CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

625 matches found

Positive Technologies•added 2026/02/22 12:0 a.m.•6 views

PT-2026-21402

A security vulnerability has been detected in funadmin up to 7.1.0-rc4. This vulnerability affects unknown code of the file app/backend/view/index/index.html of the component Backend Interface. The manipulation of the argument Value leads to cross site scripting. The attack is possible to be...

4.8CVSS3.8AI score0.00202EPSS

Exploits1References6

Vulnrichment•added 2026/02/16 11:22 p.m.•2 views

CVE-2025-12062 WP Maps <= 4.8.6 - Authenticated (Subscriber+) Limited Local File Inclusion

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8.6 via the fcloadtemplate function. This makes it possible for authenticated attackers, with Subscriber-leve...

8.8CVSS6.5AI score0.00723EPSS

Exploits0References2

Veracode•added 2026/01/15 7:49 a.m.•9 views

Arbitrary File Upload

@n8n/n8n-nodes-langchain is vulnerable to Arbitrary File Upload. The vulnerability is due to improper validation and handling of uploaded files in the Chat Trigger component, which allows an attacker to upload a crafted HTML file and execute arbitrary code on the affected system...

8.8CVSS6.1AI score0.00557EPSS

Exploits1References8Affected Software3

OSV•added 2026/01/13 3:7 p.m.•7 views

GHSA-3FM2-XFQ7-7778 HAXcms Has Stored XSS Vulnerability that May Lead to Account Takeover

Summary Stored XSS Leading to Account Takeover Details The Exploit Chain: 1.Upload: The attacker uploads an .html file containing a JavaScript payload. 2.Execution: A logged-in administrator is tricked into visiting the URL of this uploaded file. 3.Token Refresh: The JavaScript payload makes a...

8CVSS6.2AI score0.01036EPSS

Exploits3References5

RedhatCVE•added 2026/01/09 9:49 a.m.•5 views

CVE-2020-24983

An issue was discovered in Quadbase EspressReports ES 7 Update 9. An unauthenticated attacker can create a malicious HTML file that houses a POST request made to the DashboardBuilder within the target web application. This request will utilise the target admin session and perform the authenticate...

8.8CVSS6.8AI score0.00639EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:34 a.m.•6 views

CVE-2024-41597

Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality...

4.2CVSS7.6AI score0.00241EPSS

Exploits1References1

EUVD•added 2025/12/16 5:3 p.m.•4 views

EUVD-2023-60189

WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture user keystrokes. Attackers can upload a crafted HTML file with CSS-based keylogging techniques to intercept password characters through background image requests...

7.1CVSS5.8AI score0.00226EPSS

Exploits1References4

Positive Technologies•added 2025/11/13 12:0 a.m.•10 views

PT-2025-46774

Name of the Vulnerable Software and Affected Versions PrivateBin versions 1.7.7 through 2.0.2 Description PrivateBin is an online pastebin system designed with zero knowledge of pasted data. Versions from 1.7.7 up to 2.0.2 are susceptible to a self-cross-site scripting issue. Dragging a file with...

3.9CVSS6AI score0.00107EPSS

Exploits1References11

Vulnrichment•added 2025/10/31 6:31 p.m.•3 views

CVE-2025-62618 ELOG file upload stored XSS

ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. Because ELOG includes usernames and password hashes in certain HTTP requests, an attacker can obtain the target's credentials and replay them or...

8.6CVSS6.5AI score0.00259EPSS

Exploits0References5

RedhatCVE•added 2025/10/17 6:44 p.m.•11 views

CVE-2025-62415

Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the...

6.9CVSS6.9AI score0.00255EPSS

Exploits1References1

OSV•added 2025/10/16 6:36 p.m.•5 views

CVE-2025-62415 bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (HTML)

6.9CVSS7AI score0.00255EPSS

Exploits1References3

Github Security Blog•added 2025/10/16 6:12 p.m.•7 views

bagisto has Cross Site Scripting (XSS) issue in TinyMCE Image Upload (HTML)

Summary In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the admin/user’s browser. Details The application...

6.9CVSS7AI score0.00255EPSS

Exploits1References4Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2005-2057

Malware in sbrugna...

5CVSS6.4AI score0.00905EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2006-4564

Malware in sbrugna...

6.8CVSS6.4AI score0.01299EPSS

Exploits1References6