CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21401 matches found

Github Security Blog•added 2026/05/18 4:23 p.m.•9 views

CI4MS: Stored XSS in Pages Module Content via Broken html_purify Validation Rule

Summary The Pages backend module registers the htmlpurify validation rule on language-keyed page content but persists the raw, un-purified POST value into the database. The public renderer for pages Home::index → app/Views/templates/default/pages.php emits $pageInfo-content without esc, yielding...

6.1AI score

Exploits0References3Affected Software1

OSV•added 2026/05/18 3:39 p.m.•5 views

GHSA-2M69-JMVH-6CHR CI4MS: Stored XSS in Blog Content via Broken `html_purify` Validation Rule

Summary The custom htmlpurify validation rule used to sanitize blog post bodies relies on by-reference mutation ?string &$str, but CodeIgniter 4's validator passes a local copy of the value, so the sanitized text is silently discarded. The Blog controller writes $lanData'content' directly into...

5.4CVSS5.7AI score

Exploits0References3

Github Security Blog•added 2026/05/18 3:39 p.m.•12 views

CI4MS: Stored XSS in Blog Content via Broken `html_purify` Validation Rule

5.7AI score

Exploits0References3Affected Software1

OSV•added 2026/05/18 3:32 p.m.•2 views

MINI-8RJ7-GF72-RM8G

Bulletin has no description...

8.8CVSS5.7AI score0.00058EPSS

Exploits0

OSV•added 2026/05/18 3:17 p.m.•2 views

MINI-VVRF-R46R-H85F

Bulletin has no description...

8.7CVSS5.7AI score0.00021EPSS

Exploits0

OSV•added 2026/05/18 3:0 p.m.•1 views

MINI-W2X7-GJ6F-CH58

Bulletin has no description...

8.9CVSS5.7AI score0.00019EPSS

Exploits0

OSV•added 2026/05/18 2:32 p.m.•1 views

MINI-PX37-5F4C-6JQG

Bulletin has no description...

5.3CVSS5.7AI score0.00031EPSS

Exploits1

OSV•added 2026/05/18 2:32 p.m.•1 views

MINI-MH66-WGCV-PF9F

Bulletin has no description...

7.5CVSS5.7AI score0.00006EPSS

Exploits0

Circl•added 2026/05/18 2:10 p.m.•3 views

GHSA-97R8-RF7Q-WMJW

creationtimestamp| type| source ---|---|--- 2026-05-18 14:10:50+00:00| seen| https://gist.github.com/alon710/98fbc08fd28e864acb5a0c94e605d960...

5.8AI score

Exploits0References1

OSV•added 2026/05/18 2:1 p.m.•2 views

MINI-26PF-V923-23MV

Bulletin has no description...

7.5CVSS5.7AI score0.00006EPSS

Exploits0

OSV•added 2026/05/18 1:46 p.m.•1 views

MINI-FG3H-P2QW-WWFJ

Bulletin has no description...

7.5CVSS5.7AI score0.00011EPSS

Exploits0

OSV•added 2026/05/18 1:16 p.m.•3 views

MINI-35X3-HXCP-QXRX

Bulletin has no description...

7.5CVSS6.3AI score0.00035EPSS

Exploits0

OSV•added 2026/05/18 1:0 p.m.•1 views

MINI-RM54-59V5-VPQR

Bulletin has no description...

7.5CVSS5.7AI score0.00077EPSS

Exploits1

OSV•added 2026/05/18 12:57 p.m.•5 views

CLEANSTART-2026-CR00119 Security fixes for CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-34986, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-6v2p-p943-phr9, ghsa-78h2-9frx-2jm8, ghsa-c6gw-w398-hv78, ghsa-f6x5-jh6r-wrfv, ghsa-hcg3-p754-cr77, ghsa-j5w8-q4qc-rx2x, ghsa-qxp5-gw88-xv66, ghsa-v778-237x-gjrc, ghsa-vvgc-356p-c3xw applied in versions: 1.15.0-r1, 1.19.0-r0, 1.19.1-r0, 1.19.1-r1

Multiple security vulnerabilities affect the rabbitmq-messaging-topology-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.8AI score0.00058EPSS

Exploits1References36

OSV•added 2026/05/18 12:45 p.m.•1 views

MINI-PP3M-M38G-C4GP

Bulletin has no description...

7.5CVSS5.7AI score0.00077EPSS

Exploits1

RedHat Linux•added 2026/05/18 12:24 p.m.•9 views

com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...

9.8CVSS8AI score0.00151EPSS

Exploits1References8

RedHat Linux•added 2026/05/18 12:21 p.m.•7 views

c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects

A flaw was found in c3p0, a Java Database Connectivity JDBC Connection pooling library. This vulnerability allows an attacker to achieve arbitrary code execution by providing maliciously crafted Java-serialized objects or javax.naming.Reference instances. By manipulating the userOverridesAsString...

8.9CVSS7.8AI score0.00313EPSS

Exploits0References9

RedHat Linux•added 2026/05/18 12:12 p.m.•8 views

c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects

8.9CVSS7.8AI score0.00313EPSS

Exploits0References9

OSV•added 2026/05/18 8:16 a.m.•3 views

SUSE-SU-2026:1970-1 Security update for php-composer2

This update for php-composer2 fixes the following issues - CVE-2026-40176: command injection via malicious Perforce repository definition bsc1262254. - CVE-2026-40261: command injection via malicious Perforce source reference/url bsc1262255. Changes for php-composer2: - version update to 2.2.27...

8.8CVSS6.6AI score0.23787EPSS

Exploits3References11