CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

88 matches found

RedhatCVE•added 2026/01/09 9:15 a.m.•4 views

CVE-2022-23620

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandlerprocessSx does not escape anything from SSX document references when serializing it on filesystem, it is possible to for the HTML...

6.8CVSS6.7AI score0.00307EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2014-3881

Malware in sbrugna...

4.3CVSS6.4AI score0.00285EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-0891

Malicious code in bioql PyPI...

6.8CVSS5.9AI score0.00307EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-18116

Malicious code in bioql PyPI...

6.6AI score

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-0206

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.6294EPSS

Exploits1References6

OSV•added 2025/06/11 2:46 p.m.•1 views

GHSA-V33J-V3X4-42QG Regex literal in Hurl files are not escaped when exported to HTML, allowing injections

Given this Hurl file: regex.hurl: GET https://foo.com HTTP 200 Asserts jsonpath "$.body" matches // When exported to HTML: $ hurlfmt --out html regex.hurl GET https://foo.com HTTP 200 Asserts jsonpath "$.body" matches // The regex literal // is not escaped: // When opened in a browser, the code i...

7.2AI score

Exploits0References4

RedhatCVE•added 2025/05/23 5:53 a.m.•2 views

CVE-2023-22127

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK. The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows low privileged attacker with network...

6.3CVSS5.6AI score0.00093EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 3:36 a.m.•5 views

CVE-2023-28458

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Organizers can trigger the overwriting with the standard pretalx 404 page content of an arbitrary file...

4.3CVSS6.8AI score0.76795EPSS

Exploits3References1

RedhatCVE•added 2025/05/23 3:36 a.m.•1 views

CVE-2023-28459

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Users were able to upload crafted HTML documents that trigger the reading of arbitrary files...

6.5CVSS6.8AI score0.6294EPSS

Exploits1References1

OSV•added 2024/01/16 10:15 p.m.•1 views

CVE-2024-20930

6.3CVSS6.9AI score0.00221EPSS

Exploits0References1

NVD•added 2024/01/16 10:15 p.m.•14 views

CVE-2024-20930

6.3CVSS5.8AI score0.00221EPSS

Exploits0References1

CVE•added 2024/01/16 9:41 p.m.•37 views

CVE-2024-20930

Oracle Outside In Technology in Oracle Fusion Middleware (Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK) is affected in version 8.5.6. The vulnerability is remotely exploitable over HTTP by a low-privileged attacker, enabling unauthorized update, insert/delete, and read ac...

6.3CVSS5.9AI score0.00221EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2024/01/16 12:0 a.m.•1 views

PT-2024-1221 · Oracle · Oracle Outside In Technology

Name of the Vulnerable Software and Affected Versions: Oracle Outside In Technology versions 8.5.6 Description: The issue exists due to insufficient input validation in the Content Access SDK, Image Export SDK, PDF Export SDK, and HTML Export SDK components of Oracle Outside In Technology. This...

6.5CVSS6.1AI score0.00221EPSS

Exploits0References8

OSV•added 2023/10/17 10:15 p.m.•1 views

CVE-2023-22127

6.3CVSS5.8AI score

Exploits0References1

CVE•added 2023/10/17 9:3 p.m.•46 views

CVE-2023-22127

CVE-2023-22127 affects Oracle Outside In Technology (Content Access SDK, Image Export SDK, PDF Export SDK, and HTML Export SDK) in Oracle Fusion Middleware, specifically version 8.5.6. The vulnerability allows a low-privileged, network-accessible attacker over HTTP to read data, perform unauthori...

6.3CVSS5.9AI score0.00093EPSS

Exploits0References1Affected Software1

Veracode•added 2023/04/27 2:30 p.m.•16 views

Path Traversal

pretalx is vulnerable to Path Traversal. The vulnerability exists in the HTML export feature in exportschedulehtml.py which allows an attacker to overwrite arbitrary files...

4.3CVSS5.1AI score0.76795EPSS

Exploits3References6Affected Software1

OSV•added 2023/04/20 9:33 p.m.•11 views

GHSA-WH3W-JCC7-MHMF pretalx vulnerable to path traversal in HTML export

pretalx before 2.3.2 allows path traversal in HTML export a non-default feature. Users were able to upload crafted HTML documents that trigger the reading of arbitrary files...

7.1CVSS6.4AI score0.6294EPSS

Exploits1References7

OSV•added 2023/04/20 9:33 p.m.•15 views

GHSA-23FX-92M6-4F2G pretalx allows path traversal in HTML export

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Organizers can trigger the overwriting with the standard pretalx 404 page content of an arbitrary file...

5.3CVSS4.5AI score0.76795EPSS

Exploits3References7

Github Security Blog•added 2023/04/20 9:33 p.m.•15 views

pretalx vulnerable to path traversal in HTML export

pretalx before 2.3.2 allows path traversal in HTML export a non-default feature. Users were able to upload crafted HTML documents that trigger the reading of arbitrary files...

6.5CVSS6.4AI score0.6294EPSS

Exploits1References7Affected Software1

Github Security Blog•added 2023/04/20 9:33 p.m.•21 views

pretalx allows path traversal in HTML export

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Organizers can trigger the overwriting with the standard pretalx 404 page content of an arbitrary file...

4.3CVSS6.2AI score0.76795EPSS

Exploits3References7Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by