CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

139 matches found

NVD•added 2026/02/23 11:16 a.m.•2 views

CVE-2025-40986

Reflected Cross-Site Scripting XSS vulnerability in PideTuCita. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the endpoint 'cookies/indes.php/'. This vulnerability can be exploited to steal confidential user data,...

5.1CVSS0.00023EPSS

Exploits0References1

CVE•added 2026/02/18 1:12 p.m.•5 views

CVE-2026-1437

Graylog Web Interface console 2.2.3 contains a reflected XSS flaw due to insufficient sanitization/escaping of HTML output. Several endpoints may echo parts of the URL in responses, enabling arbitrary JavaScript execution when a user visits a crafted URL. The vulnerability could allow script exec...

6.1CVSS6.1AI score0.00058EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/01/20 12:0 a.m.•2 views

PT-2026-3595

A reflected cross-site scripting xss vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS5.6AI score0.00083EPSS

Exploits1References2

RedhatCVE•added 2026/01/09 10:47 a.m.•5 views

CVE-2022-31246

paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request e.g., within QR code data. On Windows, this can lead to capture of credentials over SMB. On Linux and UNIX, it can lead to a denial of service by specifying the /dev/zero filename...

5.5CVSS7AI score0.00257EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:39 a.m.•4 views

CVE-1999-0347

Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified after the character...

10CVSS6.7AI score0.03186EPSS

Exploits0References1

Vulnrichment•added 2025/12/12 5:2 a.m.•1 views

CVE-2025-64781

In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External page display restriction" is set to "Do not limit" in the initial configuration. With this configuration, the user may be redirected to an arbitrary website...

5.1CVSS5.1AI score0.00033EPSS

Exploits0References2