CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

359 matches found

Positive Technologies•added 2026/05/19 12:0 a.m.•4 views

PT-2026-42022

Name of the Vulnerable Software and Affected Versions Template::Plugin::HTML versions prior to 3.103 Description Template::Plugin::HTML for Perl allows the injection of HTML and JavaScript. The html filter function fails to escape single quotes, which enables code injection within HTML attributes...

6.1CVSS6.1AI score0.0001EPSS

Exploits0References16

RedhatCVE•added 2026/01/09 12:30 p.m.•2 views

CVE-2023-40819

ID4Portais in version V.2022.837.002a returns message parameter unsanitized in the response, resulting in a HTML Injection vulnerability...

6.1CVSS7.1AI score0.00257EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:54 a.m.•4 views

CVE-2020-23050

TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection vulnerability in the userFirstName parameter of the user account input field. This vulnerability allows attackers to execute phishing attacks, external redirects, and arbitrary code...

8CVSS7.8AI score0.00396EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:32 a.m.•5 views

CVE-2019-16268

Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen...

4.8CVSS7.2AI score0.12442EPSS

Exploits1References1

CNNVD•added 2025/12/11 12:0 a.m.•1 views

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE）安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition EE and GitLab Community...

7.7CVSS7.6AI score0.00009EPSS

Exploits0References4

RedhatCVE•added 2025/11/12 1:6 p.m.•2 views

CVE-2025-41105

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/tickets/save'...

5.4CVSS7.3AI score0.00023EPSS

Exploits0References1