CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/04/14 12:16 a.m.•0 views

CVE-2026-27674

Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java Web Dynpro Java, an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affected functionality, th...

6.1CVSS0.00084EPSS

EUVD•added 2026/03/11 3:31 a.m.•1 views

EUVD-2026-11016

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.8AI score0.0003EPSS

EUVD•added 2026/03/11 3:31 a.m.•1 views

EUVD-2026-10973

OSV•added 2026/03/11 1:16 a.m.•0 views

CVE-2026-27261

5.4CVSS5.7AI score

NVD•added 2026/03/11 1:16 a.m.•1 views

CVE-2026-27248

5.4CVSS0.00041EPSS

CVE•added 2026/03/11 12:23 a.m.•6 views

CVE-2026-27255

Adobe Experience Manager 6.5.23 and earlier are affected by a stored XSS vulnerability in vulnerable form fields. A low-privilege attacker could inject JavaScript that is executed in a user’s browser when visiting the vulnerable page. Remediation referenced in multiple sources is to update to 6.5...

Exploits0References1Affected Software1

ATTACKERKB•added 2026/03/11 12:23 a.m.•3 views

CVE-2026-27223

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE•added 2026/03/11 12:23 a.m.•5 views

CVE-2026-27242

Adobe Experience Manager fixes for CVE-2026-27242: A stored XSS affecting AEM 6.5.23 and earlier. The vulnerability exists in how form field input is sanitized, allowing a low-privileged attacker to inject malicious JavaScript that executes in a user’s browser when visiting a page containing the ...

Exploits0References1Affected Software1

EUVD•added 2026/03/11 12:23 a.m.•2 views

EUVD-2026-11003

CVE•added 2026/03/11 12:23 a.m.•4 views

CVE-2026-27225

CVE-2026-27225 concerns Adobe Experience Manager (AEM) versions 6.5.23 and earlier, with a stored XSS vulnerability in form fields. The underlying issue is inadequate input sanitization/output encoding, allowing a low-privileged attacker to inject malicious JavaScript that may run in a victim’s b...

Exploits0References1Affected Software1

Cvelist•added 2026/03/11 12:23 a.m.•35 views

CVE-2026-27256 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

5.4CVSS0.00041EPSS

ATTACKERKB•added 2026/03/11 12:23 a.m.•3 views

CVE-2026-27257

Vulnrichment•added 2026/03/11 12:23 a.m.•2 views

CVE-2026-27224 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Positive Technologies•added 2026/02/03 12:0 a.m.•1 views

PT-2026-5823

Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'comment author' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission form to execute arbitrary code in victim browsers...

7.2CVSS5.7AI score0.00037EPSS

Exploits1References4

Vulnrichment•added 2025/12/31 10:13 p.m.•1 views

CVE-2025-67703 Stored XSS vulnerability in ArcGIS Server.

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

6.1CVSS6.3AI score0.00027EPSS

Vulnrichment•added 2025/12/18 1:16 p.m.•2 views

CVE-2025-40892 Stored Cross-Site Scripting (XSS) in Reports in Guardian/CMC before 25.5.0

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a...

8.9CVSS4.9AI score0.00032EPSS

RedhatCVE•added 2025/12/11 7:0 p.m.•1 views

CVE-2025-64791

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.5AI score0.00025EPSS

EUVD•added 2025/12/10 9:31 p.m.•1 views

EUVD-2025-202531

5.4CVSS5AI score0.00025EPSS