CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/06/11 1:27 a.m.•10 views

EUVD-2026-36198

The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oumlocationnotification' parameter in versions up to, and including, 1.4.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

4.7CVSS5.7AI score0.00188EPSS

EUVD•added 2026/06/11 12:32 a.m.•7 views

EUVD-2026-36138

Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads...

6.1CVSS5.5AI score0.00158EPSS

Positive Technologies•added 2026/06/11 12:0 a.m.•7 views

PT-2026-48727

Name of the Vulnerable Software and Affected Versions SolidInvoice versions prior to 2.3.17 Description The company logo upload feature lacks validation for uploaded file types. An authenticated administrator can upload an SVG file containing base64-encoded JavaScript. This script is injected...

8.1CVSS4.9AI score0.0031EPSS

Exploits0References6

NVD•added 2026/06/10 10:17 p.m.•4 views

CVE-2026-53737

6.1CVSS0.00158EPSS

RedhatCVE•added 2026/06/10 9:3 p.m.•9 views

CVE-2026-47943

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00307EPSS

OSSF Malicious Packages•added 2026/06/10 6:34 p.m.•9 views

Malicious code in v018-axios-cdntest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67d30d2c9939173663f8ba1312b2591d2f86c67657bd5eeff59b19187f50b901 Package impersonates axios v0.18.0 index.js carries the genuine axios v0.18.0 | c 2018 by Matt Zabriskie header and sets window.axios=,...

5.4AI score

Exploits0References4

RedhatCVE•added 2026/06/10 8:59 a.m.•7 views

CVE-2026-8909

The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.3. This is due to missing or incorrect nonce validation on the handleSaveGeneralSettings function. This makes it possible for unauthenticated attackers to modify the plugin's...

4.3CVSS5.5AI score0.00128EPSS

NVD•added 2026/06/10 8:16 a.m.•10 views

CVE-2026-9019

The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gridpropertiesborderColor' and 'gridimagesNattachmenturl' Parameters in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00201EPSS

Exploits0References6

NVD•added 2026/06/10 7:16 a.m.•9 views

CVE-2026-8071

The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated attackers to inject arbitrary web scripts into approved comments that will execute when any user...

8.8CVSS0.00276EPSS

Vulnrichment•added 2026/06/10 4:31 a.m.•5 views

CVE-2025-8444 Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates <= 2.6.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Parameters

The Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the multiple parameters in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. Th...

6.4CVSS5.7AI score0.00156EPSS

Snyk•added 2026/06/10 1:13 a.m.•3 views

Cross-site Scripting (XSS)

Overview org.springframework.security:spring-security-saml2-service-provider is a security component for the Spring Framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the RelyingPartyRegistration function. An attacker can execute arbitrary scripts in the...

7.6CVSS5.3AI score0.00181EPSS

Positive Technologies•added 2026/06/10 12:0 a.m.•6 views

PT-2026-48387

5.7AI score0.00276EPSS

Positive Technologies•added 2026/06/10 12:0 a.m.•8 views

PT-2026-48551

6.1CVSS5.5AI score0.00158EPSS

EUVD•added 2026/06/09 7:15 p.m.•6 views

EUVD-2026-35796

Ellucian Banner Self-Service before the April T2 release 2025-04-23 contains a stored cross-site scripting vulnerability in the course search functionality that allows authenticated Banner ERP users to inject malicious payloads into faculty and course fields by exploiting missing HTML encoding...

5.4CVSS5.3AI score0.00196EPSS

CVE•added 2026/06/09 7:15 p.m.•9 views

CVE-2026-47106

CVE-2026-47106 affects Ellucian Banner Self-Service prior to the April T2 release. The issue is a stored cross-site scripting (XSS) vulnerability in the course search functionality caused by missing HTML encoding during DOM insertion. Malicious JavaScript can be stored in fields such as faculty d...

5.4CVSS5.6AI score0.00196EPSS

EUVD•added 2026/06/09 6:30 p.m.•5 views

EUVD-2026-35607

5.4CVSS5.4AI score0.00224EPSS

NVD•added 2026/06/09 6:16 p.m.•13 views

CVE-2026-34694

Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.9CVSS0.00175EPSS

NVD•added 2026/06/09 5:17 p.m.•5 views

CVE-2026-48301

5.4CVSS0.00224EPSS