CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1070 matches found

OSV•added 2026/05/05 8:32 p.m.•1 views

GHSA-8RQ5-WWPP-FMJ2 YAFNET has Stored XSS in Forum Thread Posts/Replies that Allows Arbitrary JavaScript Execution for All Thread Viewers

Description: Stored Cross-Site Scripting XSS occurs when user-supplied input is persisted by the application and later rendered in another user's browser without proper sanitization or contextual output encoding. When the vulnerable sink is a high-traffic surface such as a public forum thread, th...

7.3CVSS6.2AI score0.00033EPSS

Exploits0References5

NVD•added 2026/04/29 8:16 p.m.•0 views

CVE-2018-25309

MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can create threads with script tags in the subject parameter to execute arbitrary JavaScript in the browser...

7.2CVSS0.00028EPSS

Exploits1References3

Cvelist•added 2026/04/29 7:24 p.m.•31 views

CVE-2018-25309 MyBB Recent threads 17.0 Persistent Cross-Site Scripting

7.2CVSS0.00028EPSS

Exploits1References3

EUVD•added 2026/04/29 7:24 p.m.•0 views

EUVD-2018-21830

7.2CVSS5.3AI score0.00028EPSS

Exploits1References3

CVE•added 2026/04/29 7:24 p.m.•5 views

CVE-2018-25309

CVE-2018-25309 affects MyBB 17.0 Recent Threads. It is a persistent XSS in the thread subject that lets attackers inject scripts to execute in the browsers of users viewing the index page. The root cause is crafted subject lines containing script tags, enabling arbitrary JavaScript execution in a...

7.2CVSS5.3AI score0.00028EPSS

Exploits1References3Affected Software1

ATTACKERKB•added 2026/04/29 3:34 p.m.•1 views

CVE-2026-40229

Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML...

5.1CVSS5AI score0.00034EPSS

Exploits1References3Affected Software1

CVE•added 2026/04/29 3:34 p.m.•4 views

CVE-2026-40229

Helpy (version 2.8.0) has a Stored Cross-Site Scripting (XSS) in the post author display logic (PostsHelper). An authenticated user can persist arbitrary HTML in their account name, which is rendered unescaped in public forum threads, the admin ticket view, and HTML notification emails sent to ot...

5.4CVSS5AI score0.00034EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/04/29 3:34 p.m.•30 views

CVE-2026-40229 Helpy 2.8.0 - Stored XSS in post author display via PostsHelper

5.1CVSS0.00034EPSS

Exploits1References2

EUVD•added 2026/04/29 3:34 p.m.•1 views

EUVD-2026-26244

5.1CVSS5AI score0.00034EPSS

Exploits1References2

Vulnrichment•added 2026/04/29 3:34 p.m.•3 views

CVE-2026-40229 Helpy 2.8.0 - Stored XSS in post author display via PostsHelper

5.1CVSS5AI score0.00034EPSS

Exploits1References2

CNNVD•added 2026/04/29 12:0 a.m.•3 views

MyBB Recent threads 跨站脚本漏洞

MyBB Recent threads is a plugin provided by MyBB Corporation that displays the latest topic lists on forums. Version 17.0 of MyBB Recent threads contains a cross-site scripting vulnerability. This vulnerability stems from persistent cross-site scripting, allowing attackers to inject malicious...

7.2CVSS5.9AI score0.00028EPSS

Exploits1References1

Positive Technologies•added 2026/04/29 12:0 a.m.•3 views

PT-2026-35950

Name of the Vulnerable Software and Affected Versions Helpy version 2.8.0 Description A stored cross-site scripting issue exists in the post author display logic. A registered user can persist arbitrary HTML in the account name field, which is then rendered unescaped in public forum threads, the...

5.4CVSS5.8AI score0.00034EPSS

Exploits1References6

Positive Technologies•added 2026/04/29 12:0 a.m.•3 views

PT-2026-35992

Name of the Vulnerable Software and Affected Versions MyBB Recent threads version 17.0 Description A persistent cross-site scripting issue allows attackers to inject malicious scripts by creating threads with crafted subject lines. By using script tags in the subject parameter, an attacker can...

7.2CVSS5.9AI score0.00028EPSS

Exploits1References5

NVD•added 2026/04/28 6:16 a.m.•2 views

CVE-2026-6809

The Social Post Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Threads embed handler in all versions up to, and including, 2.0.1. This is due to insufficient input sanitization and output escaping on the user-supplied URL. This makes it possible for authenticated...

6.4CVSS0.00046EPSS

Exploits0References6

Vulnrichment•added 2026/04/28 4:28 a.m.•4 views

CVE-2026-6809 Social Post Embed <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Threads Embed

6.4CVSS5.5AI score0.00046EPSS

Exploits0References6

EUVD•added 2026/04/28 4:28 a.m.•4 views

EUVD-2026-25987

6.4CVSS5.5AI score0.00046EPSS

Exploits0References6

Cvelist•added 2026/04/28 4:28 a.m.•33 views

CVE-2026-6809 Social Post Embed <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Threads Embed

6.4CVSS0.00046EPSS

Exploits0References6

ATTACKERKB•added 2026/04/28 4:28 a.m.•3 views

CVE-2026-6809

6.4CVSS5.5AI score0.00046EPSS

Exploits0References7

CVE•added 2026/04/28 4:28 a.m.•6 views

CVE-2026-6809

The CVE-2026-6809 entry concerns the WordPress plugin Social Post Embed (versions up to 2.0.1). Affected component: Threads embed handler; root cause: insufficient input sanitization and output escaping on the user-supplied URL, enabling stored XSS by authenticated users with Contributor-level ac...

6.4CVSS5.5AI score0.00046EPSS

Exploits0References6

Positive Technologies•added 2026/04/28 12:0 a.m.•3 views

PT-2026-35660

6.4CVSS5.5AI score0.00046EPSS

Exploits0References9

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by