CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

486 matches found

NVD•added 2026/05/27 6:16 p.m.•8 views

CVE-2026-45088

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through...

7.5CVSS0.00042EPSS

Exploits0References2

GithubExploit•added 2026/05/17 1:54 p.m.•57 views

XSS-Payload-Generator

XSS-Payload-Generator user guide 0. This script is an XSS payl...

5.9AI score

Exploits0

OSSF Malicious Packages•added 2026/05/12 7:42 a.m.•4 views

Malicious code in 0ctf-chalweb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d7a129ab6079febb92ceac3587af97653477bce8a65b8e85bfa5bcae0293b0d The package's entire content xss.js is a 2-line cookie-stealing payload that creates an Image element pointing to...

5.8AI score

Exploits0References1

OSV•added 2026/01/13 11:15 p.m.•2 views

CVE-2022-50906

e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files with embedded cross-site scripting XSS payloads...

4.8CVSS5.9AI score0.00111EPSS

Exploits1References4

RedhatCVE•added 2026/01/09 12:28 p.m.•7 views

CVE-2018-21030

Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document...

5.3CVSS5.9AI score0.00345EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:49 a.m.•4 views

CVE-2022-27244

An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user...

4.8CVSS5.8AI score0.00235EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:29 a.m.•3 views

CVE-2019-12095

Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload...

8.8CVSS5.8AI score0.00401EPSS

Exploits6References1

EUVD•added 2025/11/07 4:5 a.m.•3 views

EUVD-2025-38225

Malicious code in xss-payload-7n-ctf npm...

6.6AI score

Exploits0References1

OSSF Malicious Packages•added 2025/11/07 4:5 a.m.•5 views

Malicious code in xss-payload-7n-ctf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc9fcaefcc21332259306a4bbad6a54cda89ef8c6d4874d5176f4bf8f9cb194c The package xss-payload-7n-ctf was found to contain malicious code. Source: ghsa-malware...

6.9AI score

Exploits0References1

Snyk•added 2025/11/07 4:5 a.m.•2 views

Malicious Package

Overview xss-payload-7n-ctf is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-2613

Malware in sbrugna...

6.1CVSS6.3AI score0.00223EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-11235

Malware in sbrugna...

8.8CVSS8.8AI score0.00146EPSS

Exploits1References3