CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

129 matches found

RedhatCVE•added 2025/10/06 5:13 p.m.•2 views

CVE-2025-54286

Cross-Site Request Forgery CSRF in LXD-UI in Canonical LXD versions = 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication...

7.5CVSS6.5AI score0.00024EPSS

Exploits1References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-9467

Malicious code in bioql PyPI...

7.1CVSS7.7AI score0.00219EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-52958

Malicious code in bioql PyPI...

7.1CVSS8.7AI score0.00265EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-12311

Malicious code in bioql PyPI...

6.5CVSS7.2AI score0.00128EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-55569

Malicious code in bioql PyPI...

5.9CVSS6.4AI score0.00058EPSS

Exploits0References1

Positive Technologies•added 2025/10/02 12:0 a.m.•2 views

PT-2025-40326

Name of the Vulnerable Software and Affected Versions Canonical LXD versions 5.0 and later Description A Cross-Site Request Forgery CSRF issue exists in LXD-UI. This allows an attacker to create and start container instances without user consent by submitting crafted HTML forms that exploit clien...

8.8CVSS6.3AI score0.00133EPSS

Exploits7References38

RedhatCVE•added 2025/05/23 8:59 a.m.•3 views

CVE-2024-6412

The HTML Forms WordPress plugin before 1.3.34 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

6.5CVSS6.7AI score0.00253EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 8:2 a.m.•14 views

CVE-2024-6243

The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disabled...

5.9CVSS5.5AI score0.00161EPSS

Exploits1References1

Veracode•added 2025/05/13 7:44 p.m.•6 views

Cross-site Scripting (XSS)

org.graylog2:graylog2-server is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insecure input handling due to the ability to inject and submit malicious HTML forms via the Event Definition Remediation Step field, which can result in session cookie theft under specific...

8CVSS6.2AI score0.0014EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2025/04/25 11:34 p.m.•8 views

CVE-2025-46236

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Link Software LLC HTML Forms html-forms allows Stored XSS.This issue affects HTML Forms: from n/a through = 1.5.2...

6.5CVSS7.2AI score0.00128EPSS

Exploits0References1

NVD•added 2025/04/22 10:15 a.m.•10 views

CVE-2025-46236

6.5CVSS0.00128EPSS

Exploits0References1

OSV•added 2025/04/22 10:15 a.m.•2 views

CVE-2025-46236

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Link Software LLC HTML Forms allows Stored XSS. This issue affects HTML Forms: from n/a through 1.5.2...

5.4CVSS5.8AI score0.00128EPSS

Exploits0References1

Vulnrichment•added 2025/04/22 9:53 a.m.•11 views

CVE-2025-46236 WordPress HTML Forms <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability

6.5CVSS6.8AI score0.00128EPSS

Exploits0References1

CVE•added 2025/04/22 9:53 a.m.•59 views

CVE-2025-46236

CVE-2025-46236: WordPress HTML Forms plugin (Link Software LLC) contains a stored XSS due to improper input neutralization during web page generation. Affected versions are 1.5.2 and earlier. Public references (NVD/patch sources) confirm the issue and CVSS vectors/score; however, the connected do...

6.5CVSS7.2AI score0.00128EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/04/22 9:53 a.m.•14 views

CVE-2025-46236 WordPress HTML Forms plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability

6.5CVSS0.00128EPSS

Exploits0References1

CNNVD•added 2025/04/22 12:0 a.m.•2 views

WordPress plugin HTML Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6.5AI score0.00128EPSS

Exploits0References1

Positive Technologies•added 2025/04/22 12:0 a.m.•3 views

PT-2025-17501 · Link Software Llc · Html Forms

Name of the Vulnerable Software and Affected Versions: Link Software LLC HTML Forms versions 1.5.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker...

6.5CVSS6.7AI score0.00128EPSS

Exploits0References6

RedhatCVE•added 2025/04/03 9:36 p.m.•5 views

CVE-2025-31080

7.1CVSS7.2AI score0.00219EPSS

Exploits0References1

NVD•added 2025/04/01 9:15 p.m.•6 views

CVE-2025-31080

7.1CVSS0.00219EPSS

Exploits0References1

Vulnrichment•added 2025/04/01 8:58 p.m.•4 views

CVE-2025-31080 WordPress HTML Forms plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability