CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2026/05/15 5:14 p.m.•8 views

Cross-site Scripting (XSS)

Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Cross-site Scripting XSS in the search preview process. An attacker can execute arbitrary HTML or CSS in the authenticated editor interface ...

5.1CVSS5.8AI score0.00208EPSS

OSV•added 2026/05/15 5:14 p.m.•6 views

GHSA-6WXC-8MGQ-W26M Weblate: Stored HTML injection in editor search preview

Impact Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a matching search. Patches...

4.6CVSS5.8AI score0.00208EPSS

Exploits0References6

Circl•added 2026/05/15 4:51 p.m.•10 views

CVE-2026-2031

creationtimestamp| type| source ---|---|--- 2026-05-15 16:51:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlvs5mlvn72i...

10CVSS5.8AI score0.00514EPSS

vulnersOsv•added 2026/05/15 4:31 p.m.•9 views

nimiq-account (>=0.1.0 <=0.2.0), nimiq-accounts (>=0.1.0 <=0.2.0) +17 more potentially affected by CVE-2026-40092 via nimiq-keys (>=0.1.0 <=0.2.0)

nimiq-keys CARGO version =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2026-40092 Source advisory: OSV:GHSA-27W2-87XV-37C6...

7.5CVSS5.8AI score0.00626EPSS

Exploits0

Circl•added 2026/05/15 3:11 p.m.•7 views

CVE-2026-22810

creationtimestamp| type| source ---|---|--- 2026-05-15 15:11:50+00:00| published-proof-of-concept| https://github.com/laurent22/joplin/security/advisories/GHSA-gcmj-c9gg-9vh6 2026-05-27 07:19:13+00:00| seen| https://bsky.app/profile/cyberowi.pl/post/3mmsxqum7dk2n 2026-06-03 01:37:06+00:00| seen|...

8.2CVSS5.7AI score0.00206EPSS

Cvelist•added 2026/05/15 2:53 p.m.•55 views

CVE-2026-45736 ws: Uninitialized memory disclosure

ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1...

4.4CVSS0.00473EPSS

Exploits1References2

Circl•added 2026/05/15 2:41 p.m.•6 views

CVE-2026-8503

creationtimestamp| type| source ---|---|--- 2026-05-15 14:41:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlvkuwq2i22n...

6.5CVSS5.8AI score0.00243EPSS

Circl•added 2026/05/15 2:36 p.m.•7 views

CVE-2026-8454

creationtimestamp| type| source ---|---|--- 2026-05-15 14:36:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlvklyctod2q 2026-05-15 20:15:00+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mlw5izwcdv2x 2026-05-16 11:41:16+00:00| seen|...

5.3CVSS5.8AI score0.00193EPSS

Circl•added 2026/05/15 1:3 p.m.•12 views

CVE-2026-37541

creationtimestamp| type| source ---|---|--- 2026-05-15 13:03:31+00:00| seen| https://bsky.app/profile/keiwork35.bsky.social/post/3mlvfespgwk2k 2026-05-20 16:07:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mmcbyhnwol2r...

10CVSS5.8AI score0.00678EPSS

Circl•added 2026/05/15 12:51 p.m.•11 views

CVE-2026-41964

creationtimestamp| type| source ---|---|--- 2026-05-15 12:51:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlveq2tozv2c 2026-05-16 18:00:30+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlyghhkz3j2c...

8.4CVSS5.8AI score0.00075EPSS

Circl•added 2026/05/15 12:32 p.m.•17 views

CVE-2026-7563

creationtimestamp| type| source ---|---|--- 2026-05-15 12:32:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mlvdnd5alz2s...

4.3CVSS5.8AI score0.00265EPSS

Cvelist•added 2026/05/15 12:31 p.m.•47 views

CVE-2026-7182 Path Traversal in Diagram

Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated pdf. This issue was fixed in version 1.1.1...

9.2CVSS0.00397EPSS

Circl•added 2026/05/15 11:41 a.m.•12 views

CVE-2026-8425

creationtimestamp| type| source ---|---|--- 2026-05-15 11:41:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlvas5mldv2o...

4.3CVSS5.8AI score0.00135EPSS

Circl•added 2026/05/15 11:32 a.m.•15 views

CVE-2026-4683

creationtimestamp| type| source ---|---|--- 2026-05-15 11:32:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mlvabzkyk72a...

6.5CVSS5.8AI score0.00262EPSS

Circl•added 2026/05/15 11:21 a.m.•11 views

CVE-2026-6403

creationtimestamp| type| source ---|---|--- 2026-05-15 11:21:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlv7pim2z52h 2026-05-15 14:32:05+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mlvkdulq3o2s...

7.5CVSS5.8AI score0.00811EPSS

Circl•added 2026/05/15 11:17 a.m.•12 views

CVE-2026-41961

creationtimestamp| type| source ---|---|--- 2026-05-15 11:17:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlv7ir2xip2i...

5.9CVSS5.8AI score0.00078EPSS

Circl•added 2026/05/15 10:55 a.m.•9 views

CVE-2026-45062

creationtimestamp| type| source ---|---|--- 2026-05-15 10:55:59+00:00| published-proof-of-concept| https://github.com/php/frankenphp/security/advisories/GHSA-3g8v-8r37-cgjm 2026-05-16 09:50:05+00:00| seen| https://bsky.app/profile/dunglas.dev/post/3mlxl2h6gpc2k 2026-05-17 02:40:31+00:00| seen|...

8.1CVSS5.8AI score0.00568EPSS