CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

64 matches found

CVE-2026-35212

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Versions prior to 7.260227.0 are vulnerable to XSS in the rendering of email-message observable body data. The content of the body field isn't appropriately sanitized when being rendered. Does...

5.3CVSS0.00047EPSS

Exploits0References1

ATTACKERKB•added 3 days ago•5 views

CVE-2026-35212

5.3CVSS5.8AI score0.00047EPSS

Exploits0References2Affected Software1

EUVD•added 3 days ago•5 views

EUVD-2026-34035

5.3CVSS5.8AI score0.00047EPSS

Exploits0References1

CVE•added 3 days ago•12 views

CVE-2026-35212

OpenCTI vulnerability CVE-2026-35212: XSS in rendering of email-message observable body data due to insufficient sanitization in versions prior to 7.260227.0. The body content is rendered without proper sanitization, requiring user interaction and could be triggered by sharing STIX or ingesters, ...

5.3CVSS5.8AI score0.00047EPSS

Exploits0References1

Vulnrichment•added 3 days ago•4 views

CVE-2026-35212 OpenCTI has XSS in the rendering of email-message observable body data

5.3CVSS5.8AI score0.00047EPSS

Exploits0References1

Snyk•added 2026/04/03 6:31 a.m.•0 views

Incorrect Resource Transfer Between Spheres

Overview Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres in the processing of HTML email content when handling the background attribute of the BODY element. An attacker can cause information disclosure or bypass access controls by sending a speciall...

6.9CVSS5.9AI score0.00015EPSS

Exploits0References2

RedHat Linux•added 2026/03/10 10:38 p.m.•1 views

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

6CVSS7.3AI score0.00052EPSS

Exploits0References9

RedhatCVE•added 2026/02/04 1:20 p.m.•2 views

CVE-2025-59902

HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters during a chat session. The injected HTML is included in the body of the email sent by the system...

7.1CVSS5.6AI score0.00023EPSS

Exploits0References1

RedhatCVE•added 2025/11/13 7:11 a.m.•1 views

CVE-2025-63419

Cross Site Scripting XSS vulnerability in CrushFTP 11.3.648. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection...

6.1CVSS5.9AI score0.00025EPSS

Exploits1References1

NVD•added 2025/11/12 5:15 p.m.•1 views

CVE-2025-63419

6.1CVSS0.00025EPSS

Exploits1References2

OSV•added 2025/11/12 5:15 p.m.•1 views

CVE-2025-63419

6.1CVSS5.8AI score0.00025EPSS

Exploits1References2

Vulnrichment•added 2025/11/12 12:0 a.m.•1 views

CVE-2025-63419

5.5AI score0.00025EPSS

Exploits1References2

CVE•added 2025/11/12 12:0 a.m.•4 views

CVE-2025-63419

Summary: CVE-2025-63419 affects CrushFTP 11.3.6_48. The web-based server’s file sharing feature reflects the filename into an emailBody field without sanitization, enabling HTML injection through an XSS vulnerability. Affected: CrushFTP Web-Based Server (CrushFTP 11.3.6_48). Impact/Notes: XSS via...

6.1CVSS5.5AI score0.00025EPSS

Exploits1References2Affected Software1