CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3249 matches found

Positive Technologies•added 2026/03/18 12:0 a.m.•4 views

PT-2026-26073

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.554 and earlier Jenkins LTS versions 2.541.2 and earlier Description The software does not safely handle symbolic links when extracting .tar and .tar.gz archives. This allows crafted archives to write files to arbitrary...

9CVSS6.1AI score0.0075EPSS

Exploits0References17

EUVD•added 2026/03/16 3:30 p.m.•2 views

EUVD-2016-10809

ZKTeco ZKBioSecurity 3.0 contains multiple reflected cross-site scripting vulnerabilities that allow attackers to execute arbitrary HTML and script code by injecting malicious payloads through unsanitized parameters in multiple scripts. Attackers can craft malicious URLs with XSS payloads in...

6.1CVSS5.9AI score0.00248EPSS

Exploits1References6

EUVD•added 2026/03/16 3:30 p.m.•1 views

EUVD-2015-9411

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in admin/tools.php. Attackers can upload files containing JavaScript code that executes in the context of admin/tools.php when accessed by...

7.2CVSS5.9AI score0.00267EPSS

Exploits1References4

NVD•added 2026/03/16 2:17 p.m.•5 views

CVE-2015-20115

7.2CVSS0.00267EPSS

Exploits1References3

Vulnrichment•added 2026/03/15 6:34 p.m.•2 views

CVE-2015-20115 RealtyScript 4.0.2 Stored Cross-Site Scripting via File Upload Parameter

7.2CVSS5.9AI score0.00267EPSS

Exploits1References3

CVE•added 2026/03/11 6:23 p.m.•7 views

CVE-2019-25471

CVE-2019-25471 affects FileThingie 2.5.7. An arbitrary file upload vulnerability exists where ZIP archives sent to ft2.php can be unpacked to accessible directories, enabling upload and deployment of PHP shells and execution of arbitrary commands via extracted files. The underlying issue is an in...

9.8CVSS6AI score0.00903EPSS

Exploits1References3Affected Software1

Snyk•added 2026/03/11 4:39 a.m.•2 views

Cross-site Scripting (XSS)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS. Adobe Vulnerability Report:This vulnerability could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields...

8.7CVSS5.5AI score0.00452EPSS

Exploits0References2

NVD•added 2026/03/11 3:15 a.m.•4 views

CVE-2026-21361

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting XSS vvulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript m...

8.1CVSS0.00445EPSS

Exploits0References1

OSV•added 2026/03/11 3:15 a.m.•2 views

CVE-2026-21284

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript ma...

8.1CVSS5.7AI score

Exploits0References1

ATTACKERKB•added 2026/03/11 1:22 a.m.•3 views

CVE-2026-2324

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.7. This is due to missing or incorrect nonce validation on the reloadpreview function. This makes it possible for...

6.1CVSS5.6AI score0.00095EPSS

Exploits0References3

NVD•added 2026/03/11 1:16 a.m.•2 views

CVE-2026-27263

Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority...

0.0003EPSS

Exploits0

NVD•added 2026/03/11 1:16 a.m.•4 views

CVE-2026-27248

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS0.00167EPSS

Exploits0References1

OSV•added 2026/03/11 1:16 a.m.•0 views

CVE-2026-27235

5.4CVSS5.7AI score0.00167EPSS

Exploits0References1

OSV•added 2026/03/11 1:16 a.m.•2 views

CVE-2026-27239

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

5.4CVSS5.7AI score0.00167EPSS

Exploits0References1

NVD•added 2026/03/11 1:16 a.m.•5 views

CVE-2026-27231

5.4CVSS0.00205EPSS

Exploits0References1

OSV•added 2026/03/11 1:16 a.m.•2 views

CVE-2026-27224

5.4CVSS5.7AI score0.00205EPSS

Exploits0References1

NVD•added 2026/03/11 1:16 a.m.•2 views

CVE-2026-27224