CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added 5 days ago•42 views

XWiki < 14.10.14 - Cross-Site Scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy disabled by default, XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflecte...

9.6CVSS7.8AI score0.70688EPSS

Exploits1References2

RedhatCVE•added 5 days ago•7 views

CVE-2026-8900

The Simple SEO Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS5.7AI score0.00036EPSS

RedhatCVE•added 5 days ago•7 views

CVE-2026-8893

The Express Payment For Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the stripe-express shortcode in versions up to, and including, 1.28.0. This is due to insufficient input sanitization and output escaping on the shortcode attribute value,...

6.4CVSS5.7AI score0.00034EPSS

RedhatCVE•added 5 days ago•7 views

CVE-2026-46396

HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting XSS vulnerability exists in versions prior to 26.0.0 due to improper sanitization of elements. The application allows javascript: URIs in the src attribute, which are executed when a malicious page ...

9.3CVSS5.6AI score0.00052EPSS

Patchstack•added 5 days ago•5 views

WordPress Recipe Card Blocks Lite plugin <= 3.4.13 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Recipe Card Blocks for Gutenberg & Elementor versions = 3.4.13...

6.4CVSS5.4AI score0.00036EPSS

Exploits0References1Affected Software1

Positive Technologies•added 5 days ago•11 views

PT-2026-47199

A vulnerability was detected in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /admin/?page=room types. Performing a manipulation of the argument room results in cross site scripting. The attack is possible to be carried out...

4.8CVSS3.9AI score0.00033EPSS

Exploits0References7

RedhatCVE•added 6 days ago•8 views

CVE-2026-11337

A vulnerability was found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected by this vulnerability is an unknown functionality of the file /dashboardpage/forms/fetch.php. The manipulation of the argument...

5.3CVSS4AI score0.00039EPSS

7.2CVSS5.3AI score0.00032EPSS

CVE-2026-50232

Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attackers can craft files with XSS payloads in metadata tags that execute in the web interface when user...

7.2CVSS5.6AI score0.00048EPSS

CVE-2026-50231

Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped template variables. Attackers can inject XSS payloads through search, lines, and path query parameters or by...

6.1CVSS5.6AI score0.00039EPSS

CVE-2026-50230

Lyrion Music Server 9.2.0 contains an unauthenticated reflected cross-site scripting vulnerability in the server.log endpoint that allows attackers to inject arbitrary HTML and JavaScript code through the search parameter. Attackers can craft malicious URLs with JavaScript payloads in the search...

6.1CVSS5.6AI score0.00031EPSS

CVE-2026-50235

Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScri...

RedhatCVE•added 6 days ago•7 views

CVE-2026-46511

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the /system/api/connectionSettings endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover...

8.7CVSS5.5AI score0.00072EPSS

NVD•added 6 days ago•9 views

CVE-2026-11436

A vulnerability was detected in Mage AI up to 0.9.79. This impacts the function useMutation of the file mageai/frontend/components/Sessions/SignForm/index.tsx of the component Sign-in Flow. Performing a manipulation of the argument query.redirecturl results in cross site scripting. Remote...

5.3CVSS0.00033EPSS

Vulnrichment•added 6 days ago•4 views

CVE-2026-11436 Mage AI Sign-in Flow index.tsx useMutation cross site scripting

5.3CVSS4.1AI score0.00033EPSS

ATTACKERKB•added 6 days ago•5 views

CVE-2026-11436

5.3CVSS4AI score0.00033EPSS

CVE•added 6 days ago•17 views

CVE-2026-11436

Mage AI up to version 0.9.79 is affected in the Sign-in Flow. The vulnerability is in the useMutation function within mage_ai/frontend/components/Sessions/SignForm/index.tsx, where manipulating the query.redirect_url argument triggers cross site scripting. Remote exploitation is possible, and the...

5.3CVSS4.1AI score0.00033EPSS

Cvelist•added 6 days ago•34 views

CVE-2026-11436 Mage AI Sign-in Flow index.tsx useMutation cross site scripting

5.3CVSS0.00033EPSS

EUVD•added 6 days ago•7 views

EUVD-2026-34971

5.3CVSS4AI score0.00033EPSS