CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

OSV•added 2026/05/14 8:18 p.m.•1 views

GHSA-HCWP-82G6-8WXC Open WebUI has stored XSS via unsanitized Office/Excel/DOCX file preview rendering ({@html} without DOMPurify)

Related advisory This advisory tracks a regression of the original Excel-preview XSS that was publicly disclosed and patched under GHSA-jwf8-pv5p-vhmc patched in v0.8.0. The same root cause — XLSX.utils.sheettohtml output rendered via @html excelHtml without DOMPurify — was reintroduced sometime...

5.4CVSS5.8AI score0.00012EPSS

Exploits1References5

RedhatCVE•added 2025/12/13 12:16 a.m.•1 views

CVE-2025-64011

Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference IDOR in the /core/preview endpoint. Any authenticated user can access previews of arbitrary files belonging to other users by manipulating the fileId parameter. This allows unauthorized disclosure of sensitive data, such...

4.3CVSS6.7AI score0.00037EPSS

Exploits1References1

EUVD•added 2025/12/12 6:30 p.m.•3 views

EUVD-2025-203106

4.3CVSS6.2AI score0.00037EPSS

Exploits1References4

CVE•added 2025/12/12 12:0 a.m.•6 views

CVE-2025-64011

Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. An authenticated user can access previews of arbitrary files belonging to other users by manipulating the fileId parameter, enabling unauthorized disclosure of sensitive data (text, ...

4.3CVSS6.3AI score0.00037EPSS

Exploits1References3Affected Software1

Cvelist•added 2025/12/12 12:0 a.m.•23 views

CVE-2025-64011

0.00037EPSS

Exploits1References3

Vulnrichment•added 2025/12/12 12:0 a.m.•1 views

CVE-2025-64011

6.3AI score0.00037EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-8303

Malware in sbrugna...

5.3CVSS5.4AI score0.00243EPSS

Exploits1References3

OSV•added 2025/07/07 3:15 a.m.•1 views

CVE-2025-53176

Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function...

3.3CVSS5.8AI score

Exploits0References1

CNNVD•added 2025/07/07 12:0 a.m.•1 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS versions 5.0.1 and 5.1.0, which stems from a stack overflow risk when parsing vector images, and can be...

5.3CVSS7AI score0.00166EPSS

Exploits0References1

CNNVD•added 2025/07/07 12:0 a.m.•1 views

Huawei HarmonyOS 安全漏洞

4CVSS7AI score0.00043EPSS

Exploits0References1

CNNVD•added 2025/07/07 12:0 a.m.•2 views

Huawei HarmonyOS 安全漏洞

4CVSS7AI score0.00043EPSS

Exploits0References1

OSV•added 2024/05/24 11:8 a.m.•1 views

OESA-2024-1632 nautilus security update

It's easier to manage your files for the GNOME desktop. Ability to browse directories on local and remote systems. preview folders and launch related programs. It is also handle icons on the GNOME desktop. Security Fixes: GNOME Nautilus 42.2 allows a NULL pointer dereference and getbasename...

5.5CVSS6.8AI score0.00039EPSS

Exploits1References2

Positive Technologies•added 2022/05/17 12:0 a.m.•1 views

PT-2022-20005

Name of the Vulnerable Software and Affected Versions Jirafeau versions prior to 4.4.0 Description The file preview functionality in Jirafeau, which is enabled by default, could be exploited for cross-site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone...

6.1CVSS6AI score0.00152EPSS

Exploits0References11

Microsoft KB•added 2019/08/08 12:0 a.m.•3 views

August 6, 2019, update for Excel 2016 (KB4475550)

August 6, 2019, update for Excel 2016 KB4475550 This article describes update 4475550 for Microsoft Excel 2016 that was released on August 6, 2019.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to th...

6.4AI score

Exploits0