CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

5.4CVSS5.4AI score0.0003EPSS

CVE-2026-48299 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

CVE•added 4 days ago•6 views

CVE-2026-48299

Adobe Experience Manager (AEM) versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability. A low-privileged attacker can inject malicious scripts into vulnerable form fields, causing JavaScript to execute in a victim’s browser when visiting the...

5.4CVSS5.5AI score0.0003EPSS

Exploits0References1Affected Software1

Cvelist•added 4 days ago•28 views

CVE-2026-48299 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

5.4CVSS0.0003EPSS

Cvelist•added 4 days ago•27 views

CVE-2026-48266 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS0.0003EPSS

5.4CVSS5.5AI score0.0003EPSS

CVE-2026-48266 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

5CVSS5.5AI score0.00034EPSS

CVE-2026-42599 Cross-site scripting via spread attributes in Svelte SSR

Svelte is a performance oriented web framework. Prior to version 5.55.7, when using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an...

Cvelist•added 4 days ago•22 views

CVE-2026-42599 Cross-site scripting via spread attributes in Svelte SSR

5CVSS0.00034EPSS

CVE•added 4 days ago•8 views

CVE-2026-42573

CVE-2026-42573 affects Svelte before version 5.55.7, where DOM clobbering of the internal framework state on elements could lead to XSS . The issue is patched in version 5.55.7 . The vulnerability relates to attribute spreading on a form element and the use of spread or dynamic name attributes on...

6.1CVSS5.3AI score0.0003EPSS

Exploits0References2Affected Software1

EUVD•added 4 days ago•6 views

EUVD-2026-35701

Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. This issue has been patched in version 5.55.7...

5.3CVSS5.3AI score0.0003EPSS

5.3CVSS5.3AI score0.0003EPSS

CVE-2026-42573 Svelte: XSS via DOM Clobbering of Internal Framework State

Cvelist•added 4 days ago•23 views

CVE-2026-42573 Svelte: XSS via DOM Clobbering of Internal Framework State

5.3CVSS0.0003EPSS

GithubExploit•added 4 days ago•33 views

xssor

No d...

5.4AI score

Exploits0

Vulnrichment•added 4 days ago•3 views

CVE-2026-46492 md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed)

md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting XSS vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including tags—is processed and injecte...

7.2CVSS5.4AI score0.00047EPSS

Cvelist•added 4 days ago•33 views

CVE-2026-46492 md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed)

7.2CVSS0.00047EPSS

EUVD•added 4 days ago•4 views

EUVD-2026-35496

7.2CVSS5.4AI score0.00047EPSS

CVE•added 4 days ago•8 views

CVE-2026-46492

md-fileserver önce 1.10.3 sürümünden önce HTML içeren Markdown içeriğini güvenli olmayan şekilde render ediyor; bu, kullanıcı tarafından sağlanan Markdown içeriğinde yer alan [removed] gibi ham HTML’nin sayfaya güvenliksız olarak enjekte edilmesine yol açıyor. Etkilenen bileşenler arasında Markdo...

7.2CVSS5.4AI score0.00047EPSS