Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune insi
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zack Katz Links in Captions links-in-captions allows Stored XSS.This issue affects Links in Captio
A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection.
Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.
A reflected cross-site scripting (XSS) vulnerability exists in WebFileSys version before 2.32.0 and fixed in v.2.32.0. User-controlled input is reflected into HTML and JavaScript contexts without prop
Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class.
In Concrete CMS below version 9.4.8, A stored cross-site scripting (XSS) vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search resul
Inconsistent tag parsing allows for XSS in Froala WYSIWYG editor 4.3.0 and earlier.<!----></div> <div class="card-meta-row svelte-e12qt1"><div class="card-vendors-inline svelte-e12qt1"><!--[--><!--]--></div> <div class="footer-meta svelte-e12qt1"><span class="source-tag svelte-e12qt1"><svg xmlns="http://www.w3.org/2000/svg" width="10" height="10" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true" class="svelte-e12qt1"><polyline points="20 6 9 17 4 12" class="svelte-e12qt1"></polyline></svg> NVD</span> <span class="rrf-score svelte-e12qt1">RRF 0.013</span></div></div></article><article class="result-card svelte-e12qt1"><div class="card-header svelte-e12qt1"><a class="cve-id svelte-e12qt1" href="/cve/CVE-2026-56021">CVE-2026-56021</a> <div class="card-badges svelte-e12qt1"><span class="badge svelte-eex7hx" data-variant="severity-medium"><!---->MEDIUM<!----></span><!----> <!--[0--><span class="cvss-chip svelte-e12qt1">CVSS 6.9</span><!--]--> <!--[-1--><!--]--></div> <a class="btn-similar svelte-e12qt1" href="/search?similarTo=CVE-2026-56021">Find Similar <svg xmlns="http://www.w3.org/2000/svg" width="11" height="11" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true" class="svelte-e12qt1"><line x1="5" y1="12" x2="19" y2="12" class="svelte-e12qt1"></line><polyline points="12 5 19 12 12 19" class="svelte-e12qt1"></polyline></svg></a></div> <div class="card-desc svelte-e12qt1"><!---->Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern.<!----></div> <div class="card-meta-row svelte-e12qt1"><div class="card-vendors-inline svelte-e12qt1"><!--[--><!--]--></div> <div class="footer-meta svelte-e12qt1"><span class="source-tag svelte-e12qt1"><svg xmlns="http://www.w3.org/2000/svg" width="10" height="10" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true" class="svelte-e12qt1"><polyline points="20 6 9 17 4 12" class="svelte-e12qt1"></polyline></svg> NVD</span> <span class="rrf-score svelte-e12qt1">RRF 0.013</span></div></div></article><article class="result-card svelte-e12qt1"><div class="card-header svelte-e12qt1"><a class="cve-id svelte-e12qt1" href="/cve/CVE-2026-48903">CVE-2026-48903</a> <div class="card-badges svelte-e12qt1"><span class="badge svelte-eex7hx" data-variant="severity-medium"><!---->MEDIUM<!----></span><!----> <!--[0--><span class="cvss-chip svelte-e12qt1">CVSS 6.9</span><!--]--> <!--[-1--><!--]--></div> <a class="btn-similar svelte-e12qt1" href="/search?similarTo=CVE-2026-48903">Find Similar <svg xmlns="http://www.w3.org/2000/svg" width="11" height="11" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true" class="svelte-e12qt1"><line x1="5" y1="12" x2="19" y2="12" class="svelte-e12qt1"></line><polyline points="12 5 19 12 12 19" class="svelte-e12qt1"></polyline></svg></a></div> <div class="card-desc svelte-e12qt1"><!---->Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.<!----></div> <div class="card-meta-row svelte-e12qt1"><div class="card-vendors-inline svelte-e12qt1"><!--[--><a class="vendor-chip svelte-e12qt1" href="/affected-products?vendor=joomla">joomla</a><!--]--></div> <div class="footer-meta svelte-e12qt1"><span class="source-tag svelte-e12qt1"><svg xmlns="http://www.w3.org/2000/svg" width="10" height="10" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true" class="svelte-e12qt1"><polyline points="20 6 9 17 4 12" class="svelte-e12qt1"></polyline></svg> NVD</span> <span class="rrf-score svelte-e12qt1">RRF 0.013</span></div></div></article><article class="result-card svelte-e12qt1"><div class="card-header svelte-e12qt1"><a class="cve-id svelte-e12qt1" href="/cve/CVE-2024-21729">CVE-2024-21729</a> <div class="card-badges svelte-e12qt1"><span class="badge svelte-eex7hx" data-variant="severity-medium"><!---->MEDIUM<!----></span><!----> <!--[0--><span class="cvss-chip svelte-e12qt1">CVSS 6.1</span><!--]--> <!--[-1--><!--]--></div> <a class="btn-similar svelte-e12qt1" href="/search?similarTo=CVE-2024-21729">Find Similar <svg xmlns="http://www.w3.org/2000/svg" width="11" height="11" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true" class="svelte-e12qt1"><line x1="5" y1="12" x2="19" y2="12" class="svelte-e12qt1"></line><polyline points="12 5 19 12 12 19" class="svelte-e12qt1"></polyline></svg></a></div> <div class="card-desc svelte-e12qt1"><!---->Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field.<!----></div> <div class="card-meta-row svelte-e12qt1"><div class="card-vendors-inline svelte-e12qt1"><!--[--><a class="vendor-chip svelte-e12qt1" href="/affected-products?vendor=joomla">joomla</a><!--]--></div> <div class="footer-meta svelte-e12qt1"><span class="source-tag svelte-e12qt1"><svg xmlns="http://www.w3.org/2000/svg" width="10" height="10" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true" class="svelte-e12qt1"><polyline points="20 6 9 17 4 12" class="svelte-e12qt1"></polyline></svg> NVD</span> <span class="rrf-score svelte-e12qt1">RRF 0.013</span></div></div></article><article class="result-card svelte-e12qt1"><div class="card-header svelte-e12qt1"><a class="cve-id svelte-e12qt1" href="/cve/CVE-2025-70960">CVE-2025-70960</a> <div class="card-badges svelte-e12qt1"><span class="badge svelte-eex7hx" data-variant="severity-medium"><!---->MEDIUM<!----></span><!----> <!--[0--><span class="cvss-chip svelte-e12qt1">CVSS 5.4</span><!--]--> <!--[-1--><!--]--></div> <a class="btn-similar svelte-e12qt1" href="/search?similarTo=CVE-2025-70960">Find Similar <svg xmlns="http://www.w3.org/2000/svg" width="11" height="11" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true" class="svelte-e12qt1"><line x1="5" y1="12" x2="19" y2="12" class="svelte-e12qt1"></line><polyline points="12 5 19 12 12 19" class="svelte-e12qt1"></polyline></svg></a></div> <div class="card-desc svelte-e12qt1"><!---->A stored cross-site scripting (XSS) vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.<!----></div> <div class="card-meta-row svelte-e12qt1"><div class="card-vendors-inline svelte-e12qt1"><!--[--><a class="vendor-chip svelte-e12qt1" href="/affected-products?vendor=tendenci">tendenci</a><!--]--></div> <div class="footer-meta svelte-e12qt1"><span class="source-tag svelte-e12qt1"><svg xmlns="http://www.w3.org/2000/svg" width="10" height="10" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true" class="svelte-e12qt1"><polyline points="20 6 9 17 4 12" class="svelte-e12qt1"></polyline></svg> NVD</span> <span class="rrf-score svelte-e12qt1">RRF 0.013</span></div></div></article><!--]--></div> <!--[0--><div class="pagination-row svelte-e12qt1"><!--[-1--><!--]--> <span class="page-info svelte-e12qt1">Page 1+</span> <!--[0--><a class="btn-page btn-page-next svelte-e12qt1" href="/search?similarTo=CVE-2026-30895&amp;offset=20">Next →</a><!--]--></div><!--]--><!--]--></div><!--]--><!----></main></div></div> <div class="toast-region svelte-1fk2ial" aria-live="polite" aria-atomic="false"><!--[--><!--]--></div><!----><!--]--><!--]--> <!--[-1--><!--]--><!--]--> <script> { __sveltekit_4pw80m = { base: new URL(".", location).pathname.slice(0, -1) }; const element = document.currentScript.parentElement; Promise.all([ import("./_app/immutable/entry/start.ZUc-Dm9j.js"), import("./_app/immutable/entry/app.CmNRmdYL.js") ]).then(([kit, app]) => { kit.start(app, element, { node_ids: [0, 11], data: [null,{type:"data",data:{formState:{query:"",severity:[],vendor:[],cwe:[],kev:false,minCvss:"",publishedSince:"",similarTo:"CVE-2026-30895",offset:0},results:{results:[{cveId:"CVE-2026-30895",score:.01639344262295082,severity:"MEDIUM",cvssBase:6.9,kevListed:false,epssPercentile:.07212,publishedAt:"2026-05-26T17:16:31.037Z",vendors:["joomla"],snippet:"Lack of output escaping leads to a XSS vector in the readmore links for com_content."},{cveId:"CVE-2026-21632",score:.016129032258064516,severity:"MEDIUM",cvssBase:5.9,kevListed:false,epssPercentile:.08803,publishedAt:"2026-04-01T10:16:16.250Z",vendors:["joomla"],snippet:"Lack of output escaping for article titles leads to XSS vectors in various locations."},{cveId:"CVE-2026-30894",score:.015873015873015872,severity:"MEDIUM",cvssBase:6.9,kevListed:false,epssPercentile:.07213,publishedAt:"2026-05-26T17:16:30.903Z",vendors:["joomla"],snippet:"Lack of output escaping leads to a XSS vector in the content history component."},{cveId:"CVE-2026-25900",score:.015625,severity:"MEDIUM",cvssBase:6.9,kevListed:false,epssPercentile:.07213,publishedAt:"2026-05-26T17:16:30.250Z",vendors:["joomla"],snippet:"Lack of output escaping leads to a XSS vector in the feed modules."},{cveId:"CVE-2026-25901",score:.015384615384615385,severity:"MEDIUM",cvssBase:6.9,kevListed:false,epssPercentile:.07213,publishedAt:"2026-05-26T17:16:30.417Z",vendors:["joomla"],snippet:"Lack of output escaping leads to a XSS vector in the multilingual associations component."},{cveId:"CVE-2026-21631",score:.015151515151515152,severity:"MEDIUM",cvssBase:5.9,kevListed:false,epssPercentile:.12,publishedAt:"2026-04-01T10:16:16.097Z",vendors:["joomla"],snippet:"Lack of output escaping leads to a XSS vector in the multilingual associations component."},{cveId:"CVE-2025-63083",score:.014925373134328358,severity:"MEDIUM",cvssBase:5.9,kevListed:false,epssPercentile:.0723,publishedAt:"2026-01-06T17:15:44.740Z",vendors:["joomla"],snippet:"Lack of output escaping leads to a XSS vector in the pagebreak plugin."},{cveId:"CVE-2026-39823",score:.014705882352941176,severity:"MEDIUM",cvssBase:6.1,kevListed:false,epssPercentile:.23149,publishedAt:"2026-05-07T20:16:43.290Z",vendors:["golang"],snippet:"CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003Cmeta> tag's \u003Ccontent> attribute. If the URL content were to insert ASCII whitespaces around the '=' rune insi"},{cveId:"CVE-2026-48905",score:.014492753623188406,severity:"MEDIUM",cvssBase:6.9,kevListed:false,epssPercentile:.04033,publishedAt:"2026-05-26T17:16:55.323Z",vendors:["joomla"],snippet:"Lack of input filtering leads to an XSS vector in the HTML filter code."},{cveId:"CVE-2025-25098",score:.014285714285714285,severity:"MEDIUM",cvssBase:6.5,kevListed:false,epssPercentile:.17132,publishedAt:"2025-02-07T10:15:15.500Z",vendors:[],snippet:"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zack Katz Links in Captions links-in-captions allows Stored XSS.This issue affects Links in Captio"},{cveId:"CVE-2024-42020",score:.014084507042253521,severity:"MEDIUM",cvssBase:5.4,kevListed:false,epssPercentile:.30212,publishedAt:"2024-09-07T17:15:14.127Z",vendors:["veeam"],snippet:"A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection."},{cveId:"CVE-2025-63082",score:.013888888888888888,severity:"MEDIUM",cvssBase:5.9,kevListed:false,epssPercentile:.07231,publishedAt:"2026-01-06T17:15:44.590Z",vendors:["joomla"],snippet:"Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags."},{cveId:"CVE-2026-29971",score:.0136986301369863,severity:"MEDIUM",cvssBase:6.1,kevListed:false,epssPercentile:.21514,publishedAt:"2026-04-27T21:16:33.267Z",vendors:[],snippet:"A reflected cross-site scripting (XSS) vulnerability exists in WebFileSys version before 2.32.0 and fixed in v.2.32.0. User-controlled input is reflected into HTML and JavaScript contexts without prop"},{cveId:"CVE-2025-54476",score:.013513513513513514,severity:"MEDIUM",cvssBase:4.8,kevListed:false,epssPercentile:.20988,publishedAt:"2025-09-30T16:15:52.280Z",vendors:[],snippet:"Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class."},{cveId:"CVE-2026-3244",score:.013333333333333334,severity:"MEDIUM",cvssBase:4.8,kevListed:false,epssPercentile:.09439,publishedAt:"2026-03-04T02:15:54.663Z",vendors:["concretecms"],snippet:"In Concrete CMS below version 9.4.8, A stored cross-site scripting (XSS) vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search resul"},{cveId:"CVE-2024-51434",score:.013157894736842105,severity:"MEDIUM",cvssBase:6.1,kevListed:false,epssPercentile:.26357,publishedAt:"2024-11-07T22:15:21.467Z",vendors:[],snippet:"Inconsistent \u003Cplaintext> tag parsing allows for XSS in Froala WYSIWYG editor 4.3.0 and earlier."},{cveId:"CVE-2026-56021",score:.012987012987012988,severity:"MEDIUM",cvssBase:6.9,kevListed:false,epssPercentile:.19693,publishedAt:"2026-06-18T17:16:35.380Z",vendors:[],snippet:"Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern."},{cveId:"CVE-2026-48903",score:.01282051282051282,severity:"MEDIUM",cvssBase:6.9,kevListed:false,epssPercentile:.04033,publishedAt:"2026-05-26T17:16:55.077Z",vendors:["joomla"],snippet:"Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components."},{cveId:"CVE-2024-21729",score:.012658227848101266,severity:"MEDIUM",cvssBase:6.1,kevListed:false,epssPercentile:.3536,publishedAt:"2024-07-09T17:15:14.463Z",vendors:["joomla"],snippet:"Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field."},{cveId:"CVE-2025-70960",score:.0125,severity:"MEDIUM",cvssBase:5.4,kevListed:false,epssPercentile:.14366,publishedAt:"2026-02-02T23:16:02.953Z",vendors:["tendenci"],snippet:"A stored cross-site scripting (XSS) vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload."}],truncated:true}},uses:{search_params:["q","similarTo","severity","vendor","cwe","kev","minCvss","publishedSince","offset","product","epss"]}}], form: null, error: null }); }); } </script> </div> </body> </html>