CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added yesterday•7 views

EUVD-2026-33874

6.1CVSS6.1AI score0.00121EPSS

EUVD•added 2026/05/27 3:33 p.m.•6 views

EUVD-2025-209974

IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting XSS. This vulnerability allows a remote attacker to inject arbitrary JavaScript code into the web user interface, which may alter the intended...

5.4CVSS5.8AI score0.00033EPSS

CVE•added 2026/05/27 12:17 p.m.•5 views

CVE-2025-3633

CVE-2025-3633 affects IBM Cognos Analytics (versions 11.2.0, 11.2.4, 12.0, 12.1.0) and IBM Cognos Transformer (11.2.4, 12.0, 12.1.0). The vulnerability is a cross-site scripting (XSS) issue in the web UI that could allow a remote attacker to inject arbitrary JavaScript, potentially leading to dis...

8.2CVSS5.8AI score0.00033EPSS

Exploits0References1Affected Software2

Cvelist•added 2026/05/27 12:17 p.m.•30 views

CVE-2025-3633 IBM Cognos Analytics is affected by multiple security vulnerabilities

5.4CVSS0.00033EPSS

OSSF Malicious Packages•added 2026/05/26 1:28 p.m.•6 views

Malicious code in metricflow-tracker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9a1c269ce5e462d7e555ce1ca34b7f2e54e3d34ea094d35a67aa7c61d1fe34e The package's exported Metricflow React component defaults serverUrl to http://51.38.65.105:21531 and, when rendered, appends a tag to document.head ...

OSV•added 2026/05/22 8:30 p.m.•6 views

MAL-2026-4259 Malicious code in cryptowallet-safety (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 276a350e78e2602882e107586e33d617b3e392e3943c120d99d4213963d7fd9d On import cryptowalletsafety, the top-level init.py lines 13-21 shells out to curl -sL...

OSV•added 2026/05/20 8:0 a.m.•4 views

Exploits0References6

MAL-2026-4200 Malicious code in art-template (npm)

Versions 4.13.3, 4.13.5, and 4.13.6 of art-template were published after an npm account takeover and ship a tampered browser bundle lib/template-web.js that loads remote attacker-controlled JavaScript. The final payload is the Coruna iOS exploit kit, which targets Safari on iPhone and iPad and...

OSSF Malicious Packages•added 2026/05/20 8:0 a.m.•4 views

Exploits0References3

Malicious code in art-template (npm)

CVE•added 2026/05/20 12:0 a.m.•7 views

Exploits0References3

CVE-2026-30691

CVE-2026-30691 affects @cyntler/react-doc-viewer v1.17.1. TXTRenderer improperly sanitizes .txt content and casts raw data as a ReactNode, enabling Cross-Site Scripting (XSS) via crafted files. Impact: remote attacker can execute arbitrary JavaScript. No remediation details provided in the docume...

6.1CVSS6.1AI score0.00014EPSS

OSV•added 2026/05/14 7:24 p.m.•1 views

MAL-2026-3750 Malicious code in bigint.fs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb3e0cb5c95475ce69c3672be6acfb9283bc6e29a1d7ba7452c922e7dc96a966 On require/import, index.js runs an IIFE that POSTs a getAccountInfo RPC call to https://api.devnet.solana.com for Solana account...

6.3AI score

OSSF Malicious Packages•added 2026/05/14 6:32 p.m.•4 views

Malicious code in @aiscene/aiserver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 542fdb1c23b52adda0ed5164b65c9768aef7a5edd45473f9cd3ceab3065b1bb3 When the installed aiserver tool is started via its bin, npm start, or loading dist/index.js, it registers the host with a hardcoded remote controlle...

6.1AI score

CNNVD•added 2026/04/28 12:0 a.m.•2 views

School Management System 安全漏洞

School Management System is a school management system developed by ManiKandan G, based on PHP and MySQL. There is a security vulnerability in School Management System, which stems from the uncleaned type parameter in the register.php file. This vulnerability could allow unauthorized remote...

6.1CVSS6.1AI score0.00016EPSS

Exploits1References2

NVD•added 2026/04/22 12:16 a.m.•0 views

CVE-2026-41130

Craft CMS is a content management system CMS. In versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14, the resource-js endpoint in Craft CMS allows unauthenticated requests to proxy remote JavaScript resources. When trustedHosts is not explicitly restricted default...

7CVSS0.00051EPSS

CNNVD•added 2026/04/22 12:0 a.m.•4 views

Craft CMS 代码问题漏洞

Craft CMS is an open-source content management system developed by Craft CMS. There are code vulnerabilities in Craft CMS. These vulnerabilities stem from the resource-js endpoint, which allows unauthenticated requests to proxy remote JavaScript resources. When trustedHosts is not explicitly...

7CVSS5.9AI score0.00051EPSS

ATTACKERKB•added 2026/04/21 11:36 p.m.•2 views

CVE-2026-41130

7CVSS5.9AI score0.00051EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/04/21 11:36 p.m.•27 views

CVE-2026-41130 Craft CMS has a host header injection leading to SSRF via resource-js endpoint

7CVSS0.00051EPSS

EUVD•added 2026/04/21 12:30 p.m.•2 views

EUVD-2026-24073

Reflected Cross-Site Scripting XSS vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker t...

5.1CVSS6AI score0.00296EPSS