CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

243 matches found

Japan Vulnerability Notes•added 2026/05/21 8:22 a.m.•6 views

Android App "RoboForm Password Manager" insufficient validation of Android intents

Overview Android App "RoboForm Password Manager" provided by Siber Systems, Inc. accepts intents from other applications to open relevant web pages e.g., login pages, but without sufficient URL validation, user confirmation nor notification. Insufficient UI Warning of Dangerous Operations CWE-357...

4.6CVSS5.8AI score0.00023EPSS

Exploits0References5

Positive Technologies•added 2026/04/22 12:0 a.m.•6 views

PT-2026-37152

Name of the Vulnerable Software and Affected Versions i18nextify versions prior to 4.0.8 Description The software substitutes key interpolation tokens within src and href attribute values using the raw string from i18next.t. The substitution logic in the replaceInside handler within src/localize....

4.7CVSS6AI score0.00035EPSS

Exploits0References6

Positive Technologies•added 2026/04/09 12:0 a.m.•4 views

PT-2026-31730

Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show, reviews, type id, distance, facilities, categories, prices, location, and Itemid. Attackers can...

6.1CVSS5.8AI score0.00095EPSS

Exploits0References5

GithubExploit•added 2026/03/30 3:43 p.m.•533 views

Exploit for Embedded Malicious Code in Aquasec Setup-Trivy

CVE-2026-33634-Scanner !License: MIThttps://img.shields.i...

9.4CVSS6AI score0.26577EPSS

Exploits2

CNNVD•added 2026/03/26 12:0 a.m.•4 views

GDTaller 跨站脚本漏洞

GDTaller is a digital certificate and electronic seal management system developed by the Spanish company GDTaller. GDTaller has a cross-site scripting vulnerability, which originates from the site parameter in the apprecuperarclave.php file. This vulnerability could allow attackers to execute...

6.1CVSS5.7AI score0.00013EPSS

Exploits0References1

OSV•added 2026/02/27 7:16 p.m.•4 views

CVE-2026-27756

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a reflected cross-site scripting vulnerability in the management interface where user input is not properly encoded before output. Attackers can craft malicious URLs that execute arbitrary JavaScript in the web interface when...

6.1CVSS5.8AI score0.00039EPSS

Exploits0References2

NVD•added 2026/01/28 1:15 p.m.•4 views

CVE-2020-36988

PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary...

5.4CVSS0.00016EPSS

Exploits0References3

OSV•added 2026/01/20 3:17 p.m.•3 views

CVE-2025-58092

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS5.9AI score

Exploits0References1