CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2025/10/27 9:19 p.m.•4 views

CVE-2025-62779 Frappe Learning users were able to add HTML through input fields in the Job Form

Frappe Learning is a learning system that helps users structure their content. In Frappe Learning 2.39.1 and earlier, users were able to add HTML through input fields in the Job Form...

5.1CVSS6.3AI score0.00168EPSS

Cvelist•added 2025/10/27 9:19 p.m.•7 views

CVE-2025-62779 Frappe Learning users were able to add HTML through input fields in the Job Form

Frappe Learning is a learning system that helps users structure their content. In Frappe Learning 2.39.1 and earlier, users were able to add HTML through input fields in the Job Form...

5.1CVSS0.00168EPSS

OSV•added 2025/10/27 3:15 p.m.•2 views

CVE-2025-36121

IBM OpenPages 9.1 and 9.0 is vulnerable to HTML injection. A remotely authenticated attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS5.8AI score0.00162EPSS

NVD•added 2025/10/27 3:15 p.m.•4 views

CVE-2025-36121

5.4CVSS0.00162EPSS

CVE•added 2025/10/27 2:56 p.m.•8 views

CVE-2025-36121

IBM OpenPages 9.0 and 9.1 are affected by an HTML injection (XSS) vulnerability in a specific URL endpoint. A remotely authenticated attacker could inject malicious HTML that executes in the victim’s browser within the hosting site's security context. CVSS v3.1 base score is 5.4 (medium) with net...

5.4CVSS6.1AI score0.00162EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/10/27 2:56 p.m.•5 views

CVE-2025-36121 HTML Injection Vulnerability in a Specific URL Endpoint of the IBM OpenPages Application

5.4CVSS6.1AI score0.00162EPSS

Cvelist•added 2025/10/27 2:56 p.m.•12 views

CVE-2025-36121 HTML Injection Vulnerability in a Specific URL Endpoint of the IBM OpenPages Application

5.4CVSS0.00162EPSS

RedhatCVE•added 2025/10/23 2:15 p.m.•3 views

CVE-2025-8848

A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the tag of the response. This can lead to potential security...

5.4CVSS6.1AI score0.00423EPSS

OSV•added 2025/10/23 10:15 a.m.•6 views

CVE-2025-9981

QuickCMS is vulnerable to multiple Stored XSS in slider editor functionality sliders-form. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. T...

4.8CVSS5.8AI score0.00176EPSS

CVE•added 2025/10/23 9:37 a.m.•11 views

CVE-2025-9981

CVE-2025-9981 refers to QuickCMS with Stored XSS in the slider editor (sliders-form). The Red Hat and NVD/CIRCL entries confirm this vulnerability affects QuickCMS 6.8 as tested; other versions are not verified and may also be affected. By design, an admin can inject arbitrary HTML/JS, which is r...

4.8CVSS6AI score0.00176EPSS

Exploits0References2Affected Software1

CNNVD•added 2025/10/23 12:0 a.m.•4 views

Open Solution QuickCMS 跨站脚本漏洞

Open Solution QuickCMS is an Open Solution open source content management system. A cross-site scripting vulnerability exists in Open Solution QuickCMS version 6.8, which stems from multiple stored cross-site scripting vulnerabilities in the slider editor feature, which could lead to the injectio...

4.8CVSS6.3AI score0.00176EPSS

FreeBSD•added 2025/10/23 12:0 a.m.•5 views

privatebin - Missing HTML sanitisation of attached filename in file size hint enabling persistent XSS

PrivateBin reports: We've identified an HTML injection/XSS vulnerability in the PrivateBin service that allows the injection of arbitrary HTML markup via the attached filename...

5.8CVSS7.3AI score0.00277EPSS

OSV•added 2025/10/22 7:38 p.m.•0 views

GHSA-45P5-V273-3QQR Vert.x-Web vulnerable to Stored Cross-site Scripting in directory listings via file names

Description - In the StaticHandlerImplsendDirectoryListing... method under the text/html branch, file and directory names are directly embedded into the href, title, and link text without proper HTML escaping. - As a result, in environments where an attacker can control file names, injecting...

4.9CVSS7.1AI score0.00265EPSS

Exploits1References4

EUVD•added 2025/10/22 3:31 p.m.•4 views

EUVD-2025-35577

4.8CVSS5.6AI score0.00423EPSS

Exploits1References2

OSV•added 2025/10/22 2:15 p.m.•3 views

CVE-2025-8848

5.4CVSS6.2AI score0.00423EPSS

NVD•added 2025/10/22 2:15 p.m.•3 views

CVE-2025-8848

5.4CVSS0.00423EPSS

CVE•added 2025/10/22 1:54 p.m.•18 views

CVE-2025-8848

LibreChat (danny-avila/librechat) v0.7.9 contains a vulnerability where the Accept-Language header is not properly sanitized, allowing a logged-in attacker to inject arbitrary HTML into the html lang tag, effectively a stored XSS risk as described by multiple sources (NVD, Nuclei template, OSV, R...

5.4CVSS4.9AI score0.00423EPSS

Exploits1References1Affected Software1

Cvelist•added 2025/10/22 1:54 p.m.•9 views

CVE-2025-8848 HTML Injection in Accept-Language Header in danny-avila/librechat

4.8CVSS0.00423EPSS

Vulnrichment•added 2025/10/22 1:54 p.m.•4 views

CVE-2025-8848 HTML Injection in Accept-Language Header in danny-avila/librechat

4.8CVSS5.7AI score0.00423EPSS