CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1654 matches found

Wordpress Multiple Themes - Reflected Cross-Site Scripting

All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...

6.1CVSS6.8AI score0.02549EPSS

Exploits2References3

Nuclei•added yesterday•10 views

Guten Free Options - Cross Site Scripting

Guten Free Options WordPress plugin = 0.9.5 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to click malicious link. id: CVE-2024-13492 info: name: Guten Free...

6.1CVSS7.6AI score0.02463EPSS

Exploits1References1

Nuclei•added yesterday•8 views

Giga Messenger WordPress - Cross-Site Scripting

Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

6.1CVSS7.6AI score0.02302EPSS

Exploits1References2

RedhatCVE•added yesterday•5 views

CVE-2026-46546

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to version 2.53.0, an authenticated user could supply specially crafted content in certain user-editable fields that, when surfaced in page metadata, caused visitors' browsers to navigate to...

2.1CVSS5.3AI score0.00047EPSS

Exploits0References1

NVD•added 2 days ago•5 views

CVE-2026-46546

2.1CVSS0.00047EPSS

Exploits0References1

EUVD•added 3 days ago•4 views

EUVD-2026-35624

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Redirect Open Redirect vulnerability that could lead to account takeover. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site. Exploitation of this iss...

4.3CVSS5.5AI score0.00041EPSS

Exploits0References2

NVD•added 3 days ago•3 views

CVE-2026-47991

6.1CVSS0.00041EPSS

Exploits0References1

CVE•added 3 days ago•5 views

CVE-2026-47991

Adobe Experience Manager (AEM) 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Open Redirect vulnerability (CWE-601). An attacker can induce a user to click a malicious URL that redirects to a site under the attacker’s control, potentially enabling account takeover. Exploitation requires ...

6.1CVSS5.5AI score0.00041EPSS

Exploits0References1Affected Software1

Vulnrichment•added 3 days ago•5 views

CVE-2026-47991 Adobe Experience Manager | URL Redirection to Untrusted Site ('Open Redirect') (CWE-601)

4.3CVSS5.5AI score0.00041EPSS

Exploits0References1

Positive Technologies•added 3 days ago•6 views

PT-2026-47528

SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credentials. Successful exploitation requires adversaries to possess advanced knowledge of the system...

4.2CVSS5.6AI score0.0003EPSS

Exploits0References3

Positive Technologies•added 3 days ago•5 views

PT-2026-48081

4.3CVSS5.5AI score0.00041EPSS

Exploits0References2

RedhatCVE•added last week•3 views

CVE-2026-44925

Cross-Site Request Forgery CSRF vulnerability in InfoScale v.9.1.3 Operations Manager VIOM allows an attacker to force the user with an active session into clicking a malicious HTML link, which triggers unintended modifications on VIOM web application without the user's knowledge...

8.8CVSS5.5AI score0.00004EPSS

Exploits0References1

RedhatCVE•added last week•6 views

CVE-2026-20233

A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. Cisco has addressed this vulnerability in the Webex Meetings service, and no customer action is needed. This vulnerability...

6.1CVSS5.8AI score0.00022EPSS

Exploits0References1

RedhatCVE•added last week•6 views

CVE-2026-20170

A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed this vulnerability in the Cisco Webex Contact Center service, and no customer action is needed. This...

6.1CVSS5.3AI score0.00054EPSS

Exploits0References1

RedhatCVE•added last week•7 views

CVE-2026-34660

Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially...

9.3CVSS6.1AI score0.00313EPSS

Exploits0References1

NVD•added 2026/06/03 6:16 p.m.•7 views

CVE-2026-20233

6.1CVSS0.00022EPSS

Exploits0References1

Vulnrichment•added 2026/06/03 4:6 p.m.•7 views

CVE-2026-20233 Cisco Webex Meetings Cross-Site Scripting Vulnerability

6.1CVSS6AI score0.00022EPSS

Exploits0References1

Cvelist•added 2026/06/03 4:6 p.m.•37 views

CVE-2026-20233 Cisco Webex Meetings Cross-Site Scripting Vulnerability

6.1CVSS0.00022EPSS

Exploits0References1

CVE•added 2026/06/03 4:6 p.m.•22 views

CVE-2026-20233

Cisco Webex Meetings web UI vulnerable to cross-site scripting (XSS) due to insufficient input validation. Exploitation requires a user to follow a malicious link, enabling arbitrary script execution in the target’s browser and potential access to browser-based information. Affected: web-based us...

6.1CVSS6AI score0.00022EPSS

Exploits0References1Affected Software1