CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

272 matches found

CVE-2026-8474 Possible to run a Cross Site Scripting request on the login API available on Stormshield SNS appliances.

A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41, 4.8.0 to 4.8.15, 5.0.0 to 5.0.5 It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim's machine. The risks include the theft of...

5.3CVSS5.9AI score0.0003EPSS

Exploits0References1

NVD•added last week•9 views

CVE-2026-47074

Improper Certificate Validation vulnerability in ex-aws exawssns ExAws.SNS, ExAws.SNS.PublicKeyCache modules allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/exaws/sns.ex, lib/exaws/sns/publickeycache.ex and program routines...

8.7CVSS0.00044EPSS

Exploits0References4

ATTACKERKB•added last week•6 views

CVE-2026-47074

8.7CVSS5.8AI score0.00044EPSS

Exploits0References5Affected Software1

Cvelist•added 2026/05/14 2:39 p.m.•34 views

CVE-2026-44308 Spring Cloud AWS: Missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notifications

Spring Cloud AWS simplifies using AWS managed services in a Spring and Spring Boot applications. From 3.0.0 to 4.0.1, pplications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support @NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping did n...

6.3CVSS0.00108EPSS

Exploits0References1

CVE•added 2026/05/14 2:39 p.m.•5 views

CVE-2026-44308

CVE-2026-44308 concerns Spring Cloud AWS, where the SNS HTTP/HTTPS endpoint support methods (@NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping) failed to verify incoming SNS message signatures from versions 3.0.0 through 4.0.1. An unauthent...

6.3CVSS5.8AI score0.00108EPSS

Exploits0References1

EUVD•added 2026/05/08 9:12 p.m.•4 views

EUVD-2026-28832

Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verifying the SNS signature, certificate, or topic ARN, meaning anyone can forge a valid-looking webhoo...

9.1CVSS5.7AI score0.00018EPSS

Exploits0References2

Cvelist•added 2026/05/08 9:12 p.m.•24 views

CVE-2026-42193 Plunk: SNS webhook forgery

9.1CVSS0.00018EPSS

Exploits0References2

ATTACKERKB•added 2026/05/08 9:12 p.m.•4 views

CVE-2026-42193

9.1CVSS5.7AI score0.00018EPSS

Exploits0References3Affected Software1

vulnersOsv•added 2026/05/07 12:6 a.m.•3 views

com.limemojito.oss.spring-boot:aws-utilities (>=11.0.0 <=12.0.7), com.limemojito.oss.standards:aws-utilities (>=13.0.0 <=14.1.0) +8 more potentially affected by CVE-2026-44308 via io.awspring.cloud:spring-cloud-aws-sns (>=3.0.0 <=3.4.2)

io.awspring.cloud:spring-cloud-aws-sns MAVEN version =3.0.0, =11.0.0, =13.0.0, =3.2.0, =3.0.0, =0.16.0, =1.1.0, =0.0.1, =2.1.0, =2.0.0, =7.0.0-beta Source cves: CVE-2026-44308 Source advisory: OSV:GHSA-R4W4-WV68-QV85...

6.3CVSS5.8AI score0.00108EPSS

Exploits0

Github Security Blog•added 2026/05/07 12:6 a.m.•6 views

Spring Cloud AWS missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notifications

Impact Applications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support @NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping did not verify the signature of incoming SNS messages. An unauthenticated attacker who knows the endpoint URL could...

6.3CVSS6AI score0.00108EPSS

Exploits0References5Affected Software1

vulnersOsv•added 2026/05/07 12:6 a.m.•1 views

be.appify.prefab:prefab-sns-sqs (>=0.4.0 <=0.7.1), be.appify.prefab:prefab-test (>=0.4.0 <=0.7.1) +8 more potentially affected by CVE-2026-44308 via io.awspring.cloud:spring-cloud-aws-sns (>=4.0.0 <=4.0.1)

io.awspring.cloud:spring-cloud-aws-sns MAVEN version =4.0.0, =0.4.0, =0.4.0, =4.0.0, =4.0.0, =4.0.0, =2.1.0, =1.3.0, =7.0.0, =7.0.0, =7.3.1 Source cves: CVE-2026-44308 Source advisory: OSV:GHSA-R4W4-WV68-QV85...

6.3CVSS5.8AI score0.00108EPSS

Exploits0

Positive Technologies•added 2026/05/07 12:0 a.m.•5 views

PT-2026-38403

6.3CVSS6AI score0.00108EPSS

Exploits0References6

RedhatCVE•added 2026/04/13 7:25 p.m.•1 views

CVE-2026-39667

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jongmyoung Kim Korea SNS korea-sns allows DOM-Based XSS.This issue affects Korea SNS: from n/a through = 1.7.0...

5.9CVSS5.8AI score0.00036EPSS

Exploits0References1

NVD•added 2026/04/08 9:16 a.m.•1 views

CVE-2026-39667

5.9CVSS0.00036EPSS

Exploits0References1

Cvelist•added 2026/04/08 8:30 a.m.•21 views

CVE-2026-39667 WordPress Korea SNS plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability

5.9CVSS0.00036EPSS

Exploits0References1

CVE•added 2026/04/08 8:30 a.m.•1 views

CVE-2026-39667

CVE-2026-39667 describes a DOM-based XSS in the WordPress Korea SNS plugin (korea-sns) for WordPress, affected versions up to and including 1.7.0. The root cause is improper neutralization of input during web page generation, enabling cross-site scripting. The vulnerability impacts Korea SNS user...

5.9CVSS5.9AI score0.00036EPSS

Exploits0References1

ATTACKERKB•added 2026/04/08 8:30 a.m.•2 views

CVE-2026-39667

5.9AI score0.00036EPSS

Exploits0References2

EUVD•added 2026/04/08 6:31 a.m.•0 views

EUVD-2026-20052

Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product...

5.4CVSS6.2AI score0.00035EPSS

Exploits0References3

NVD•added 2026/04/08 6:16 a.m.•1 views

CVE-2026-27787

5.4CVSS0.00035EPSS

Exploits0References2

Vulnrichment•added 2026/04/08 5:11 a.m.•0 views

CVE-2026-27787

5.4CVSS6.2AI score0.00035EPSS

Exploits0References2

Rows per page