CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2 days ago•5 views

CVE-2026-10058

ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...

4.8CVSS5.5AI score0.00036EPSS

RedhatCVE•added 2 days ago•5 views

CVE-2026-4635

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to archive the channel before removing persistent notifications which allows authenticated user to crash the server via timing the creation of persistent notification message between the server deleting...

6.5CVSS5.4AI score0.00042EPSS

RedhatCVE•added 2 days ago•5 views

CVE-2026-6824

A stored cross-site scripting XSS vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject malicious scripts, which are then persistently stored on the device backend. When administrators o...

8.4CVSS5.2AI score0.00039EPSS

RedhatCVE•added 2 days ago•4 views

CVE-2026-33232

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of Service DoS through the server due to uncontrolled disk space consumption. The downloadagentfile...

7.5CVSS5.4AI score0.00071EPSS

NVD•added 3 days ago•4 views

CVE-2019-25744

WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the posttitle parameter. Attackers can submit crafted POST requests to the post.php endpoint with script payloads...

6.4CVSS0.0003EPSS

Vulnrichment•added 3 days ago•5 views

CVE-2019-25744 WordPress Popup Builder 3.49 Persistent Cross-Site Scripting

Cvelist•added 3 days ago•25 views

CVE-2019-25744 WordPress Popup Builder 3.49 Persistent Cross-Site Scripting

6.4CVSS0.0003EPSS

ATTACKERKB•added 3 days ago•5 views

CVE-2019-25744

Exploits0References4Affected Software1

Cvelist•added 3 days ago•31 views

CVE-2019-25742 WordPress Theme Zoner Real Estate 4.1.1 Persistent XSS

WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when creating properties. Attackers can inject JavaScript payloads in the property creation form that execu...

6.4CVSS0.0003EPSS

CVE•added 3 days ago•7 views

CVE-2019-25739

GigToDo 1.3 is affected by a persistent cross-site scripting vulnerability accessible through the create_proposal endpoint, enabling authenticated attackers to inject JavaScript/HTML in the proposal description. When stored proposals are viewed by admins or other users, the payload can execute, p...

Vulnrichment•added 3 days ago•6 views

CVE-2019-25739 GigToDo Freelance Marketplace Script 1.3 Persistent XSS

GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers can craft XSS payloads in the createproposal endpoint that execute when administrators or other...

EUVD•added 3 days ago•4 views

EUVD-2019-20167

Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Attackers can inject script code through the name, subject, and message parameters in POST requests to...

7.2CVSS5.7AI score0.00081EPSS

Positive Technologies•added 3 days ago•10 views

PT-2026-46213

WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title field. Attackers can submit POST requests to the post editing endpoint with script payloads in the pos...

6.4CVSS5.6AI score0.0003EPSS

Exploits0References5

RedhatCVE•added 4 days ago•5 views

CVE-2026-46253

A flaw was found in the Linux kernel's pstore/ram component. This vulnerability, a heap buffer overflow, occurs when the system attempts to save old persistent RAM logs and the buffer size changes, leading to an out-of-bounds write. While the conditions for exploitation are extremely difficult to...

7.8CVSS5.9AI score0.00012EPSS

NVD•added 4 days ago•6 views

CVE-2026-46253

In the Linux kernel, the following vulnerability has been resolved: pstore/ram: fix buffer overflow in persistentramsaveold persistentramsaveold can be called multiple times for the same persistentramzone e.g., via ramoopspstoreread - ramoopsgetnextprz for PSTORETYPEDMESG records. Currently, the...

7.8CVSS0.00012EPSS

Cvelist•added 4 days ago•31 views

CVE-2026-46253 pstore/ram: fix buffer overflow in persistent_ram_save_old()

7.8CVSS0.00012EPSS

ATTACKERKB•added 4 days ago•5 views

CVE-2026-46253

5.9AI score0.00012EPSS

Exploits0References9Affected Software1

CVE•added 4 days ago•7 views

CVE-2026-46253

In Linux kernel pstore/ram, CVE-2026-46253, the vulnerability is a heap buffer overflow during persistent_ram_save_old(). If the buffer size has grown since the first allocation, the code updates old_log_size to the new size and then copies with memcpy_fromio(), risking an out-of-bounds write (an...

7.8CVSS5.9AI score0.00012EPSS

EUVD•added 4 days ago•5 views

EUVD-2026-34115

5.9AI score0.00012EPSS