CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5838 matches found

CNVD•added 2022/03/18 12:0 a.m.•15 views

X2Engine X2CRM Cross-Site Scripting Vulnerability

X2Engine X2CRM is an application from X2Engine USA, Inc. a next-generation social selling application for small and medium-sized businesses. X2Engine X2CRM version 8.0 contains a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied da...

3.5CVSS5.8AI score0.00567EPSS

Exploits1Affected Software1

CNVD•added 2022/03/18 12:0 a.m.•18 views

Maccms Cross-Site Scripting Vulnerability (CNVD-2022-21811)

Maccms is a PHP-based video content management system CMS. v10 version of Maccms is vulnerable to a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker can use the vulnerability to attack through the...

5.4CVSS3.2AI score0.00452EPSS

Exploits1References1

CNVD•added 2022/03/18 12:0 a.m.•17 views

Pimcore Cross-Site Scripting Vulnerability (CNVD-2022-22700)

Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce framework and product information management applications. 10.4.0 versions of Pimcore before the...

6.8CVSS1.6AI score0.0079EPSS

Exploits1References1

CNVD•added 2022/03/17 12:0 a.m.•22 views

Microweber Cross-Site Scripting Vulnerability (CNVD-2022-20515)

Microweber is a drag-and-drop online store management system from the Microweber community in the United States. The system includes modules for adding products, images, etc. A cross-site scripting vulnerability exists in versions of Microweber prior to 1.2.11. The vulnerability stems from a lack...

6.8CVSS3.1AI score0.03197EPSS

Exploits1References1

CNVD•added 2022/03/17 12:0 a.m.•20 views

Grav Cross-Site Scripting Vulnerability (CNVD-2022-20517)

Grav is a scalable CMS content management system for personal blogs, small content publishing platforms, and single-page product displays. cross-site scripting vulnerabilities exist in versions prior to Grav 1.7.31, which stem from the program's lack of data validation filtering of user-supplied...

7.1CVSS2.6AI score0.01771EPSS

Exploits1References1

CNVD•added 2022/03/17 12:0 a.m.•12 views

Pimcore Cross-Site Scripting Vulnerability (CNVD-2022-22701)

6.8CVSS1.6AI score0.0079EPSS

Exploits1References1

CNVD•added 2022/03/16 12:0 a.m.•10 views

Apple iOS, Apple iPadOS, and Apple tvOS Buffer Overflow Vulnerability

Apple iOS, Apple iPadOS, and Apple tvOS are all products of Apple Inc. A buffer overflow vulnerability exists in Apple iOS, Apple iPadOS, and Apple tvOS, which stems from a failure to properly validate data boundaries when executing operations in memory in AVEVideoEncoder, and could be exploited ...

9.3CVSS3.8AI score0.01134EPSS

Exploits0References1

CNVD•added 2022/03/16 12:0 a.m.•47 views

IBM Spectrum Copy Data Management Cross-Site Scripting Vulnerability (CNVD-2022-84077)

IBM Spectrum Copy Data Management is an implementation of International Business Machines Corporation IBM to modernize, simplify, and automate data center copy management processes.A cross-site scripting vulnerability exists in IBM Spectrum Copy Data Management versions 2.2.0.0 inclusive through...

3.5CVSS2.9AI score0.00461EPSS

Exploits0Affected Software1

CNVD•added 2022/03/16 12:0 a.m.•26 views

SmarterTools SmarterTrack Cross-Site Scripting Vulnerability

SmarterTools SmarterTrack is a customer service software from SmarterTools UK. SmarterTools SmarterTrack version 100.0.8019.14010 is vulnerable to a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker cou...

4.3CVSS5.9AI score0.04395EPSS

Exploits0Affected Software1

BDU FSTEC•added 2022/03/16 12:0 a.m.•4 views

The vulnerability of the Windows operating system arises from insufficient validation of input data, allowing attackers to trigger a service failure.

The vulnerability of the Windows operating system exists due to insufficient checking of input data. Exploiting this vulnerability can allow a perpetrator to cause service failures...

5.5CVSS6.6AI score0.0061EPSS

Exploits0References3

CNVD•added 2022/03/15 12:0 a.m.•23 views

WordPress Contact Form X plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in WordPress Contact Form X plugin version 2.4 and earlier. The vulnerability stems from a la...

6.1CVSS1.4AI score0.00978EPSS

Exploits1References1

CNVD•added 2022/03/15 12:0 a.m.•20 views

phpLiteAdmin Cross-Site Scripting Vulnerability (CNVD-2022-21815)

phpLiteAdmin is a web-based SQLite database management tool. phpLiteAdmin versions prior to 1.9.8.2 are vulnerable to cross-site scripting. The vulnerability stems from a newRows parameter in index.php that lacks a data validation filter for user-supplied data and output. An attacker could use th...

6.1CVSS4.2AI score0.0064EPSS

Exploits1References1

CNNVD•added 2022/03/15 12:0 a.m.•5 views

Grav 跨站脚本漏洞

7.1CVSS5.6AI score0.01771EPSS

Exploits1References3

CNVD•added 2022/03/15 12:0 a.m.•24 views

Nacos Cross-Site Scripting Vulnerability

Nacos is a dynamic service discovery, configuration and service management platform for Alibaba China. It supports DNS-based and RPC-based service discovery, and can provide features such as providing real-time health checks and blocking services from sending requests to unhealthy hosts or servic...

6.1CVSS2.1AI score0.00818EPSS

Exploits1References1

CNVD•added 2022/03/14 12:0 a.m.•14 views

Ex libris ALEPH 500 Cross-Site Scripting Vulnerability

Ex libris ALEPH 500 is an integrated library system from the Israeli company Ex libris. ex libris ALEPH 500 v18.1 and v20 versions are vulnerable to a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker...

6.1CVSS2.4AI score0.00665EPSS

Exploits1References1

CNVD•added 2022/03/14 12:0 a.m.•24 views

Luocms Cross-Site Scripting Vulnerability

Luocms is an article management system. A cross-site scripting vulnerability exists in Luocms v2.0, which stems from a lack of data validation filtering of user-supplied data and output in /admin/news/sortadd.php and /inc/function.php. An attacker could use this vulnerability to execute JavaScrip...

6.1CVSS2.2AI score0.00665EPSS

Exploits1References1

CNNVD•added 2022/03/14 12:0 a.m.•2 views

SmarterTools SmarterTrack 跨站脚本漏洞

8.8CVSS5.6AI score0.04395EPSS

Exploits0References3

CNVD•added 2022/03/14 12:0 a.m.•41 views

TP-Link TL-WR886N Buffer Overflow Vulnerability (CNVD-2022-20073)

A buffer overflow vulnerability exists in TP-Link TL-WR886N 20190826 version 2.3.8, which originates from the /cloudconfig/routerpost/resetcloudpwd function when executing operations on memory An authenticated attacker could use this vulnerability to execute arbitrary code on the system via a...

10CVSS7.6AI score0.02413EPSS

Exploits1References1

CNVD•added 2022/03/11 12:0 a.m.•40 views

Adobe After Effects Buffer Overflow Vulnerability (CNVD-2022-22099)

Adobe After Effects is a suite of visual effects and motion graphics software from Adobe, Inc. A buffer overflow vulnerability exists in Adobe After Effects, which stems from a failure to properly validate data boundaries when performing operations on memory, and can be exploited by remote...

9.3CVSS4.2AI score0.03803EPSS

Exploits0References1

Zero Day Initiative•added 2022/03/11 12:0 a.m.•32 views

Autodesk AutoCAD JT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT...

7.8CVSS5.6AI score0.01458EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by