CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

ATTACKERKB•added 2026/04/15 8:28 a.m.•0 views

CVE-2026-3643

The Accessibly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in all versions up to, and including, 3.0.3. The plugin registers REST API endpoints at /otm-ac/v1/update-widget-options and /otm-ac/v1/update-app-config with the permissioncallback set to returntrue...

7.2CVSS5.8AI score0.00179EPSS

Exploits0References10

Cvelist•added 2026/04/15 8:28 a.m.•27 views

CVE-2026-3643 Accessibly <= 3.0.3 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Widget Source Injection via REST API

7.2CVSS0.00179EPSS

Exploits0References9

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2010-2758

Malware in sbrugna...

5CVSS9.4AI score0.00421EPSS

Exploits1References11

CVE•added 2025/08/12 2:5 a.m.•16 views

CVE-2025-42945

Summary (CVE-2025-42945) : SAP NetWeaver Application Server ABAP is reported to contain an HTML injection vulnerability. An attacker can craft a URL containing a malicious script that tricks a user with an active session into executing it. According to the documents, exploitation could lead to li...

6.1CVSS7.2AI score0.00046EPSS

Exploits0References2

NVD•added 2025/01/11 4:15 a.m.•9 views

CVE-2025-23108

Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability was fixed in Firefox for iOS 134...

4.3CVSS0.01431EPSS

Exploits0References2

OSV•added 2023/07/11 2:15 p.m.•0 views

CVE-2023-36163

Cross Site Scripting vulnerability in IP-DOT BuildaGate v.BuildaGate5 allows a remote attacker to execute arbitrary code via a crafted script to the mc parameter of the URL...

6.1CVSS6.2AI score

Exploits0References5

Mozilla•added 2023/05/09 12:0 a.m.•241 views

Security Vulnerabilities fixed in Firefox 113 — Mozilla

In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. An out-of-bound read could have led to a crash in the RLBox Expat driver. A missing delay in popup notifications could have made it...

8.8CVSS7.5AI score0.00298EPSS

Exploits0References16Affected Software1

RedHat Linux•added 2020/03/31 7:54 p.m.•0 views

libreoffice: Unsafe URL assembly flaw in allowed script location check

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...

7.8CVSS5.8AI score0.00376EPSS

Exploits0References5

seebug.org•added 2014/07/01 12:0 a.m.•23 views

Golf Club Site SQL Injection Vulnerability

No description provided by source. Exploit Title: Golf Club SQL injection Vulnerability Date: 30/06/2010 Author: JaMbA Script url: http://www.internetdm.co.uk/site/pages.php?fid=0,1,362 Version: N/A Tested on: Windows CVE : EXPL0!T http://server/path/pages.php?fid=0,13&ppid=38SQL Greetz to :...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•14 views

RamaCMS ADODB.Inc.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20523/info RamaCMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to compromise the application and the underlyi...

7.1AI score

Exploits0

Prion•added 2014/01/09 12:55 a.m.•17 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Open-Xchange OX AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 an HTML email with crafted CSS code containing wildcards or 2 office documents containing "crafted hyperlinks with script URL handler...

4.3CVSS6.2AI score0.00475EPSS

Exploits0References7Affected Software1

Cvelist•added 2014/01/09 12:0 a.m.•19 views

CVE-2013-6997

5.8AI score0.00475EPSS

Exploits0References7

securityvulns•added 2014/01/08 12:0 a.m.•56 views

Open-Xchange Security Advisory 2014-01-06

Open-Xchange Security Advisory 2014-01-06 Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 30203 Bug ID Vulnerability type: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page Vulnerable version: 7.4.0 and earlier Vulnerable component: backend Fixe...

4.3CVSS0.1AI score0.00475EPSS

Exploits0

Packet Storm•added 2011/09/02 12:0 a.m.•24 views

ACal 2.2.6 Cross Site Scripting

================================================================= =ACal-2.2.6 XSS Vulnerability ================================================================= Exploit Title: ACal-2.2.6 XSS Vulnerability Date: 02.09.2011 Author: T0xic Category: webapps/0day Script url:...

0.3AI score

Exploits0

Exploit DB•added 2010/11/19 12:0 a.m.•38 views

DVD Rental Software - SQL Injection

Exploit Title: DVD Rental Software SQL injection Vulnerability Date: 19/11/2010 Author: JaMbA Team: SwT Script url: http://www.commodityrentals.com/dvd.php Version: N/A Tested on: Demo CVE : EXPL0!T...

7.4AI score

Exploits0

Cvelist•added 2010/07/29 6:0 p.m.•22 views

CVE-2010-2754

dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows...

8.9AI score0.00421EPSS

Exploits1References3