Search Vulnerabilities

Gogs: Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS

Jun 24, 2026

CVE-2026-50146

Astro: Reflected XSS via unescaped slot name

CVE-2025-62198

Apache Atlas: Stored XSS in Create Entity page

CVE-2026-12812

Radware Cyber Controller HTML Report Generation HTML injection

Jun 21, 2026

CVE-2025-71331

Flowise - Cross-Site Scripting in Chat Messages and Agent Workflows

Jun 20, 2026

CVE-2026-46492

md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed)

CVE-2026-34033

Apache Answer: HTML Content Injection in Email

CVE-2026-11511

Bolt CMS HTML Attribute TextType.php HTML injection

Jun 8, 2026

CVE-2026-9646

ScadaBR Unauthenticated Reflected Cross-Site Scripting

May 28, 2026

CVE-2026-44839

RabbitMQ: Unsanitized vhost names allow for XSS in management UI

May 27, 2026

CVE-2026-39642

WordPress Nyla theme <= 1.7 - Arbitrary Shortcode Execution vulnerability

CVE-2025-71310

LOW

The GDPR cookies module for Backdrop CMS (before 1

CVE-2026-34246

CtrlPanel: Stored XSS in Admin Role Management via Unescaped DataTable HTML Output

May 19, 2026

CVE-2026-45346

Open WebUI: Stored Cross-Site Scripting in SVG Renderer

May 15, 2026

CVE-2025-15345

MapGeo - Interactive Geo Maps <= 1.6.27 - Reflected Cross-Site Scripting via 'map' Parameter

May 14, 2026

CVE-2026-44369

CVAT: Stored XSS via annotation guides

May 13, 2026

CVE-2026-44259

efw4.X: Stored XSS via previewServlet

CVE-2026-41611

Visual Studio Code Remote Code Execution Vulnerability

CVE-2026-43938

YAF.NET: Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header

CVE-2026-43939

YAF.NET: Stored XSS in Forum Thread Posts/Replies Allowing Arbitrary JavaScript Execution for All Thread Viewers

Showing 1 - 20 of 1,000+ results

...

Searching...

Filters

1,000+ results

CVE-2026-52816

Gogs: Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS

Jun 24, 2026

CVE-2026-50146

Astro: Reflected XSS via unescaped slot name

CVE-2025-62198

Apache Atlas: Stored XSS in Create Entity page

CVE-2026-12812

Radware Cyber Controller HTML Report Generation HTML injection

Jun 21, 2026

CVE-2025-71331

Flowise - Cross-Site Scripting in Chat Messages and Agent Workflows

Jun 20, 2026

CVE-2026-46492

md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed)

CVE-2026-34033

Apache Answer: HTML Content Injection in Email

CVE-2026-11511

Bolt CMS HTML Attribute TextType.php HTML injection

Jun 8, 2026

CVE-2026-9646

ScadaBR Unauthenticated Reflected Cross-Site Scripting

May 28, 2026

CVE-2026-44839

RabbitMQ: Unsanitized vhost names allow for XSS in management UI

May 27, 2026

CVE-2026-39642

WordPress Nyla theme <= 1.7 - Arbitrary Shortcode Execution vulnerability

CVE-2025-71310

LOW

The GDPR cookies module for Backdrop CMS (before 1

CVE-2026-34246

CtrlPanel: Stored XSS in Admin Role Management via Unescaped DataTable HTML Output

May 19, 2026

CVE-2026-45346

Open WebUI: Stored Cross-Site Scripting in SVG Renderer

May 15, 2026

CVE-2025-15345

MapGeo - Interactive Geo Maps <= 1.6.27 - Reflected Cross-Site Scripting via 'map' Parameter

May 14, 2026

CVE-2026-44369

CVAT: Stored XSS via annotation guides

May 13, 2026

CVE-2026-44259

efw4.X: Stored XSS via previewServlet

CVE-2026-41611

Visual Studio Code Remote Code Execution Vulnerability

CVE-2026-43938

YAF.NET: Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header

CVE-2026-43939

YAF.NET: Stored XSS in Forum Thread Posts/Replies Allowing Arbitrary JavaScript Execution for All Thread Viewers