CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

95 matches found

Cross-site Scripting (XSS)

Overview TinyMCE is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the media plugin when handling crafted data-mce- attributes. An attacker can execute arbitrary scripts in the context of the user's browser by...

8.7CVSS5.9AI score0.00032EPSS

Exploits0References2

Packet Storm News•added 2026/05/13 12:0 a.m.•5 views

Context-Aware Web Attack Detection in Open-Source SIEM Systems Via MITRE ATT&CK-Enriched Behavioral Profiling

Security Information and Event Management SIEM systems aggregate log data from heterogeneous sources to detect coordinated attacks. Traditional rule-based correlation engines struggle to classify multi-step web application attacks because they examine each event without reference to the behaviour...

5.8AI score

Exploits0

GithubExploit•added 2026/05/12 7:41 p.m.•47 views

splunk-web-attack-detection

🔍 Web Application Attack Detection & Threat Hunting Using Splu...

6AI score

Exploits0

RedhatCVE•added 2026/05/05 8:20 a.m.•8 views

CVE-2026-42368

A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability...

9.9CVSS5.9AI score0.00036EPSS

Exploits0References1

CVE•added 2026/04/15 10:13 a.m.•3 views

CVE-2026-28741

Mattermost CVE-2026-28741 describes a CSRF protection bypass on an authentication endpoint that allows an attacker to update a user’s authentication method by tricking a user into visiting a malicious page. Affected versions are Mattermost 10.11.x (up to 10.11.12), 11.5.x (up to 11.5.0), 11.4.x (...

8.1CVSS5.8AI score0.00019EPSS

Exploits0References1Affected Software1

GithubExploit•added 2026/04/06 7:59 p.m.•76 views

Multi-Stage-Web-Attack-XSS-to-Admin-Takeover-and-RCE

🛡️ Multi-Stage Web Attack: XSS to Admin Takeover & RCE This p...

6AI score

Exploits0

GithubExploit•added 2026/03/15 8:21 a.m.•88 views

web-attack-payloads

Web Attack Payloads Collection !Cybersecurityhttps://img.s...

6.3AI score

Exploits0

ATTACKERKB•added 2026/01/26 7:36 p.m.•2 views

CVE-2025-11687

A flaw was found in the gi-docgen. This vulnerability allows arbitrary JavaScript execution in the context of the page — enabling DOM access, session cookie theft and other client-side attacks — via a crafted URL that supplies a malicious value to the q GET parameter reflected DOM XSS...

6.1CVSS6AI score0.00007EPSS

Exploits0References4

Positive Technologies•added 2026/01/19 12:0 a.m.•1 views

PT-2026-3470

HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks...

3.5CVSS5.4AI score0.0012EPSS

Exploits0References2

CNNVD•added 2026/01/19 12:0 a.m.•1 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that can be exploited by attackers to weaken the overall security of the application and increase the risk of common web attacks...

5.3CVSS5.8AI score0.0012EPSS

Exploits0References2

Cvelist•added 2025/10/13 3:59 a.m.•6 views

CVE-2025-31994 HCL Unica Campaign is vulnerable to Reflected Cross-Site Scripting (XSS)

HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting XSS where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated from the trusted...

4.3CVSS0.00027EPSS

Exploits0References1