CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20041 matches found

CVE•added 2026/02/18 1:13 p.m.•14 views

CVE-2026-1440

The CVE-2026-1440 entry concerns the Graylog Web Interface console (version 2.2.3) with a Reflected XSS flaw caused by insufficient sanitization/escaping of HTML output. Several endpoints include URL segments directly in responses without proper encoding, enabling an attacker to inject and execut...

6.1CVSS6.1AI score0.00189EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/02/18 1:13 p.m.•18 views

CVE-2026-1438 Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface

Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...

5.3CVSS0.00178EPSS

Exploits0References1

ATTACKERKB•added 2026/02/18 9:25 a.m.•7 views

CVE-2025-11185

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cmplz-accept-link shortcode in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.7AI score0.00245EPSS

Exploits0References4

NVD•added 2026/02/18 7:16 a.m.•6 views

CVE-2026-1666

The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'redirectto' parameter in all versions up to, and including, 3.3.46. This is due to insufficient input sanitization and output escaping on the 'redirectto' GET parameter in the login form shortcode...

6.1CVSS0.00264EPSS

Exploits0References5

NVD•added 2026/02/18 7:16 a.m.•6 views

CVE-2026-1807

The InteractiveCalculator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'interactivecalculator' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

6.4CVSS0.00235EPSS

Exploits0References4

CVE•added 2026/02/18 6:42 a.m.•13 views

CVE-2026-1666

CVE-2026-1666 affects the WordPress Download Manager plugin. It is a Reflected Cross-Site Scripting vulnerability in the login form shortcode via the vulnerable redirect_to GET parameter, due to insufficient input sanitization and output escaping. Affected: all versions up to and including 3.3.46...

6.1CVSS5.8AI score0.00264EPSS

Exploits0References5

NVD•added 2026/02/18 6:16 a.m.•6 views

CVE-2025-12122

The Popup Box – Easily Create WordPress Popups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

6.4CVSS0.0019EPSS

Exploits0References2

ATTACKERKB•added 2026/02/18 5:29 a.m.•2 views

CVE-2025-12122

6.4CVSS5.7AI score0.0019EPSS

Exploits0References3

Vulnrichment•added 2026/02/18 5:29 a.m.•3 views

CVE-2025-12122 Popup Box – Easily Create WordPress Popups <= 3.2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS5.7AI score0.0019EPSS

Exploits0References2

ATTACKERKB•added 2026/02/18 5:29 a.m.•3 views

CVE-2025-11737

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'vkExUnitsnstitle' parameter in all versions up to, and including, 9.112.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

6.4CVSS5.7AI score0.0019EPSS

Exploits0References3

Positive Technologies•added 2026/02/18 12:0 a.m.•5 views

PT-2026-20217

Name of the Vulnerable Software and Affected Versions WP 404 Auto Redirect to Similar Post plugin for WordPress versions prior to 1.0.6 Description The WP 404 Auto Redirect to Similar Post plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient inpu...

4.4CVSS5.7AI score0.00192EPSS

Exploits0References4

Positive Technologies•added 2026/02/18 12:0 a.m.•3 views

PT-2026-20295

The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop...

4.4CVSS5.7AI score0.00264EPSS

Exploits0References6

CVE•added 2026/02/17 9:26 a.m.•11 views

CVE-2026-1216

The RSS Aggregator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the template parameter in all versions up to and including 5.0.10, due to insufficient input sanitization and output escaping on user-supplied attributes. Unauthenticated attackers can trick a user into cl...

7.2CVSS5.7AI score0.00236EPSS

Exploits0References4

Positive Technologies•added 2026/02/17 12:0 a.m.•4 views

PT-2026-8396

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form name parameter in all versions up to, and including, 1.50.2 due to insufficient input sanitization and output escaping. This makes it possible for...

4.4CVSS5.7AI score0.00154EPSS

Exploits0References3

OSV•added 2026/02/16 6:19 p.m.•3 views

CVE-2019-25382

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the NTPSERVER parameter. Attackers can send POST requests to the time.cgi endpoint with script payloads in the...

5.1CVSS5.9AI score

Exploits0References3

Cvelist•added 2026/02/16 5:5 p.m.•26 views

CVE-2019-25394 Smoothwall Express 3.1 'modem.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi script that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted payloads in parameters like INIT, HANGUP, SPEAKERON,...

7.2CVSS0.00223EPSS

Exploits1References3

CVE•added 2026/02/16 5:5 p.m.•39 views

CVE-2019-25390

CVE-2019-25390 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9. The vulnerability is a set of multiple reflected cross-site scripting flaws in the interfaces.cgi script, exploitable via posted parameters such as GREEN_ADDRESS, GREEN_NETMASK, RED_DHCP_HOSTNAME, RED_ADDRESS, DNS1_OVERRIDE, ...

6.1CVSS5.6AI score0.00199EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/02/16 5:5 p.m.•24 views

CVE-2019-25387 Smoothwall Express 3.1 'xtaccess.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the xtaccess.cgi endpoint. Attackers can inject script payloads through the EXT, DESTPORT, or...

6.1CVSS0.00244EPSS

Exploits1References3

CNNVD•added 2026/02/16 12:0 a.m.•3 views

Kubysoft 跨站脚本漏洞

Kubysoft is an IT asset management software developed by the Spanish company Kubysoft. Kubysoft has a cross-site scripting vulnerability, which stems from improper handling of uploaded SVG images. This vulnerability could allow attackers to inject malicious scripts, enabling them to execute them ...

5.4CVSS5.7AI score0.00133EPSS

Exploits0References1

NVD•added 2026/02/15 2:16 p.m.•6 views

CVE-2019-25370

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfacesvlanedit.php with script payloads in the tag, descr, or vlanif parameters ...

6.1CVSS0.00232EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by