CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

65 matches found

CVE-2026-10510

Cross-Site Scripting XSS in GeniexWebView component in Transsion AI Assistant Lifestyle application com.transsion.aiassistantlifestyle all versions on Android allows remote attacker to execute arbitrary JavaScript in the WebView context via crafted webactiondata URL parameter...

6.1CVSS0.00035EPSS

Exploits0References1

EUVD•added 2 days ago•7 views

EUVD-2026-33874

6.1CVSS6.1AI score0.00035EPSS

Exploits0References1

OSSF Malicious Packages•added 2026/05/14 6:32 p.m.•4 views

Malicious code in @aiscene/aiserver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 542fdb1c23b52adda0ed5164b65c9768aef7a5edd45473f9cd3ceab3065b1bb3 When the installed aiserver tool is started via its bin, npm start, or loading dist/index.js, it registers the host with a hardcoded remote controlle...

6.1AI score

Exploits0References2

EUVD•added 2026/04/21 12:30 p.m.•2 views

EUVD-2026-24073

Reflected Cross-Site Scripting XSS vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker t...

5.1CVSS6AI score0.00296EPSS

Exploits0References2

Vulnrichment•added 2026/04/21 9:3 a.m.•0 views

CVE-2026-3317 Reflected Cross-Site Scripting in Navigate CMS application

5.1CVSS6AI score0.00296EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 3:11 p.m.•4 views

CVE-2026-32844

XinLiangCoder phpapidoc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in listmethod.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft a malicious URL with...

6.1CVSS6AI score0.00044EPSS

Exploits0References1

NVD•added 2026/03/23 8:16 p.m.•2 views

CVE-2026-32851

MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the StartDate parameter in...

6.1CVSS0.00026EPSS

Exploits1References5

EUVD•added 2026/03/20 6:31 p.m.•1 views

EUVD-2026-13752

6.1CVSS6AI score0.00044EPSS

Exploits0References3

RedhatCVE•added 2026/02/21 7:29 p.m.•1 views

CVE-2026-27502

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in log.php via the search query parameter. The application embeds the unsanitized parameter value directly into an HTML input value attribute, allowing an unauthenticated remote attacker to inject and execute...

6.1CVSS5.6AI score0.00056EPSS

Exploits0References1

RedhatCVE•added 2025/11/27 6:2 p.m.•3 views

CVE-2025-64130

Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser...

9.8CVSS6.6AI score0.00125EPSS

Exploits0References1

Vulnrichment•added 2025/11/26 5:55 p.m.•3 views

CVE-2025-64130 Zenitel TCIV-3+ Cross-site Scripting

Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser...

9.8CVSS6.3AI score0.00125EPSS

Exploits0References3

EUVD•added 2025/11/06 6:32 p.m.•4 views

EUVD-2025-38063

An unauthenticated reflected cross-site scripting vulnerability in the query handling of CMSimpleXH allows remote attackers to inject and execute arbitrary JavaScript in a victim's browser via a crafted request e.g., a maliciously crafted POST login. Successful exploitation may lead to theft of...

7.1CVSS6.1AI score0.00055EPSS

Exploits1References3

CVE•added 2025/10/31 1:53 p.m.•5 views

CVE-2025-12460

Summary: CVE-2025-12460 describes a Stored XSS vulnerability in Afterlogic Aurora webmail. Affected versions: 9.8.3 and earlier. ** vulnerability mechanism:** an attacker can embed JavaScript in an HTML email via an img tag, which may execute in the recipient’s webmail browser context. Impact (pe...

5.3CVSS6AI score0.0029EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2006-6959

Malware in sbrugna...

4.3CVSS6.4AI score0.00452EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2014-1947

Malware in sbrugna...

6.4CVSS6.4AI score0.00703EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2009-1833

Malware in sbrugna...

9.3CVSS8.9AI score0.04629EPSS

Exploits0References45

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-17384

Malware in sbrugna...

5.4CVSS5.5AI score0.00203EPSS

Exploits0References3

CVE•added 2025/10/06 12:0 a.m.•5 views

CVE-2025-61198

CVE-2025-61198 is a stored XSS in Orban Optimod devices (5950/5950HD/5750/5750HD/Trio) affecting Optimod 1.0.0.33 and System 2.5.26. The vulnerability arises from injecting a malicious payload into logs that are rendered in the UI, allowing an attacker to execute arbitrary JavaScript in a user’s ...

5.4CVSS5.7AI score0.00031EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2024-55005

Malicious code in bioql PyPI...

5.4CVSS8.8AI score0.00155EPSS

Exploits1References4

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-42650

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00167EPSS

Exploits0References3