CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

32 matches found

SUSE CVE-2026-42211

React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized remote code execution RCE through external requests. This attack requires the application code to have an existing prototype pollution...

8.1CVSS6.4AI score0.00253EPSS

Exploits0References3

NVD•added 5 days ago•8 views

CVE-2026-42211

8.1CVSS0.00253EPSS

Exploits0References1

ATTACKERKB•added 5 days ago•7 views

CVE-2026-40181

React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact...

8.7CVSS5.8AI score0.00028EPSS

Exploits0References2Affected Software1

Github Security Blog•added 2026/05/11 2:42 p.m.•7 views

Keylime has a hardcoded attestation challenge nonce that allows replay attacks

CVE-2026-6420: Hardcoded attestation challenge nonce allows replay attacks Impact The CertificationParameters.generatechallenge method in the push attestation protocol uses a hardcoded challenge nonce instead of generating a cryptographically random value. This removes the nonce-based replay...

6.3CVSS5.8AI score0.00016EPSS

Exploits0References5Affected Software1

Tenable Nessus•added 2026/03/05 12:0 a.m.•3 views

Fedora 42 : keylime / keylime-agent-rust (2026-c2b5451b35)

The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-c2b5451b35 advisory. Update keylime to version 7.14.1 and keylime-agent-rust to version 0.2.9 Fixes: CVE-2026-1709 and CVE-2025-13609 Tenable has extracted the preceding...

9.8CVSS5.9AI score0.00094EPSS

Exploits0References3

NVD•added 2025/10/27 1:15 p.m.•2 views

CVE-2025-41384

Cross-Site Scripting XSS vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary doma...

6.1CVSS0.00025EPSS

Exploits0References1

Positive Technologies•added 2025/10/27 12:0 a.m.•4 views

PT-2025-43950

Name of the Vulnerable Software and Affected Versions SuiteCRM version 7.14.1 Description A Cross-Site Scripting XSS issue exists where an attacker can execute JavaScript code. This is achieved by manipulating the HTTP Referer header to include a malicious domain containing JavaScript code. The...

6.1CVSS6.2AI score0.00025EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-57666

Malicious code in bioql PyPI...

9.1CVSS6.8AI score0.15281EPSS

Exploits2References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-57667

Malicious code in bioql PyPI...

8.9CVSS7.1AI score0.00126EPSS

Exploits1References2

RedhatCVE•added 2025/05/23 5:12 a.m.•4 views

CVE-2023-23880

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in ExactMetrics plugin = 7.14.1 versions...

6.5CVSS5.6AI score0.00103EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:6 a.m.•4 views

CVE-2023-5350

SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1...

9.1CVSS7.9AI score0.15281EPSS

Exploits2References1

RedhatCVE•added 2025/05/23 3:36 a.m.•6 views

CVE-2023-5351

Cross-site Scripting XSS - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1...

8.9CVSS6AI score0.00126EPSS

Exploits1

OSV•added 2024/03/06 11:7 a.m.•8 views

BIT-SUITECRM-2023-5350 SQL Injection in salesagility/suitecrm

SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1...

9.1CVSS8AI score0.15281EPSS

Exploits2References3

Prion•added 2023/10/03 1:15 p.m.•19 views

Improper access control

Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1...

5.5CVSS6.5AI score0.00065EPSS

Exploits1References2Affected Software1

NVD•added 2023/10/03 12:15 p.m.•8 views

CVE-2023-5351

Cross-site Scripting XSS - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1...

8.9CVSS6AI score0.00126EPSS

Exploits1References2

Prion•added 2023/10/03 12:15 p.m.•14 views

Sql injection

SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1...

5.5CVSS7.2AI score0.15281EPSS

Exploits2References2Affected Software1

Positive Technologies•added 2023/10/03 12:0 a.m.•2 views

PT-2023-32065 · Salesagility · Salesagility/Suitecrm

Name of the Vulnerable Software and Affected Versions: salesagility/suitecrm versions prior to 7.14.1 Description: The issue is related to improper access control in the salesagility/suitecrm GitHub repository. Recommendations: For versions prior to 7.14.1, update to version 7.14.1 or later to...

8.1CVSS7AI score0.00065EPSS

Exploits1References10

Positive Technologies•added 2023/10/03 12:0 a.m.•1 views

PT-2023-32063 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.14.1 Description: The issue is related to Cross-site Scripting XSS - Stored, which occurs when an application stores user input and later displays it without proper validation, allowing an attacker to inject...

8.9CVSS6.4AI score0.00126EPSS

Exploits1References7

CNNVD•added 2023/10/03 12:0 a.m.•2 views

SuiteCRM Cross-Site Scripting Vulnerability

SuiteCRM is a customer relationship management system from the SuiteCRM team. A cross-site scripting vulnerability exists in SuiteCRM versions prior to 7.14.1 that stems from the presence of a cross-site scripting XSS vulnerability...

8.9CVSS5.8AI score0.00126EPSS

Exploits1References3

OSV•added 2023/08/08 12:15 p.m.•0 views

CVE-2023-23880

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in ExactMetrics plugin = 7.14.1 versions...

5.4CVSS7.3AI score0.00103EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by