CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

99 matches found

RedhatCVE•added 2026/06/05 7:37 p.m.•8 views

CVE-2026-3317

Reflected Cross-Site Scripting XSS vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker t...

5.1CVSS5.8AI score0.00343EPSS

Exploits0References1

NVD•added 2026/06/02 3:16 a.m.•11 views

CVE-2026-10510

Cross-Site Scripting XSS in GeniexWebView component in Transsion AI Assistant Lifestyle application com.transsion.aiassistantlifestyle all versions on Android allows remote attacker to execute arbitrary JavaScript in the WebView context via crafted webactiondata URL parameter...

6.1CVSS0.00155EPSS

Exploits0References1

EUVD•added 2026/06/02 1:56 a.m.•11 views

EUVD-2026-33874

6.1CVSS6.1AI score0.00155EPSS

Exploits0References1

OSSF Malicious Packages•added 2026/05/14 6:32 p.m.•10 views

Malicious code in @aiscene/aiserver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5afe7de709fb18909451ff49a02f133f248fb0dc0688709251c924038effc6dc On load, dist/index.js unconditionally instantiates new AIServer and calls server.start at module top level no require.main === module guard, so simp...

6.4AI score

Exploits0References6

EUVD•added 2026/04/21 12:30 p.m.•6 views

EUVD-2026-24073

5.1CVSS6AI score0.00343EPSS

Exploits0References2

Vulnrichment•added 2026/04/21 9:3 a.m.•1 views

CVE-2026-3317 Reflected Cross-Site Scripting in Navigate CMS application

5.1CVSS6AI score0.00343EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 3:11 p.m.•4 views

CVE-2026-32844

XinLiangCoder phpapidoc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in listmethod.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft a malicious URL with...

6.1CVSS6AI score0.00257EPSS

Exploits0References1

NVD•added 2026/03/23 8:16 p.m.•4 views

CVE-2026-32851

MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the StartDate parameter in...

6.1CVSS0.00307EPSS

Exploits1References5

EUVD•added 2026/03/20 6:31 p.m.•3 views

EUVD-2026-13752

6.1CVSS6AI score0.00257EPSS

Exploits0References3

RedhatCVE•added 2026/02/21 7:29 p.m.•4 views

CVE-2026-27502

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in log.php via the search query parameter. The application embeds the unsanitized parameter value directly into an HTML input value attribute, allowing an unauthenticated remote attacker to inject and execute...

6.1CVSS5.6AI score0.00201EPSS

Exploits0References1

RedhatCVE•added 2025/11/27 6:2 p.m.•4 views

CVE-2025-64130

Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser...

9.8CVSS6.6AI score0.0085EPSS

Exploits0References1

Vulnrichment•added 2025/11/26 5:55 p.m.•3 views

CVE-2025-64130 Zenitel TCIV-3+ Cross-site Scripting

Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser...

9.8CVSS6.3AI score0.0085EPSS

Exploits0References3

EUVD•added 2025/11/06 6:32 p.m.•7 views

EUVD-2025-38063

An unauthenticated reflected cross-site scripting vulnerability in the query handling of CMSimpleXH allows remote attackers to inject and execute arbitrary JavaScript in a victim's browser via a crafted request e.g., a maliciously crafted POST login. Successful exploitation may lead to theft of...

7.1CVSS6.1AI score0.00286EPSS

Exploits1References3

CVE•added 2025/10/31 1:53 p.m.•11 views

CVE-2025-12460

Summary: CVE-2025-12460 describes a Stored XSS vulnerability in Afterlogic Aurora webmail. Affected versions: 9.8.3 and earlier. ** vulnerability mechanism:** an attacker can embed JavaScript in an HTML email via an img tag, which may execute in the recipient’s webmail browser context. Impact (pe...

5.3CVSS6AI score0.0037EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2009-1833

Malware in sbrugna...

9.3CVSS8.9AI score0.04795EPSS

Exploits0References45

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2014-1947

Malware in sbrugna...

6.4CVSS6.4AI score0.01552EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2020-17384

Malware in sbrugna...

5.4CVSS5.5AI score0.0062EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•6 views

EUVD-2006-6959

Malware in sbrugna...

4.3CVSS6.4AI score0.01062EPSS

Exploits1References4

CVE•added 2025/10/06 12:0 a.m.•7 views

CVE-2025-61198

CVE-2025-61198 is a stored XSS in Orban Optimod devices (5950/5950HD/5750/5750HD/Trio) affecting Optimod 1.0.0.33 and System 2.5.26. The vulnerability arises from injecting a malicious payload into logs that are rendered in the UI, allowing an attacker to execute arbitrary JavaScript in a user’s ...

5.4CVSS5.7AI score0.00233EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2023-42650

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00631EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by