CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7580 matches found

Positive Technologies•added 2026/02/01 12:0 a.m.•4 views

PT-2026-5562

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...

6.4CVSS5.9AI score0.00021EPSS

Exploits1References4

Positive Technologies•added 2026/02/01 12:0 a.m.•3 views

PT-2026-5564

Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks...

6.4CVSS6.1AI score0.00018EPSS

Exploits1References4

Positive Technologies•added 2026/02/01 12:0 a.m.•3 views

PT-2026-5574

QWE DL 2.0.1 mobile web application contains a persistent input validation vulnerability allowing remote attackers to inject malicious script code through path parameter manipulation. Attackers can exploit the vulnerability to execute persistent cross-site scripting attacks, potentially leading t...

6.4CVSS6AI score0.00019EPSS

Exploits0References4

Positive Technologies•added 2026/02/01 12:0 a.m.•3 views

PT-2026-5558

PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation...

6.4CVSS5.9AI score0.00057EPSS

Exploits1References5

CNNVD•added 2026/02/01 12:0 a.m.•3 views

PHPSUGAR PHP Melody 跨站脚本漏洞

PHPSUGAR PHP Melody is a content management system developed by PHPSUGAR. The PHPSUGAR PHP Melody 3.0 version has a cross-site scripting vulnerability. This vulnerability stems from the submitted parameter in the edit-video.php file, which has a persistent cross-site scripting vulnerability. This...

6.4CVSS5.7AI score0.00031EPSS

Exploits1References4

Positive Technologies•added 2026/02/01 12:0 a.m.•4 views

PT-2026-5552

Easy Cart Shopping Cart 2021 contains a non-persistent cross-site scripting vulnerability in the search module's keyword parameter. Remote attackers can inject malicious script code through the search input to compromise user sessions and manipulate application content...

6.4CVSS5.9AI score0.00021EPSS

Exploits0References4

NVD•added 2026/01/30 5:16 p.m.•1 views

CVE-2020-37003

Sellacious eCommerce 4.6 contains a persistent cross-site scripting vulnerability in the Manage Your Addresses module that allows attackers to inject malicious scripts. Attackers can exploit multiple address input fields like full name, company, and address to execute persistent script code that...

6.4CVSS0.00059EPSS

Exploits0References5

UbuntuCve•added 2026/01/30 5:16 p.m.•2 views

CVE-2020-37014

Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user...

6.4CVSS6AI score0.00081EPSS

Exploits0References7

ATTACKERKB•added 2026/01/30 4:16 p.m.•4 views

CVE-2020-37022

OpenZ ERP 3.6.60 contains a persistent cross-site scripting vulnerability in the Employee module's name and description parameters. Attackers can inject malicious scripts through POST requests to , enabling session hijacking and manipulation of application modules...

6.4CVSS5.8AI score0.00059EPSS

Exploits0References5

Vulnrichment•added 2026/01/30 4:16 p.m.•3 views

CVE-2020-37014 Tryton 5.4 - Persistent Cross-Site Scripting

6.4CVSS5.9AI score0.00081EPSS

Exploits0References5

ATTACKERKB•added 2026/01/30 4:16 p.m.•6 views

CVE-2020-37003

6.4CVSS6AI score0.00059EPSS

Exploits0References5

EUVD•added 2026/01/30 4:16 p.m.•2 views

EUVD-2020-30961

6.4CVSS6AI score0.00059EPSS

Exploits0References5

Cvelist•added 2026/01/30 4:16 p.m.•26 views

CVE-2020-37003 Sellacious eCommerce 4.6 - Persistent Cross-Site Scripting

6.4CVSS0.00059EPSS

Exploits0References5

CVE•added 2026/01/30 4:16 p.m.•8 views

CVE-2020-36966

CVE-2020-36966 affects Dolibarr 11.0.3: a persistent XSS in LDAP synchronization (/dolibarr/admin/ldap.php) allows injection via host, slave, and port parameters, enabling arbitrary JavaScript execution and potential cookie theft. Public sources describe the vulnerability; no patch details are pr...

6.4CVSS6AI score0.00051EPSS

Exploits0References3

Cvelist•added 2026/01/30 4:16 p.m.•28 views

CVE-2020-36998 forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting

Forma.lms The E-Learning Suite 2.3.0.2 contains a persistent cross-site scripting vulnerability in multiple course and profile parameters. Attackers can inject malicious scripts in course code, name, description fields, and email parameter to execute arbitrary JavaScript without proper input...

6.4CVSS0.00055EPSS

Exploits0References4

Packet Storm News•added 2026/01/30 12:0 a.m.•4 views

Semantic-Aware Advanced Persistent Threat Detection Using Autoencoders on LLM-Encoded System Logs

Advanced Persistent Threats APTs are among the most challenging cyberattacks to detect. They are carried out by highly skilled attackers who carefully study their targets and operate in a stealthy, long-term manner. Because APTs exhibit "low-and-slow" behavior, traditional statistical methods and...

5.4AI score

Exploits0

Positive Technologies•added 2026/01/30 12:0 a.m.•5 views

PT-2026-5413

6.4CVSS6AI score0.00055EPSS

Exploits0References5

ATTACKERKB•added 2026/01/29 2:28 p.m.•2 views

CVE-2020-37018

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through message subjects. Attackers can craft messages with embedded JavaScript that will execute when an administrator reads the message, potentially stealing...

6.4CVSS5.9AI score0.00052EPSS

Exploits0References3Affected Software1

CVE•added 2026/01/29 2:28 p.m.•6 views

CVE-2020-37018

CVE-2020-37018 ffects GOautodial 4.0: a persistent cross-site scripting (XSS) vulnerability allows authenticated agents to inject malicious scripts via message subjects. Crafted messages with embedded JavaScript can execute when an administrator reads the message, potentially leaking session cook...

6.4CVSS5.9AI score0.00052EPSS

Exploits0References3

CNNVD•added 2026/01/29 12:0 a.m.•3 views

GOautodial cross-site scripting vulnerability

GOautodial is an open-source next-generation omnichannel contact center suite developed by GOautodial. Version 4.0 of GOautodial contains a cross-site scripting vulnerability. This vulnerability arises because authenticated proxies can inject malicious scripts through message subjects, potentiall...

6.4CVSS5.6AI score0.00052EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by