CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2025/10/15 4:52 p.m.•1 views

CVE-2025-62380 Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails

6.3CVSS7AI score0.00409EPSS

OSV•added 2025/10/15 4:52 p.m.•4 views

CVE-2025-62380 Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails

6.3CVSS7.5AI score0.00409EPSS

RedhatCVE•added 2025/10/15 12:51 a.m.•3 views

CVE-2025-60374

Stored Cross-Site Scripting XSS in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting in client-side code execution, potential session token theft, and other malicious actions. A...

6.1CVSS5.8AI score0.00452EPSS

Exploits3References1

OSV•added 2025/10/14 7:49 p.m.•3 views

GHSA-XW6R-CHMH-VPMJ Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails

Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Your project is affected if you use the Mailgen.generatePlaintextemail method and pass in user-generated content. The issue was discovered and reported by Edoardo Ottavianelli @edoardottt. Detail...

2.3CVSS7.4AI score0.00387EPSS

EUVD•added 2025/10/14 7:49 p.m.•5 views

EUVD-2025-34231

Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails...

6.3CVSS6AI score0.00387EPSS

Exploits0References3

Github Security Blog•added 2025/10/14 7:36 p.m.•11 views

Home Assistant has Stored XSS vulnerability in Energy dashboard from Energy Entity Name

Summary An authenticated party can add a malicious name to the Energy entity, allowing for Cross-Site Scripting attacks against anyone who can see the Energy dashboard, when they hover over any information point The blue bar in the picture below An alternative, and more impactful scenario, is tha...

9.3CVSS6.1AI score0.00519EPSS

Exploits0References7Affected Software1

NVD•added 2025/10/14 4:15 p.m.•7 views

CVE-2025-62366

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerability in plaintext emails produced by the generatePlaintext method when user‑generated content is supplied. The function attempts t...

6.3CVSS0.00387EPSS

Cvelist•added 2025/10/14 3:23 p.m.•9 views

CVE-2025-62366 Mailgen vulnerable to HTML injection and cross-site scripting via plaintext email generation

6.3CVSS0.00387EPSS

CVE•added 2025/10/14 3:23 p.m.•12 views

CVE-2025-62366

Summary: CVE-2025-62366 affects the Node.js package Mailgen. The vulnerability lies in generatePlaintext in versions up to 2.0.30, where encoded HTML entities are not stripped and are later decoded, producing active HTML in plaintext output. If that plaintext is rendered as HTML, attacker-control...

6.3CVSS6.8AI score0.00387EPSS

OSV•added 2025/10/14 3:23 p.m.•3 views

CVE-2025-62366 Mailgen vulnerable to HTML injection and cross-site scripting via plaintext email generation

6.3CVSS7.3AI score0.00387EPSS

Vulnrichment•added 2025/10/14 12:0 a.m.•3 views

CVE-2025-60374

5.5AI score0.00318EPSS

Exploits2References1

CNNVD•added 2025/10/14 12:0 a.m.•3 views

Centreon 安全漏洞

Centreon is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. Centreon has a security vulnerability that can be exploited by attackers to execute arbitrary Web scrip...

6.8CVSS6.8AI score0.00225EPSS

RedhatCVE•added 2025/10/13 6:20 a.m.•6 views

CVE-2025-31992

HCL Unica MaxAI Assistant is susceptible to a HTML injection vulnerability. An attacker could insert special characters that are processed client-side in the context of the user's session...

4.6CVSS7AI score0.00158EPSS

RedhatCVE•added 2025/10/13 5:29 a.m.•9 views

CVE-2025-60378

Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enabling phishing, credential theft, and business emai...

8.1CVSS7.2AI score0.01065EPSS

Exploits1References1

NVD•added 2025/10/12 6:15 a.m.•3 views

CVE-2025-31992

HCL Unica MaxAI Assistant is susceptible to a HTML injection vulnerability. An attacker could insert special characters that are processed client-side in the context of the user's session...

4.6CVSS0.00158EPSS

CVE•added 2025/10/12 5:57 a.m.•9 views

CVE-2025-31992

CVE-2025-31992 affects HCL Unica MaxAI Assistant. The issue is a HTML injection vulnerability where an attacker could insert special characters that are processed client-side within the user’s session. The CVSSv3.1 metrics in the initial data indicate: AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N, base sc...

4.6CVSS6.6AI score0.00158EPSS

Cvelist•added 2025/10/12 5:57 a.m.•7 views

CVE-2025-31992 HCL MaxAI Assistant is susceptible to a HTML injection vulnerability

HCL Unica MaxAI Assistant is susceptible to a HTML injection vulnerability. An attacker could insert special characters that are processed client-side in the context of the user's session...

4.6CVSS0.00158EPSS

Vulnrichment•added 2025/10/12 5:57 a.m.•3 views

CVE-2025-31992 HCL MaxAI Assistant is susceptible to a HTML injection vulnerability

HCL Unica MaxAI Assistant is susceptible to a HTML injection vulnerability. An attacker could insert special characters that are processed client-side in the context of the user's session...

4.6CVSS6.6AI score0.00158EPSS