CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3220 matches found

CNNVD•added 2025/10/16 12:0 a.m.•1 views

Desknets Neo 跨站脚本漏洞

Desknets Neo is a remote office support software from Desknets Japan. A cross-site scripting vulnerability exists in Desknets Neo V9.0R2.0 and earlier versions, which originates from stored cross-site scripting and could lead to the execution of arbitrary JavaScript...

4.8CVSS5AI score0.00042EPSS

Exploits0References2

RedhatCVE•added 2025/10/14 9:46 a.m.•2 views

CVE-2025-11183

Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page...

6.9CVSS6.4AI score0.00015EPSS

Exploits0References1

Snyk•added 2025/10/13 9:41 a.m.•2 views

Cross-site Scripting (XSS)

Overview qwc2 is a QGIS Web Client Affected versions of this package are vulnerable to Cross-site Scripting XSS via multiple components, including ServiceInfoWindow, SearchBox, LayerInfoWindow, and others. An attacker can execute arbitrary JavaScript code in the context of the user's browser by...

6.9CVSS5.4AI score0.00015EPSS

Exploits0References3

CVE•added 2025/10/13 9:20 a.m.•4 views

CVE-2025-11184

CVE-2025-11184 affects QGIS QWC2 Registration GUI up to version 2025.03.31. It enables an authorized attacker to inject arbitrary JavaScript (XSS) into the page, with potential impact to Confidentiality (High) and Integrity (Low) per CVSS. Remediation: upgrade to a version later than 2025.03.31 (...

6.9CVSS6.4AI score0.00015EPSS

Exploits0References1

RedhatCVE•added 2025/10/13 5:29 a.m.•3 views

CVE-2025-61319

ReNgine thru 2.2.0 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability in the Vulnerabilities module. When scanning a target with an XSS payload, the unsanitized payload is rendered in the ReNgine web UI, resulting in arbitrary JavaScript execution in the victim's browser. This can b...

6.1CVSS5.2AI score0.00059EPSS

Exploits1References1

Positive Technologies•added 2025/10/13 12:0 a.m.•2 views

PT-2025-41780

Name of the Vulnerable Software and Affected Versions QGIS QWC2 Registration GUI versions through 2025.03.31 Description A cross-site scripting issue exists in QGIS QWC2 Registration GUI. An authorized attacker can inject arbitrary JavaScript code into the page. Recommendations Update QGIS QWC2...

6.9CVSS6.1AI score0.00015EPSS

Exploits0References3

Vulnrichment•added 2025/10/10 12:0 a.m.•1 views

CVE-2025-60869

Publii CMS v0.46.5 build 17089 allows persistent Cross-Site Scripting XSS via unsanitized input in configuration fields such as "Site Description" and "Footer Follow Buttons". An attacker can inject arbitrary JavaScript, which is stored in the project and executed in the browsers of remote visito...

7.3CVSS5.7AI score0.00029EPSS

Exploits0References2

EUVD•added 2025/10/09 12:0 a.m.•1 views

EUVD-2025-33349

A cross-site scripting XSS vulnerability in the component /app/marketplace.html of Logseq v0.10.9 allows attackers to execute arbitrary code via injecting arbitrary Javascript into a crafted README.md file...

5.9AI score0.00078EPSS

Exploits1References6

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-21411

Malware in sbrugna...

7.3CVSS6.6AI score0.0027EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2010-0095

Malware in sbrugna...

6.8CVSS4.5AI score0.00345EPSS

Exploits0References3