CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching...

5.8CVSS7.8AI score0.00617EPSS

Exploits0References2

Tenable Nessus•added 2025/09/03 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2010-3813

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6...

5.8CVSS5.7AI score0.00807EPSS

Exploits0References2

RedhatCVE•added 2025/05/21 8:28 p.m.•6 views

CVE-2002-1960

Cross-site scripting XSS vulnerability in Cybozu Share360 1.1 allows remote attackers to inject arbitrary web script or HTML via an HTML link...

4.3CVSS5.9AI score0.00409EPSS

Exploits0References1

OSV•added 2025/02/03 3:39 p.m.•7 views

GHSA-R57H-547H-W24F PhpSpreadsheet allows bypassing of XSS sanitizer using the javascript protocol and special characters

Product: PhpSpreadsheet Version: 3.8.0 CWE-ID: CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CVSS vector v.3.1: 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS vector v.4.0: 4.8 AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N Description: an attack...

5.4CVSS5.7AI score0.00113EPSS

Exploits0References4

Github Security Blog•added 2025/01/03 5:29 p.m.•16 views

PhpSpreadsheet allows bypass XSS sanitizer using the javascript protocol and special characters

Bypass XSS sanitizer using the javascript protocol and special characters Product: Phpspreadsheet Version: version 3.6.0 CWE-ID: CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CVSS vector v.3.1: 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS vector v.4.0:...

5.4CVSS6.3AI score0.0031EPSS

Exploits1References4Affected Software2

OSV•added 2025/01/03 5:29 p.m.•11 views

GHSA-Q9JV-MM3R-J47R PhpSpreadsheet allows bypass XSS sanitizer using the javascript protocol and special characters

5.4CVSS5.9AI score0.0031EPSS

Exploits1References4

SUSE CVE•added 2023/02/15 5:56 a.m.•2 views

SUSE CVE-2010-3813

The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS...

5.8CVSS6.6AI score0.00807EPSS

Exploits0References4

ATTACKERKB•added 2021/01/15 12:0 a.m.•234 views

Windows 10 NTFS $i30 File Corruption

Windows 10 v1803 and later are vulnerable to NTFS file corruption when accessing a specially designed path containing the $i30 string, more specifically known as the Windows NTFS Index Attribute string as described at . Attackers can remotely exploit this vulnerability to make Windows think a dri...

6.6AI score

Exploits0References2

Hacker One•added 2019/03/05 12:33 a.m.•36 views

OLX: XSS inside HTML Link Tag

Hello, i discovered XSS in sharjah.dubizzle.com. XSS is reflected inside HTML Link tag so it need some condition to trigger the payload. Step to Reproduce - Visit https://sharjah.dubizzle.com/property-for-sale/land" accesskey="X" onclick=alert1337...

0.1AI score

Exploits0

NVD•added 2017/04/25 4:59 p.m.•12 views

CVE-2016-8030

A memory corruption vulnerability in Scriptscan COM Object in McAfee VirusScan Enterprise 8.8 Patch 8 and earlier allows remote attackers to create a Denial of Service on the active Internet Explorer tab via a crafted HTML link...

4.3CVSS4.7AI score0.0036EPSS

Exploits0References2

Prion•added 2017/04/25 4:59 p.m.•13 views

Memory corruption

4.3CVSS7.1AI score0.0036EPSS

Exploits0References2Affected Software1

seebug.org•added 2014/07/01 12:0 a.m.•10 views

Microsoft Office XP 2000/2002 HTML Link Processing Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12480/info A remote buffer overflow vulnerability affects Microsoft Office XP. The problem presents itself when an unsuspecting user follows a malicious HTML link that points to a Office document. A boundary condition err...

7.1AI score

Exploits0

Check Point Advisories•added 2014/03/31 12:0 a.m.•2 views

Microsoft Windows Mail HTML Link Program Execution - Ver2 (CVE-2007-1658)

A command and program execution vulnerability has been reported in Microsoft Windows Vista. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands and programs on the affected system...

7.1AI score0.76646EPSS

Exploits1

NVD•added 2007/04/02 10:19 p.m.•14 views

CVE-2007-1795

JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary PHP code via the email address field in an HTML link. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

10CVSS7.2AI score0.0362EPSS

Exploits0References3