CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3642 matches found

ATTACKERKB•added 2025/10/17 12:0 a.m.•0 views

CVE-2025-56320

Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting XSS in its chat box component. This allows a remote attacker to execute arbitrary code. NOTE: the Supplier reports that this is "Present only in an obsolete, unsupported version no longer in circulation."...

5.4CVSS6.2AI score0.00394EPSS

Exploits0References4

Cvelist•added 2025/10/17 12:0 a.m.•7 views

CVE-2025-56320

0.00394EPSS

Exploits0References3

Vulnrichment•added 2025/10/17 12:0 a.m.•1 views

CVE-2025-56320

6.2AI score0.00394EPSS

Exploits0References3

CNNVD•added 2025/10/17 12:0 a.m.•2 views

Cobblestone Enterprise Contract Management Software 安全漏洞

Cobblestone Enterprise Contract Management Software is an enterprise contract management software from Cobblestone Corporation, USA. A security vulnerability exists in Cobblestone Enterprise Contract Management Software version 22.4.0, which originates from the presence of stored cross-site...

5.4CVSS6.2AI score0.00394EPSS

Exploits0References4

Snyk•added 2025/10/16 7:51 a.m.•1 views

Malicious Package

Overview item-box is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.8AI score

Exploits0References3

Packet Storm News•added 2025/10/16 12:0 a.m.•30 views

A Hard-Label Black-Box Evasion Attack against ML-Based Malicious Traffic Detection Systems

Machine Learning ML-based malicious traffic detection is a promising security paradigm. It outperforms rule-based traditional detection by identifying various advanced attacks. However, the robustness of these ML models is largely unexplored, thereby allowing attackers to craft adversarial traffi...

6.8AI score

Exploits0

Snyk•added 2025/10/13 9:41 a.m.•3 views

Cross-site Scripting (XSS)

Overview qwc2-lts is a QGIS Web Client Affected versions of this package are vulnerable to Cross-site Scripting XSS via multiple components, including ServiceInfoWindow, SearchBox, LayerInfoWindow, and others. An attacker can execute arbitrary JavaScript code in the context of the user's browser ...

6.9CVSS5.3AI score0.00401EPSS

Exploits0References3