CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

79 matches found

RedhatCVE•added 2026/05/26 8:13 p.m.•8 views

CVE-2026-40597

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.28.1 and below, given any pre-existing XSS / HTML injection vulnerability, an attacker can bypass the Content Security Policy's script-src directive by uploading a crafted attachment to any issue that, when accessed via th...

7.6CVSS5.8AI score0.00071EPSS

Exploits0References1

EUVD•added 2026/05/22 7:29 p.m.•11 views

EUVD-2026-31496

7.6CVSS5.7AI score0.00071EPSS

Exploits0References3

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в thunderbird

By creating a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the...

6.3CVSS6.4AI score0.00099EPSS

Exploits0References2

SUSE CVE•added 2026/04/22 1:37 a.m.•3 views

SUSE CVE-2026-39377

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The...

6.5CVSS5.9AI score0.00048EPSS

Exploits0References3

ATTACKERKB•added 2026/04/21 12:14 a.m.•2 views

CVE-2026-39377

6.5CVSS5.9AI score0.00048EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/01/10 1:6 a.m.•25 views

CVE-2026-22600 OpenProject is Vulnerable to Arbitrary File Read via ImageMagick SVG Coder

OpenProject is an open-source, web-based project management software. A Local File Read LFR vulnerability exists in the work package PDF export functionality of OpenProject prior to version 16.6.4. By uploading a specially crafted SVG file disguised as a PNG as a work package attachment, an...

9.1CVSS0.00016EPSS

Exploits0References2

Nextcloud•added 2025/12/05 7:57 a.m.•11 views

Calendar attachments of local files are offered to downloaded

None...

5.7CVSS5.2AI score0.00024EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2025/12/05 12:0 a.m.•3 views

PT-2025-49290

Name of the Vulnerable Software and Affected Versions Nextcloud Calendar versions prior to 4.7.17 Nextcloud Calendar versions prior to 5.2.4 Description A malicious user could create a calendar event with a specially crafted attachment that links to a file on the same Nextcloud server. This actio...

5.7CVSS6.3AI score0.00024EPSS

Exploits0References12

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2016-2560

Malware in sbrugna...

7.5CVSS7.5AI score0.00771EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2009-5085

Malware in sbrugna...

4.3CVSS6.4AI score0.00408EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2016-6768

Malware in sbrugna...

6.1CVSS6.3AI score0.01221EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2015-0923

Malware in sbrugna...

4.3CVSS6.4AI score0.00322EPSS

Exploits0References4

Tenable Nessus•added 2025/08/24 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2016-5833

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in the columntitle function in wp-admin/includes/class-wp-media- list-table.php in WordPress before 4.5.3 allows remote...

6.1CVSS6.6AI score0.01221EPSS

Exploits0References2

Tenable Nessus•added 2025/08/24 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2016-9139

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote...

6.1CVSS6.2AI score0.00233EPSS

Exploits0References2

RedhatCVE•added 2025/05/21 9:43 p.m.•5 views

CVE-2009-5130

The Rules Service in Websense Email Security before 7.1 allows remote attackers to cause a denial of service service crash via an attachment with a crafted size...

4.3CVSS6.9AI score0.00408EPSS

Exploits0References1

RedHat Linux•added 2025/05/13 4:5 p.m.•4 views

thunderbird: Information Disclosure of /tmp directory listing

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edit...

6.3CVSS6.4AI score0.00099EPSS

Exploits0References7

RedHat Linux•added 2025/05/07 12:59 p.m.•3 views

thunderbird: Information Disclosure of /tmp directory listing

6.3CVSS6.4AI score0.00099EPSS

Exploits0References7

RedHat Linux•added 2025/05/07 5:58 a.m.•3 views

thunderbird: Information Disclosure of /tmp directory listing

6.3CVSS6.4AI score0.00099EPSS

Exploits0References7

RedHat Linux•added 2025/05/06 7:58 a.m.•4 views

thunderbird: Leak of hashed Window credentials via crafted attachment URL

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to...

6.3CVSS6.6AI score0.001EPSS

Exploits0References7

RedHat Linux•added 2025/05/06 7:51 a.m.•4 views

thunderbird: Information Disclosure of /tmp directory listing

6.3CVSS6.4AI score0.00099EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by