CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

32394 matches found

CVE-2025-31013

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themify Folo allows Reflected XSS. This issue affects Themify Folo: from n/a through 1.9.6...

7.1CVSS0.00146EPSS

Exploits0References1

CVE•added 4 days ago•23 views

CVE-2025-31013

Technical details for CVE-2025-31013 are not provided in the supplied documents; no affected products, vectors, or remediation details are disclosed here. Monitor for official updates.

7.1CVSS8.3AI score0.00146EPSS

Exploits0References1

CVE•added 4 days ago•18 views

CVE-2026-54192

This entry covers CVE-2026-54192: unauthenticated Reflected XSS in the WordPress Popup box plugin (<= 6.2.9). The descriptor indicates an XSS vulnerability when loading or handling inputs in affected plugin paths, with a CVSS v3.1 base score of 7.1 (HIGH) and user interaction required. The pro...

7.1CVSS5.1AI score0.00192EPSS

Exploits0References1

CVE•added 4 days ago•5 views

CVE-2026-39597

This CVE covers an unauthenticated, reflected Cross Site Scripting (XSS) in the WordPress WPZOOM Addons for Elementor plugin (versions

7.1CVSS5.1AI score0.00175EPSS

Exploits0References1

CVE•added 4 days ago•7 views

CVE-2026-22328

CVE-2026-22328 corresponds to a reflected XSS in WordPress Theme Auto Repair <= 22.6, described as unauthenticated in the Initial description and reflected XSS in the product detail. CVSS shows Network attack vector, no privileges required, low impact to confidentiality/integrity/availability,...

7.1CVSS5.1AI score0.00244EPSS

Exploits0References1

CVE•added 4 days ago•10 views

CVE-2026-8089

CVE-2026-8089 affects the weMail plugin for WooCommerce (WordPress) prior to version 2.1.3. The issue is a reflected Cross-Site Scripting (XSS) vulnerability caused by not escaping a user-supplied parameter before reflecting it into an HTML attribute in a non-nonce-protected AJAX response. This a...

7.1CVSS5.2AI score0.00215EPSS

Exploits0References1

CVE•added 4 days ago•8 views

CVE-2026-9570

Summary: CVE-2026-9570 affects the Taskbuilder WordPress plugin prior to 5.0.8. The vulnerability arises because a URL parameter is not properly sanitized before being echoed into inline JavaScript on a frontend page that uses a shortcode, causing a Reflected Cross-Site Scripting (XSS) vulnerabil...

7.1CVSS5.2AI score0.00192EPSS

Exploits0References1

Cvelist•added 4 days ago•33 views

CVE-2026-9570 Taskbuilder < 5.0.8 - Reflected XSS via Shortcode

The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Reflected Cross-Site Scripting vulnerability that can be triggered against any logged-in user...

0.00192EPSS

Exploits0References1

Nuclei•added 4 days ago•33 views

Resourcespace - Cross-Site Scripting

ResourceSpace before 9.6 rev 18290 is affected by a reflected cross-site scripting vulnerability in plugins/wordpresssso/pages/index.php via the wordpressuser parameter. id: CVE-2021-41951 info: name: Resourcespace - Cross-Site Scripting author: coldfish severity: medium description: ResourceSpac...

6.1CVSS5.8AI score0.77892EPSS

Exploits1References5

Tenable Nessus•added 4 days ago•5 views

Bosch Security Systems IP Cameras Reflected Cross-site Scripting (CVE-2021-23854)

An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting XSS in the web-based interface. This issue only affects versions 7.7x and 7.6x. All other versions are not affected. This plugin only works with Tenable.ot. Please visit...

8.3CVSS5.6AI score0.00554EPSS

Exploits0References2

Positive Technologies•added 4 days ago•9 views

PT-2026-50557

Name of the Vulnerable Software and Affected Versions marimo versions prior to 0.23.9 Description A reflected cross-site scripting issue exists in the notebook page. Unauthenticated attackers can inject arbitrary JavaScript by exploiting improper escaping of single quotes in the file query...

6.1CVSS5.1AI score0.00239EPSS

Exploits0References7

Nuclei•added 5 days ago•20 views

Zoho manageengine - Cross-Site Scripting

Zoho manageengine is vulnerable to reflected cross-site scripting. This impacts Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 via the...

6.1CVSS5.6AI score0.98463EPSS

Exploits3References4

Nuclei•added 5 days ago•23 views

rConfig 3.9.4 - Cross-Site Scripting

rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php id: CVE-2020-12259 info: name: rConfig 3.9.4 - Cross-Site Scripting...

5.4CVSS6.7AI score0.94767EPSS

Exploits0References5

Cvelist•added 6 days ago•25 views

CVE-2026-48157 Slim has Reflected XSS in the HtmlErrorRenderer

Slim is a PHP micro framework that enables users to write simple web applications and APIs. In versions 4.4.0 through 4.15, if an application uses HttpException::setTitle and/or setDescription to include untrusted/request-derived data in the error title or description e.g. "No products found...

6.1CVSS0.00263EPSS

Exploits0References2

CVE•added 6 days ago•11 views

CVE-2026-48157

Slim PHP framework (versions 4.4.0–4.15) is affected by an HTML/JavaScript injection in error pages when HttpException::setTitle() and/or setDescription() are fed with untrusted data. The issue can occur in HTML error pages generated by Slim and is present even with displayErrorDetails = false; v...

6.1CVSS5.5AI score0.00263EPSS

Exploits0References2

Cvelist•added 6 days ago•23 views

CVE-2026-39514 WordPress Paid Member Subscriptions plugin <= 2.17.3 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Paid Member Subscriptions = 2.17.3 versions...

7.1CVSS0.00175EPSS

Exploits0References1

CVE•added 6 days ago•5 views

CVE-2025-68872

CVE-2025-68872 is a reflected XSS vulnerability in the WordPress plugin “Eli's WordCents adSense Widget with Analytics” (versions

7.1CVSS5.1AI score0.00175EPSS

Exploits0References1

NVD•added 6 days ago•8 views

CVE-2026-49294

Valhalla is an open source routing engine and accompanying libraries for use with OpenStreetMap data. Versions 3.6.3 and prior are vulnerable to reflected cross-site scripting XSS due to improper neutralization of input in the JSONP callback parameter. When a request specifies a JSONP callback, t...

6.1CVSS0.00149EPSS

Exploits0References1

GithubExploit•added 2026/06/13 7:11 a.m.•56 views

web-vuln-scanner

Web Vulnerability Scanner Basic web application vulnerability...

5.9AI score

Exploits0

EUVD•added 2026/06/12 8:36 p.m.•5 views

EUVD-2026-36564

MISP contains a reflected cross-site scripting vulnerability in the UiBeta event index view. The urlparams value is inserted into an inline JavaScript handler using HTML escaping inside a single-quoted JavaScript string. Because browsers HTML-decode attribute values before JavaScript parsing, a...

5.3CVSS5.2AI score0.00256EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by