CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/20 2:39 p.m.•3 views

EUVD-2026-31125

The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the browser...

5.3CVSS5.7AI score0.0004EPSS

RedhatCVE•added 2026/05/19 1:58 a.m.•5 views

CVE-2026-29964

HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting XSS vulnerability in the /tap/tap.php endpoint due to improper neutralization of user-controlled input using alternate or obfuscated JavaScript syntax. The endpoint reflects unsanitized user input in HTTP responses without adequate output...

6.1CVSS6.2AI score0.00042EPSS

Exploits1References1

CVE•added 2026/04/14 12:6 a.m.•3 views

CVE-2026-27674

An unauthenticated code injection flaw in SAP NetWeaver Application Server Java (Web Dynpro Java) could allow a crafted input to cause the application to reference attacker‑controlled content, leading to execution of client‑side code in the victim’s browser and potential session compromise. Affec...

6.1CVSS6.1AI score0.00084EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/04/14 12:6 a.m.•20 views

CVE-2026-0512 Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog)

Due to a Cross-Site Scripting XSS vulnerability in the SAP Supplier Relationship Management SICF Handler in SRM Catalog, an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browser. This could allow t...

6.1CVSS0.00108EPSS

RedhatCVE•added 2026/03/26 3:9 p.m.•0 views

CVE-2026-27228

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

OSV•added 2026/03/19 4:28 p.m.•2 views

GHSA-H8VW-PH9R-XPCH qui CORS Misconfiguration: Arbitrary Origins Trusted

Summary The application implements an HTML5 cross-origin resource sharing CORS policy that allows access from any domain. While the application is typically deployed within a trusted local network, successful exploitation of this weakness does not require any direct access to the instance by the...

9.6CVSS5.9AI score0.00055EPSS

Exploits0References4

Vulnrichment•added 2026/03/18 7:34 a.m.•3 views

CVE-2026-22322 Stored Cross‑Site Scripting in Link Aggregation Name Handling

A stored cross‑site scripting XSS vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’...

7.1CVSS5.8AI score0.00034EPSS

NVD•added 2026/03/11 1:16 a.m.•1 views

CVE-2026-27265

5.4CVSS0.00041EPSS

OSV•added 2026/03/11 1:16 a.m.•0 views

CVE-2026-27235

5.4CVSS5.7AI score

OSV•added 2026/03/11 1:16 a.m.•1 views

CVE-2026-27239

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

5.4CVSS5.7AI score

Vulnrichment•added 2026/03/11 12:23 a.m.•0 views

CVE-2026-27254 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

ATTACKERKB•added 2026/03/11 12:23 a.m.•2 views

CVE-2026-27248

Positive Technologies•added 2026/03/11 12:0 a.m.•3 views

PT-2026-24532

Positive Technologies•added 2026/03/11 12:0 a.m.•1 views

PT-2026-24539

5.4CVSS5.8AI score0.0003EPSS

CVE•added 2026/03/10 5:6 p.m.•3 views

CVE-2025-13902

CVE-2025-13902 describes a Cross-site Scripting (CWE-79) vulnerability that can allow an authenticated attacker to cause a victim’s browser to execute arbitrary JavaScript when the victim visits a page containing a crafted element with the injected payload. The CVSS score is 5.1 (Medium) with NET...

5.1CVSS5.9AI score0.0007EPSS

Veracode•added 2026/03/06 6:1 p.m.•2 views

Cross-site Scripting (XSS)

Astro is vulnerable to Cross Site Scripting XSS. The vulnerability is due to a Reflected Cross-Site Scripting XSS vulnerability in Astro's development server error pages when the trailingSlash configuration option is used, where an attacker can inject arbitrary JavaScript code that executes in th...

6.1CVSS5.9AI score0.00033EPSS

Exploits1References4Affected Software1

NVD•added 2026/02/26 1:16 p.m.•4 views

CVE-2026-2677

Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'name', in 'a3factura-app.wolterskluwer.es//incomes/representatives-management' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...

6.1CVSS0.00045EPSS

Positive Technologies•added 2026/02/26 12:0 a.m.•1 views

PT-2026-22141

Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'name', parameter 'name', in 'a3factura-app.wolterskluwer.es//incomes/customers' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...

4.8CVSS6AI score0.00045EPSS