CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/03/19 12:0 a.m.•2 views

WordPress和WordPress plugin 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5.7AI score0.00015EPSS

CNNVD•added 2026/03/19 12:0 a.m.•4 views

WordPress plugin Kentha 跨站脚本漏洞

CNNVD•added 2026/03/19 12:0 a.m.•3 views

WordPress plugin Gutenberg Blocks 跨站脚本漏洞

Snyk•added 2026/03/18 8:23 p.m.•2 views

Cross-site Scripting (XSS)

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the lookup... route in the web interface, where attacker-controlled input is reflected into the HTML response...

6.1CVSS5.9AI score0.00019EPSS

Exploits1References2

Github Security Blog•added 2026/03/17 7:52 p.m.•5 views

AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORS

Summary /objects/phpsessionid.json.php exposes the current PHP session ID to any unauthenticated request. The allowOrigin function reflects any Origin header back in Access-Control-Allow-Origin with Access-Control-Allow-Credentials: true, enabling cross-origin session theft and full account...

8.1CVSS5.9AI score0.0002EPSS

Exploits1References4Affected Software1

Snyk•added 2026/03/16 6:13 p.m.•5 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the ElementIndexesController and FieldsController components. An attacker can execute arbitrary code by...

8.6CVSS6.2AI score0.00048EPSS

Snyk•added 2026/03/16 6:12 p.m.•3 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' in the actionApplyOverrideSettings function. An attacker can execute arbitrary code by injecting malicious...

8.6CVSS6.2AI score0.00048EPSS

OSV•added 2026/03/16 4:32 p.m.•2 views

GHSA-9JFM-9RC6-2HFQ Glances's Default CORS Configuration Allows Cross-Origin Credential Theft

Summary The Glances REST API web server ships with a default CORS configuration that sets alloworigins="" combined with allowcredentials=True. When both of these options are enabled together, Starlette's CORSMiddleware reflects the requesting Origin header value in the Access-Control-Allow-Origin...

8.1CVSS5.8AI score0.00055EPSS

Exploits1References5

CNNVD•added 2026/03/16 12:0 a.m.•2 views

WordPress Plugin Flexmls IDX 跨站脚本漏洞

Snyk•added 2026/03/13 8:2 p.m.•3 views

Unsafe Reflection

Overview Scrapy is a high-level web crawling and web scraping framework, used to crawl websites and extract structured data from their pages. Affected versions of this package are vulnerable to Unsafe Reflection via the Referrer-Policy header handled by RefererMiddleware. An attacker can execute...

7.1CVSS6AI score

Packet Storm•added 2026/03/12 12:0 a.m.•217 views

📄 Microsoft Windows 11 SMB Local Privilege Escalation

Proof of concept for CVE‑2025‑33073, a Microsoft Windows SMB privilege escalation vulnerability that abuses local NTLM reflection behavior within the SMB stack...

8.8CVSS5.8AI score0.44333EPSS

Exploits6

Packet Storm News•added 2026/03/11 12:0 a.m.•2 views

MirrorDrift: Actuated Mirror-Based Attacks on LiDAR SLAM

LiDAR SLAM provides high-accuracy localization but is fragile to point-cloud corruption because scan matching assumes geometric consistency. Prior physical attacks on LiDAR SLAM largely rely on LiDAR spoofing via external signal injection, which requires sensor-specific timing knowledge and is...

5.7AI score

Exploits0

CNNVD•added 2026/03/10 12:0 a.m.•2 views

SiYuan 跨站脚本漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.5.10 contained a cross-site scripting vulnerability. This vulnerability stemmed from the SVG cleaner’s inability to properly check the javascript: prefix in href attributes, allowi...

6.4CVSS7.1AI score0.00502EPSS

Exploits1References1

CNNVD•added 2026/03/06 12:0 a.m.•4 views

groupoffice 跨站脚本漏洞

GroupOffice is an open-source groupware and CRM developed by Intermesh. Versions of GroupOffice prior to 6.8.155, 25.0.88, and 26.0.10 contained a cross-site scripting vulnerability. This vulnerability stemmed from the POST field in the installation script install/license.php, where the field was...

6.1CVSS5.7AI score0.00017EPSS

Exploits1References2

CNNVD•added 2026/03/06 12:0 a.m.•2 views

SiYuan 跨站脚本漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.5.9 contained a cross-site scripting vulnerability. This vulnerability stemmed from the dynamic icon API endpoint not properly escaping the content controlled by attackers, which...

9.3CVSS7.1AI score0.00462EPSS

Exploits1References1

CNNVD•added 2026/03/05 12:0 a.m.•4 views

WordPress plugin Gecko 跨站脚本漏洞

CNNVD•added 2026/03/05 12:0 a.m.•4 views

WordPress plugin MediCenter 安全漏洞