CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

209 matches found

CNNVD•added 2026/02/10 12:0 a.m.•6 views

MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from issues wit...

7.1CVSS5.8AI score0.00199EPSS

Exploits0References3

ATTACKERKB•added 2026/02/09 3:6 a.m.•5 views

CVE-2025-66606

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly encode URLs. An attacker could tamper with web pages or execute malicious scripts. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN, HMIWEB,...

2.1CVSS5.3AI score0.00217EPSS

Exploits0References2

Positive Technologies•added 2026/02/02 12:0 a.m.•10 views

PT-2026-5714

Name of the Vulnerable Software and Affected Versions FacturaScripts versions 2025.71 and earlier Description FacturaScripts software contains a Stored Cross-Site Scripting XSS flaw within the Observations field in the History view. The application fails to properly encode HTML entities when...

8CVSS5.8AI score0.00385EPSS

Exploits1References8

Tenable Nessus•added 2026/01/20 12:0 a.m.•5 views

MiracleLinux 8 : go-toolset:rhel8 (AXSA:2022-3736:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3736:01 advisory. golang: compress/gzip: stack exhaustion in Reader.Read CVE-2022-30631 golang: net/http: improper sanitization of Transfer-Encoding header...

7.5CVSS7.1AI score0.01875EPSS

Exploits3References10

Positive Technologies•added 2026/01/16 12:0 a.m.•5 views

PT-2026-3251

Name of the Vulnerable Software and Affected Versions ConnectWise PSA versions prior to 2026.1 Description ConnectWise PSA versions older than 2026.1 may allow stored script code to execute in a user’s browser. This occurs because Time Entry notes stored in the Time Entry Audit Trail are rendered...

8.7CVSS5.7AI score0.00251EPSS

Exploits0References12

RedhatCVE•added 2026/01/07 9:32 a.m.•9 views

CVE-2019-16523

The events-manager plugin through 5.9.5 for WordPress aka Events Manager is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute mapstyle of shortcodes locationsmap and eventsmap provided by the plugin...

5.4CVSS6AI score0.01072EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:31 a.m.•6 views

CVE-2019-16524

The easy-fancybox plugin before 1.8.18 for WordPress aka Easy FancyBox is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter...

4.8CVSS5.9AI score0.01024EPSS

Exploits1References1

Tenable Nessus•added 2025/12/11 12:0 a.m.•3 views

Qnap QTS and QuTS hero Improper Handling of URL Encoding (CVE-2024-48866)

An improper handling of URL encoding Hex Encoding vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following...

5.3CVSS5.5AI score0.00423EPSS

Exploits0References2

Tenable Nessus•added 2025/10/23 12:0 a.m.•3 views

SUSE SLED15: libQt5Bootstrap-devel-static / libQt5Bootstrap-devel-static-32bit / etc (SUSE-SU-2025:3723-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3723-1 advisory. Security issues fixed: - CVE-2025-5455: processing of malformed data in qDecodeDataUrl can trigg...

8.4CVSS7.4AI score0.00343EPSS

Exploits0References7