CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

34 matches found

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2020-7119

Malware in sbrugna...

6.5CVSS6.6AI score0.00103EPSS

Exploits1References2

Tenable Nessus•added 2025/08/18 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2021-22264

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 13.8 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions...

6.8CVSS6.4AI score0.00142EPSS

Exploits0References2

RedhatCVE•added 2025/05/22 4:43 p.m.•7 views

CVE-2020-5750

Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting XSS attacks via the self-registration feature...

6.1CVSS5.9AI score0.01283EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 3:39 p.m.•4 views

CVE-2020-5746

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting XSS attacks by creating a crafted test...

5.4CVSS5.6AI score0.00157EPSS

Exploits1References1

OSV•added 2024/03/06 11:18 a.m.•14 views

BIT-GITLAB-2021-22263

An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with 'external' status which is granted 'Maintainer' role on any project on the GitLab...

6.5CVSS6.1AI score0.00205EPSS

Exploits1References4

ICS•added 2022/04/21 12:0 a.m.•35 views

Johnson Controls Metasys SCT Pro

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Metasys Vulnerability: Server-side Request Forgery 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to...

9.1CVSS7.7AI score0.00168EPSS

Exploits0References5

Prion•added 2021/10/11 5:15 p.m.•12 views

Design/Logic Flaw

5.5CVSS6.2AI score0.00205EPSS

Exploits1References3Affected Software1

Prion•added 2021/10/05 3:15 p.m.•9 views

Denial of service

A Denial Of Service vulnerability in the apollouploadserver Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to deny access to all users via specially crafted...

4CVSS6.1AI score0.00386EPSS

Exploits0References3Affected Software1

Prion•added 2021/10/05 2:15 p.m.•13 views

Cross site scripting

A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's...

3.5CVSS4.9AI score0.00198EPSS

Exploits0References3Affected Software1

Prion•added 2021/10/05 2:15 p.m.•11 views

Design/Logic Flaw

An issue has been discovered in GitLab affecting all versions starting from 13.8 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. Under specialized conditions, an invited group member may continue to have access to a project even after t...

4.3CVSS6.2AI score0.00142EPSS

Exploits0References2Affected Software1

CNNVD•added 2021/03/11 12:0 a.m.•1 views

Bloomreach Experience Manager 安全漏洞

Bloomreach Experience Manager is an application from Bloomreach USA. which provides AI-driven search and merchandising tools. A security vulnerability exists in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2, which originates from a vulnerability that could allow a remote attacker to...

9CVSS7.5AI score0.06002EPSS

Exploits1References2

CNVD•added 2020/05/08 12:0 a.m.•3 views

Tecnick.com TCExam Path Traversal Vulnerability

Tecnick.com TCExam is a Web-based open source e-exam system from Tecnick.com, UK. The system is mainly used for online exams and more. A path traversal vulnerability exists in Tecnick.com TCExam version 14.2.2, which can be exploited by a remote attacker to read the contents of an arbitrary file ...

4.9CVSS7AI score0.00301EPSS

Exploits1References1

CNVD•added 2020/05/08 12:0 a.m.•2 views

Tecnick.com TCExam Cross-Site Scripting Vulnerability (CNVD-2020-32376)

Tecnick.com TCExam is a Web-based open source e-exam system from Tecnick.com, UK. The system is mainly used for online exams and more. A cross-site scripting vulnerability exists in Tecnick.com TCExam version 14.2.2, which can be exploited by remote attackers to inject malicious JavaScript code...

6.1CVSS6.3AI score0.01283EPSS

Exploits1References1

CNVD•added 2020/05/08 12:0 a.m.•3 views

Tecnick.com TCExam Information Disclosure Vulnerability

Tecnick.com TCExam is a Web-based open source e-exam system from Tecnick.com, UK. The system is mainly used for online exams and more. A security vulnerability exists in Tecnick.com TCExam version 14.2.2. A remote attacker could exploit the vulnerability to access the test's metadata...

4.3CVSS6.9AI score0.00144EPSS

Exploits1References1

OSV•added 2020/05/07 5:15 p.m.•14 views

CVE-2020-5745

Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link...

7.4CVSS6.8AI score

Exploits0References1

NVD•added 2020/05/07 5:15 p.m.•11 views

CVE-2020-5746

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting XSS attacks by creating a crafted test...

5.4CVSS5.1AI score0.00157EPSS

Exploits1References1

NVD•added 2020/05/07 5:15 p.m.•8 views

CVE-2020-5747

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting XSS attacks by creating a crafted test...

5.4CVSS5.1AI score0.00157EPSS

Exploits1References1

NVD•added 2020/05/07 5:15 p.m.•9 views

CVE-2020-5749

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting XSS attacks by creating a crafted group...

5.4CVSS5.1AI score0.00157EPSS

Exploits1References1

OSV•added 2020/05/07 5:15 p.m.•11 views

CVE-2020-5748

Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting XSS attacks via the self-registration feature...

6.1CVSS5.9AI score

Exploits0References1

OSV•added 2020/05/07 5:15 p.m.•9 views

CVE-2020-5750

Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting XSS attacks via the self-registration feature...

6.1CVSS5.9AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by