CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

45 matches found

BIT-KIBANA-2026-42401 Improper Neutralization of Input During Web Page Generation in Kibana Leading to Stored HTML Injection

Improper Neutralization of Input During Web Page Generation CWE-79 in Kibana can lead to stored HTML injection. A user with write access to an Elasticsearch index could persist crafted markup which, when subsequently rendered through an affected Kibana view by another user, was not sufficiently...

5.4CVSS5.7AI score0.00023EPSS

Exploits0References2

RedhatCVE•added 5 days ago•5 views

CVE-2026-42401

5.4CVSS5.8AI score0.00023EPSS

Exploits0References1

NVD•added 6 days ago•8 views

CVE-2026-42401

5.4CVSS0.00023EPSS

Exploits0References1

Vulnrichment•added 6 days ago•6 views

CVE-2026-42401 Improper Neutralization of Input During Web Page Generation in Kibana Leading to Stored HTML Injection

4.1CVSS5.8AI score0.00023EPSS

Exploits0References1

ATTACKERKB•added 6 days ago•4 views

CVE-2026-42401

4.1CVSS5.8AI score0.00023EPSS

Exploits0References2Affected Software1

EUVD•added 6 days ago•5 views

EUVD-2026-33012

4.1CVSS5.8AI score0.00023EPSS

Exploits0References1

CVE•added 6 days ago•10 views

CVE-2026-42401

CVE-2026-42401 affects Kibana, where improper neutralization of input during web page generation (CWE-79) allows stored HTML injection. A user with write access to an Elasticsearch index can persist crafted markup that, when rendered in a Kibana view by another user, may not be sufficiently sanit...

5.4CVSS5.8AI score0.00023EPSS

Exploits0References1Affected Software1

Cvelist•added 6 days ago•26 views

CVE-2026-42401 Improper Neutralization of Input During Web Page Generation in Kibana Leading to Stored HTML Injection

4.1CVSS0.00023EPSS

Exploits0References1

Positive Technologies•added 6 days ago•9 views

PT-2026-44493

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Improper neutralization of input during web page generation allows for stored HTML injection. A user with write access to an Elasticsearch index can persist crafted markup that is not...

5.4CVSS5.7AI score0.00023EPSS

Exploits0References4

EUVD•added 2026/04/16 12:31 p.m.•1 views

EUVD-2025-209497

The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection. An attacker can leverage this by injecting malicious scripts into the authentication endpoint. This can result in the user's browser being redirected to a malicious...

6.1CVSS5.7AI score0.00013EPSS

Exploits0References2

NVD•added 2026/04/16 10:16 a.m.•0 views

CVE-2025-6024

6.1CVSS0.00013EPSS

Exploits0References1

OSV•added 2026/02/03 12:30 p.m.•1 views

GHSA-MHF6-PP52-8WQJ Moodle Cross-site Scripting (XSS) vulnerability

A flaw was found in Moodle. This Cross-site Scripting XSS vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface...

7.3CVSS5.3AI score0.00007EPSS

Exploits0References6

Positive Technologies•added 2026/02/03 12:0 a.m.•5 views

PT-2026-5959

Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A flaw exists in Moodle due to improper sanitization of AI prompt responses. This allows attackers to inject malicious HTML or script into web pages. Successful exploitation could lead to...

7.3CVSS5.4AI score0.00007EPSS

Exploits0References7

RedhatCVE•added 2025/12/19 12:37 p.m.•3 views

CVE-2025-67849

A flaw was found in Moodle. This cross-site scripting XSS vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface...

5.6AI score0.00007EPSS

Exploits0References2

OSV•added 2025/11/05 8:15 p.m.•2 views

CVE-2025-10853

A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...

6.1CVSS5.7AI score

Exploits0References1

NVD•added 2025/11/05 8:15 p.m.•3 views

CVE-2025-10853

6.1CVSS0.00027EPSS

Exploits0References1

EUVD•added 2025/11/05 7:21 p.m.•3 views

EUVD-2025-37927

5.2CVSS5.3AI score0.00027EPSS

Exploits0References3

EUVD•added 2025/11/05 7:2 p.m.•2 views

EUVD-2025-37921

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary JavaScript payloads into the authentication endpoint, which are reflected back in the response, enabling...

6.1CVSS5.6AI score0.00026EPSS

Exploits0References3

Positive Technologies•added 2025/11/05 12:0 a.m.•3 views

PT-2025-45160

Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description A reflected cross-site scripting XSS issue exists in the management console of multiple WSO2 products because of improper output encoding. A malicious actor can inject arbitrary...

6.1CVSS5.5AI score0.00027EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-10043

Malicious code in bioql PyPI...

5.5CVSS6.3AI score0.00153EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by