CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

84 matches found

CVE-2026-10045

Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash...

9.8CVSS0.00038EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:36 p.m.•8 views

CVE-2026-23758

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the ticket subject field that allows authenticated staff members to inject malicious JavaScript by manipulating the editsubject POST parameter. Attackers can inject XSS payloads through inadequate sanitization in...

6.4CVSS5.6AI score0.00034EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 12:9 a.m.•6 views

CVE-2025-67448

The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user input in SMS messages before storing and displaying them. An attacker can send an SMS containing a malicious XSS payload, which will be executed in the...

7.1CVSS5.8AI score0.00035EPSS

Exploits0References1

Vulnrichment•added 2026/05/15 4:47 p.m.•8 views

CVE-2026-45036 Tabby auto-confirms ZMODEM detection on terminal output, leading to shell command execution from displayed file content under fish, bash, and zsh

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. T...

7CVSS6.2AI score0.00016EPSS

Exploits0References1

Veracode•added 2026/04/18 5:38 a.m.•8 views

Cross-site Scripting (XSS)

Decidim is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user input in the user name field, which allows an attacker to inject and execute arbitrary code when other users view affected pages...

9.3CVSS5.8AI score0.00053EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2026/03/18 12:0 a.m.•3 views

PT-2026-26204

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.14 and 6.7.0, a stored XSS vulnerability in SVG asset reuploads allows authenticated users with asset upload permissions to bypass SVG sanitization and inject malicious JavaScript that executes when the...

8.7CVSS5.7AI score0.00014EPSS

Exploits0References7

CVE•added 2026/02/03 11:33 a.m.•10 views

CVE-2025-11598

The CVE-2025-11598 entry describes a vulnerability in the mObywatel iOS app where an unauthorized user can use the App Switcher to view the account owner’s personal information in the minimized app window after the login session has ended. The data exposed depends on the last application view sho...

1CVSS5.4AI score0.00035EPSS

Exploits0References2

NVD•added 2026/01/26 6:16 p.m.•4 views

CVE-2020-36960

Forma LMS 2.3 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into user profile first and last name fields. Attackers can craft scripts like 'alertdocument.cookie' to execute arbitrary JavaScript when the profile is viewed by other users...

6.4CVSS0.00052EPSS

Exploits0References3

EUVD•added 2026/01/26 5:43 p.m.•3 views

EUVD-2020-30854

6.4CVSS6AI score0.00052EPSS

Exploits0References3

Positive Technologies•added 2025/12/29 12:0 a.m.•2 views

PT-2025-53766

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The software is susceptible to a cross-site scripting XSS issue due to improper input neutralization during web page generation. This allows for the injection o...

4.8CVSS6AI score0.00022EPSS

Exploits0References4

OSV•added 2025/12/16 7:15 p.m.•2 views

CVE-2025-65592

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS in the product management functionality. Malicious payloads inserted into the "Product Name" and "Short Description" fields are stored in the backend database and executed automatically whenever a user views the affected pages...

6.1CVSS6AI score

Exploits0References3

EUVD•added 2025/11/25 6:32 p.m.•4 views

EUVD-2025-199600

A stored cross-site scripting XSS vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the...

4.8CVSS5.2AI score0.00038EPSS

Exploits2References4

CVE•added 2025/10/03 8:35 p.m.•10 views

CVE-2025-10696

CVE-2025-10696 affects OpenSupports 4.11.0. An endpoint allows editing the list of 'supervised users' for any account without verifying ownership, enabling a Level 1 staff member to modify the supervision relationship of a target user. This can let the target view tickets belonging to the added s...

7.1CVSS6.4AI score0.00041EPSS

Exploits1References2Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-22173