CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7578 matches found

ATTACKERKB•added 2026/02/03 6:0 p.m.•1 views

CVE-2025-52633

HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0...

3.1CVSS5.3AI score0.00058EPSS

Exploits0References2Affected Software1

EUVD•added 2026/02/03 6:0 p.m.•1 views

EUVD-2025-206685

3.1CVSS5.3AI score0.00058EPSS

Exploits0References1

Cvelist•added 2026/02/03 4:52 p.m.•28 views

CVE-2020-37103 DotNetNuke 9.5 - Persistent Cross-Site Scripting

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...

6.4CVSS0.00082EPSS

Exploits1References4

Cvelist•added 2026/02/03 4:52 p.m.•27 views

CVE-2019-25264 Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting

Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory is viewed by other users...

6.4CVSS0.00055EPSS

Exploits0References4

Vulnrichment•added 2026/02/03 4:52 p.m.•2 views

CVE-2019-25264 Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting

6.4CVSS5.4AI score0.00055EPSS

Exploits0References4

EUVD•added 2026/02/03 4:52 p.m.•4 views

EUVD-2019-19382

Zendesk SweetHawk Survey 1.6 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through support ticket submissions. Attackers can insert XSS payloads like script tags into ticket text that automatically execute when survey pages are loaded b...

6.4CVSS5AI score0.00055EPSS

Exploits0References4

Vulnrichment•added 2026/02/03 4:52 p.m.•2 views

CVE-2019-25263 Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting

6.4CVSS5AI score0.00055EPSS

Exploits0References4

ATTACKERKB•added 2026/02/03 4:52 p.m.•3 views

CVE-2019-25263

6.4CVSS5AI score0.00055EPSS

Exploits0References4Affected Software1

OSSF Malicious Packages•added 2026/02/03 5:1 a.m.•6 views

Malicious code in baileys-dtz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 109634c377dbfbc10a7374fb473b28d85fcd47c764895f0c5e685a1f974a0120 The package baileys-dtz was found to contain malicious code. Source: ghsa-malware 14a91b23d2ef0b2dede76b5344cd84626e539f40e791d84f2a793b34d285e196 An...

5.4AI score

Exploits0References1

Packet Storm News•added 2026/02/02 12:0 a.m.•2 views

ImpressCMS 1.3.10 Cross Site Scripting

Multiple cross site scripting vulnerabilities exist in ImpressCMS version 1.3.10, including both reflected and persistent cross site scripting. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

4.6AI score

Exploits0

NVD•added 2026/02/01 1:15 p.m.•3 views

CVE-2022-50952

Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the TextBox Name Profile input. Attackers can inject malicious script code through a POST request that executes on application review without user interaction...

6.4CVSS0.00016EPSS

Exploits0References3

NVD•added 2026/02/01 1:15 p.m.•2 views

CVE-2021-47919

Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks...

6.4CVSS0.00018EPSS

Exploits1References3

NVD•added 2026/02/01 1:15 p.m.•3 views

CVE-2021-47917

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...

6.4CVSS0.00021EPSS

Exploits1References3

OSV•added 2026/02/01 1:15 p.m.•1 views

CVE-2021-47913

PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation...

5.4CVSS5.8AI score

Exploits0References4

OSV•added 2026/02/01 1:15 p.m.•0 views

CVE-2021-47912

PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute client-side attacks and potentially hijack user sessions...

5.4CVSS5.8AI score0.00057EPSS

Exploits1References4

EUVD•added 2026/02/01 12:56 p.m.•2 views

EUVD-2023-60536

QWE DL 2.0.1 mobile web application contains a persistent input validation vulnerability allowing remote attackers to inject malicious script code through path parameter manipulation. Attackers can exploit the vulnerability to execute persistent cross-site scripting attacks, potentially leading t...

6.4CVSS6AI score0.00019EPSS

Exploits0References3

ATTACKERKB•added 2026/02/01 12:56 p.m.•3 views

CVE-2023-54343

6.4CVSS6AI score0.00019EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/02/01 12:56 p.m.•5 views

CVE-2022-50951 WiFi File Transfer 1.0.8 Persistent XSS via Web Server Input Validation

WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through file and folder names. Attackers can exploit the web server's input validation weakness to execute arbitrary JavaScript when users preview infect...

6.4CVSS5.5AI score0.00019EPSS

Exploits0References3

ATTACKERKB•added 2026/02/01 12:56 p.m.•4 views

CVE-2022-50951

6.4CVSS6AI score0.00019EPSS

Exploits0References3Affected Software1

CVE•added 2026/02/01 12:56 p.m.•7 views

CVE-2022-50952

CVE-2022-50952 affects Banco Guayaquil 8.0.0 Mobile iOS application. A persistent cross-site scripting vulnerability exists in the TextBox Name Profile input. An attacker can inject malicious script via a POST request that executes on application review without user interaction. The NVD entry lis...

6.4CVSS5.9AI score0.00016EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by