CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

Vulnrichment•added 2026/03/04 12:13 p.m.•4 views

CVE-2026-24732 Improper permission checks in Extension:NSFileRepo

Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt! GmbH BlueSpice Extension:NSFileRepo modules allows Accessing Functionality Not Properly Constrained by ACLs, Bypassing Electronic Locks and Access Controls.This...

8.7CVSS5.9AI score0.00265EPSS

Exploits0References1

CVE•added 2026/03/04 12:13 p.m.•12 views

CVE-2026-24732

CVE-2026-24732 affects Hallo Welt! GmbH BlueSpice Extension:NSFileRepo, with vulnerable versions 5.1–5.1.5 and 5.2–5.2.0. The issue is improper permission checks in the extension, allowing access to functionality not properly constrained by ACLs and bypassing electronic locks and access controls....

8.7CVSS5.9AI score0.00265EPSS

Exploits0References1

RedhatCVE•added 2025/09/21 1:25 p.m.•14 views

CVE-2025-46703

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:AtMentions allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...

6.4CVSS6.3AI score0.00179EPSS

Exploits0References1

RedhatCVE•added 2025/09/21 1:25 p.m.•7 views

CVE-2025-48007

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceAvatars allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...

6.4CVSS6.3AI score0.00179EPSS

Exploits0References1

NVD•added 2025/09/19 2:15 p.m.•10 views

CVE-2025-57880

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceWhoIsOnline allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...

5.9CVSS0.00166EPSS

Exploits0References1

OSV•added 2025/09/19 2:15 p.m.•1 views

CVE-2025-48007

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceAvatars allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...

6.4CVSS5.8AI score0.00179EPSS

Exploits0References1

NVD•added 2025/09/19 2:15 p.m.•12 views

CVE-2025-48007

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceAvatars allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...

6.4CVSS0.00179EPSS

Exploits0References1

Cvelist•added 2025/09/19 1:10 p.m.•7 views

CVE-2025-57880 Potential XSS in Extension:BlueSpiceWhoIsOnline

5.9CVSS0.00166EPSS

Exploits0References1

Cvelist•added 2025/09/19 1:9 p.m.•7 views

CVE-2025-48007 Potential XSS in Extension:BlueSpiceAvatars

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceAvatars allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...

5.9CVSS0.00179EPSS

Exploits0References1

Positive Technologies•added 2025/09/19 12:0 a.m.•6 views

PT-2025-38533

Name of the Vulnerable Software and Affected Versions BlueSpice versions 5 through 5.1.1 Description An improper encoding or escaping of output issue exists in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceAvatars that allows for Cross-Site Scripting XSS. Recommendations Update BlueSpice to a...

6.4CVSS6AI score0.00179EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by