CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Rosalinux•added 2026/05/19 2:34 p.m.•5 views

Advisory ROSA-SA-2026-3285

software: vim 9.2.0321 WASP: ROSA-CHROME unaffected versions = vim-9.2.0321-1 affected versions vim-9.2.0321-1 CVE-ID: CVE-2026-33412 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A command injection vulnerability in the Vim text editor allows an attacker to execute arbitrary shell commands via a...

7.3CVSS6AI score0.00009EPSS

OSV•added 2026/05/19 12:0 a.m.•2 views

MAL-2026-4072 Malicious code in @antv/narrative-text-editor (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score

Exploits0References4

vulnersOsv•added 2026/05/19 12:0 a.m.•3 views

@antv/lite-insight (>=2.1.0 <=2.1.1), @antv/narrative-text-editor (>=0.1.1 <=0.2.20) +3 more potentially affected by unknown CVE via @antv/narrative-text-schema (>=0.1.5 <=0.3.7)

@antv/narrative-text-schema NPM version =0.1.5, =2.1.0, =0.1.1, =0.1.6, =2.0.0, =0.1.0-alpha.16, =0.1.0-alpha.22 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4073...

5.8AI score

Fedora•added 2026/05/17 1:5 a.m.•7 views

[SECURITY] Fedora 42 Update: python-jupytext-1.19.1-4.fc42

Have you always wished Jupyter notebooks were plain text documents? Wished you could edit them in your favorite IDE? And get clear and meaningful diffs when doing version control? Then... Jupytext may well be the tool you're looking for! Jupytext is a plugin for Jupyter that can save Jupyter...

9.8CVSS6.5AI score0.00048EPSS

Exploits2

Kaspersky•added 2026/05/12 12:0 a.m.•9 views

KLA91038 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges, execute arbitrary code, obtain sensitive information. Below is a complete list of...

9.8CVSS6.8AI score0.00257EPSS

Exploits5References65

EUVD•added 2026/05/10 3:31 p.m.•4 views

EUVD-2021-34793

Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary...

6.4CVSS5.9AI score0.00054EPSS

Exploits0References4

NVD•added 2026/05/08 3:16 p.m.•2 views

CVE-2026-41524

Brave CMS is an open-source CMS. Prior to commit 6c56603, page and article body content entered through the CKEditor rich-text editor is stored verbatim in the database and subsequently rendered with Laravel Blade's unescaped output directive !! !!. Any JavaScript or HTML injected by an editor-ro...

8.7CVSS0.00033EPSS

Positive Technologies•added 2026/05/08 12:0 a.m.•6 views

PT-2026-39138

Name of the Vulnerable Software and Affected Versions Brave CMS versions prior to commit 6c56603 Description Page and article body content entered through the CKEditor rich-text editor is stored verbatim in the database and rendered using Laravel Blade's unescaped output directive !! !!. This...

8.7CVSS5.8AI score0.00033EPSS

Exploits0References5

vulnersOsv•added 2026/03/17 3:5 p.m.•2 views

@ckeditor/ckeditor-cloud-services-collaboration (>=23.0.0 <=29.0.0), @ckeditor/ckeditor5-real-time-collaboration (>=29.1.0 <=33.0.0) +2 more potentially affected by CVE-2026-33151 via socket.io-parser (=3.4.1)

socket.io-parser NPM version =3.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on socket.io-parser and may be impacted: - @ckeditor/ckeditor-cloud-services-collaboration =23.0.0, =29.1.0, =29.0.0, =1.5.3, =2.1.0 Source cves: CVE-2026-33151 Source...

8.7CVSS5.8AI score0.00051EPSS

Packet Storm•added 2026/03/10 12:0 a.m.•74 views

📄 Voyager 1.8.0 Arbitrary File Upload

Voyager version 1.8.0 has an issue where an attacker with minimal privileges any role allowed to upload images in a Rich Text Box can upload a polyglot file masquerading as an image while embedding server-side executable code...

5.8AI score

RedhatCVE•added 2026/03/08 7:57 a.m.•3 views

CVE-2026-1820

The Media Library Alt Text Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bvmaltscdivupdatealttext' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

EUVD•added 2026/03/07 9:30 a.m.•1 views

Exploits0References1

EUVD-2026-10132

NVD•added 2026/03/07 8:16 a.m.•3 views

Exploits0References3

CVE-2026-1820

6.4CVSS0.00043EPSS

ATTACKERKB•added 2026/03/07 7:22 a.m.•1 views

CVE-2026-1820

Cvelist•added 2026/03/07 7:22 a.m.•28 views

Exploits0References3

CVE-2026-1820 Media Library Alt Text Editor <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'post_id' Shortcode Attribute

6.4CVSS0.00043EPSS

Vulnrichment•added 2026/03/07 7:22 a.m.•0 views

CVE-2026-1820 Media Library Alt Text Editor <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'post_id' Shortcode Attribute

CVE•added 2026/03/07 7:22 a.m.•7 views

CVE-2026-1820

The CVE CVE-2026-1820 concerns the WordPress plugin Media Library Alt Text Editor, vulnerable to an authenticated Stored Cross-Site Scripting (XSS) via shortcode attributes (notably post_id and bvmalt_sc_div_update_alt_text) in versions up to 1.0.0. The issue arises from insufficient input saniti...