CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/04/08 6:27 p.m.•4 views

EUVD-2026-20578

6.5CVSS5.8AI score0.0017EPSS

Vulnrichment•added 2026/04/08 6:27 p.m.•2 views

CVE-2026-35403 LORIS has potential cross-site scripting in survey_accounts module

6.5CVSS5.7AI score0.0017EPSS

CVE•added 2026/04/08 6:27 p.m.•11 views

CVE-2026-35403

LORIS (Longitudinal Online Research and Imaging System) is affected by a cross-site scripting (XSS) vulnerability in the survey_accounts module. From version 15.10 up to (but not including) 27.0.3 and 28.0.1, a user-provided invalid visit label can trigger XSS because the response payload is JSON...

6.5CVSS5.8AI score0.0017EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/04/08 12:0 a.m.•5 views

PT-2026-31429

6.5CVSS5.8AI score0.0017EPSS

Exploits0References2

CVE•added 2026/04/06 9:22 p.m.•8 views

CVE-2026-35404

Open edX Platform is affected by CVE-2026-35404 due to an unvalidated redirect_url parameter in the view_survey endpoint. The parameter is passed directly to HttpResponseRedirect(), causing a 302 redirect when a non-existent survey name is requested. The same unvalidated URL is also returned in a...

Exploits1References2Affected Software1

Cvelist•added 2026/04/06 9:22 p.m.•18 views

CVE-2026-35404 Open edX Platform has an Open Redirect in Survey Views via Unvalidated redirect_url Parameter

Open edX Platform enables the authoring and delivery of online learning at any scale. The viewsurvey endpoint accepts a redirecturl GET parameter that is passed directly to HttpResponseRedirect without any URL validation. When a non-existent survey name is provided, the server issues an immediate...

4.7CVSS0.00223EPSS

Exploits1References2

ATTACKERKB•added 2026/04/06 9:22 p.m.•1 views

CVE-2026-35404

Vulnrichment•added 2026/04/06 9:22 p.m.•3 views

Exploits1References3

CVE-2026-35404 Open edX Platform has an Open Redirect in Survey Views via Unvalidated redirect_url Parameter

4.7CVSS5.8AI score0.00223EPSS

Exploits1References2

Positive Technologies•added 2026/04/06 12:0 a.m.•2 views

PT-2026-30739

Name of the Vulnerable Software and Affected Versions Open edX Platform affected versions not specified Description The Open edX Platform allows for the creation and delivery of online learning content. The view survey API endpoint is susceptible to an open redirect issue due to the lack of...

CNNVD•added 2026/04/06 12:0 a.m.•6 views

Exploits1References6

Open edX Platform 输入验证错误漏洞

The Open edX Platform is an open-source course management system developed by Open edX. This system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. The Open edX Platform has a vulnerability related to input validation, where the redirecturl...

EUVD•added 2026/03/30 3:32 p.m.•0 views

Exploits1References3

EUVD-2026-17084

A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/EVENTID/TIMESTAMP/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may...

NVD•added 2026/03/30 2:16 p.m.•3 views

Exploits0References2

CVE-2026-3321

8.7CVSS0.00287EPSS

The Hacker News•added 2026/03/30 1:56 p.m.•16 views

⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More

Some weeks are loud. This one was quieter but not in a good way. Long-running operations are finally hitting courtrooms, old attack methods are showing up in new places, and research that stopped being theoretical right around the time defenders stopped paying attention. There's a bit of everythi...

10CVSS7.4AI score0.99997EPSS

Exploits124

ATTACKERKB•added 2026/03/30 1:17 p.m.•1 views

CVE-2026-3321

CNNVD•added 2026/03/30 12:0 a.m.•6 views

Exploits0References2

ON24 Q&A Chat 安全漏洞

ON24 Q&A Chat is an online interactive Q&A and chat component developed by ON24 Inc. There is a security vulnerability in ON24 Q&A Chat. This vulnerability stems from the console-survey/api/v1/answer/EVENTID/TIMESTAMP/ endpoint, which allows unauthorized access through bypassing user-controlled...

Positive Technologies•added 2026/03/30 12:0 a.m.•4 views

PT-2026-29024

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description A vulnerability exists that allows authorization bypass through a user-controlled key in the 'console-survey/api/v1/answer/EVENTID/TIMESTAMP/' endpoint...

RedhatCVE•added 2026/03/26 3:9 p.m.•3 views

Exploits0References4

CVE-2026-1247

The Survey plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above,...

4.4CVSS5.9AI score0.00245EPSS

RedhatCVE•added 2026/03/26 3:8 p.m.•2 views

CVE-2026-2412

The Quiz and Survey Master QSM plugin for WordPress is vulnerable to SQL Injection via the 'mergedquestion' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitizetextfield function...

6.5CVSS5.9AI score0.00318EPSS