the station-building system. A...

7.6AI score

Exploits0

OSV•added 2017/04/10 3:59 a.m.•1 views

CVE-2016-4334

Jive before 2016.3.1 has an open redirect from the external-link.jspa page...

6.1CVSS5.8AI score

Exploits0References1

NVD•added 2010/05/24 7:30 p.m.•7 views

CVE-2010-2030

Cross-site scripting XSS vulnerability in the External Link Page module 5.x before 5.x-1.0 and 6.x before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the administration and redirect pages...

4.3CVSS5.7AI score0.0024EPSS

Exploits0References4

ATTACKERKB•added 2010/05/24 7:30 p.m.•0 views

CVE-2010-2030

4.3CVSS5.7AI score0.0024EPSS

Exploits0References5

CVE•added 2010/05/24 7:0 p.m.•42 views

CVE-2010-2030

CVE-2010-2030 describes a Cross-Site Scripting (XSS) flaw in Drupal’s External Link Page module for versions 5.x < 5.x-1.0 and 6.x

4.3CVSS5.8AI score0.0024EPSS

Exploits0References4Affected Software1

Rows per page