CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6239 matches found

CVE-2026-56007

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OceanWP Ocean Product Sharing allows Stored XSS. This issue affects Ocean Product Sharing: from n/a through 2.2.2...

5.9CVSS

Exploits0References1

Nuclei•added yesterday•16 views

Dash Framework - Cross-site Scripting

Dash framework versions before 2.15.0 are vulnerable to Cross-site Scripting XSS via href attribute in anchor tags. This template tests for javascript:alert payload injection. id: CVE-2024-21485 info: name: Dash Framework - Cross-site Scripting author: Lee Changhyuneeche severity: medium...

6.5CVSS5.8AI score0.01475EPSS

Exploits1References1

Nuclei•added yesterday•25 views

Zarafa WebApp <=2.0.1.47791 - Cross-Site Scripting

Zarafa WebApp 2.0.1.47791 and earlier contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. id: CVE-2019-7219 info: name: Zarafa WebApp =2.0.1.47791 -...

6.1CVSS6.2AI score0.05173EPSS

Exploits0References5

Nuclei•added yesterday•204 views

Gitea 1.22.0 - Cross-Site Scripting

Gitea 1.22.0 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability allows an attacker to inject malicious scripts that get stored on the server and executed in the context of another user's session. id: CVE-2024-6886 info: name: Gitea 1.22.0 - Cross-Site Scripting...

10CVSS8.2AI score0.28239EPSS

Exploits3References2

Cvelist•added 4 days ago•24 views

CVE-2026-42663 WordPress Simple Membership plugin <= 4.7.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Simple Membership = 4.7.2 versions...

6.5CVSS0.00161EPSS

Exploits0References1

NVD•added 6 days ago•11 views

CVE-2026-5513

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS0.00257EPSS

Exploits1References2

RedHat Linux•added 2026/06/11 11:44 a.m.•6 views

Important: Red Hat Security Advisory: redis:7 security update

An update for the redis:7 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS6.6AI score0.0095EPSS

Exploits4References4

RedhatCVE•added 2026/06/10 9:3 p.m.•6 views

CVE-2026-47970

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00307EPSS

Exploits0References1

RedhatCVE•added 2026/06/10 8:59 a.m.•8 views

CVE-2026-8599

The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Campaign HTML Content Field in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes...

6.4CVSS5.7AI score0.00252EPSS

Exploits0References1

Vulnrichment•added 2026/06/09 8:59 p.m.•5 views

CVE-2026-34416 OSCAL-GUI Reflected XSS via project parameter in oscal.php

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the project request parameter. Attackers can craft a malicious URL containing unsanitized input that...

6.1CVSS5.6AI score0.00199EPSS

Exploits0References2

EUVD•added 2026/06/09 6:30 p.m.•7 views

EUVD-2026-35716

5.4CVSS5.5AI score0.00224EPSS

Exploits0References2

NVD•added 2026/06/09 5:17 p.m.•6 views

CVE-2026-47936

5.4CVSS0.00224EPSS

Exploits0References1

Vulnrichment•added 2026/06/09 4:48 p.m.•4 views

CVE-2026-47954 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

5.4CVSS5.5AI score0.00224EPSS

Exploits0References1

Vulnrichment•added 2026/06/09 4:48 p.m.•4 views

CVE-2026-47950 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

5.4CVSS5.4AI score0.00224EPSS

Exploits0References1

Vulnrichment•added 2026/06/09 4:48 p.m.•6 views

CVE-2026-47981 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

5.4CVSS5.4AI score0.00224EPSS

Exploits0References1

Cvelist•added 2026/06/09 4:48 p.m.•30 views

CVE-2026-47978 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

5.4CVSS0.00224EPSS

Exploits0References1

NVD•added 2026/06/09 5:16 a.m.•10 views

CVE-2026-8882

The WP ApplicantStack Jobs Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00187EPSS

Exploits0References3

GithubExploit•added 2026/06/09 5:13 a.m.•40 views

Teldat-Router-CVE-2022-POC

Teldat Router CVE-2022-39996 & CVE-2022-39997 POC Proof of...

8CVSS5.6AI score0.00326EPSS

Exploits2

Positive Technologies•added 2026/06/09 12:0 a.m.•8 views

PT-2026-48072

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.24 and earlier Adobe Experience Manager versions LTS SP1 and earlier Adobe Experience Manager versions 2026.04 and earlier Description A stored Cross-Site Scripting XSS issue allows a low-privileged attack...

5.4CVSS5.5AI score0.00224EPSS

Exploits0References3

Positive Technologies•added 2026/06/09 12:0 a.m.•9 views

PT-2026-47634

Name of the Vulnerable Software and Affected Versions Enable Media Replace versions prior to 4.1.9 Description Insufficient input sanitization and output escaping in the Enable Media Replace plugin for WordPress allow authenticated attackers with Author-level access or higher to perform Stored...

6.4CVSS5.7AI score0.00187EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by