CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

413 matches found

Vulnrichment•added 2025/11/29 12:0 a.m.•1 views

CVE-2025-65540

Multiple Cross-Site Scripting XSS vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields such as username and description are directly rendered into HTML without proper sanitization or encoding, allowing attackers to inject and execute malicious...

5.7AI score0.00033EPSS

Exploits1References1

RedhatCVE•added 2025/11/28 8:8 p.m.•2 views

CVE-2025-13742

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML i...

6.1CVSS6AI score0.00028EPSS

Exploits0References1

EUVD•added 2025/11/27 12:30 p.m.•3 views

EUVD-2025-199816

6.1CVSS5.5AI score0.00028EPSS

Exploits0References2

PyPA•added 2025/11/27 11:15 a.m.•6 views

PYSEC-2025-154

6.1CVSS5.8AI score0.00028EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2025/11/27 12:0 a.m.•2 views

PT-2025-48262

Name of the Vulnerable Software and Affected Versions pretix affected versions not specified Description The software allows the use of placeholders in email templates that are populated with customer data, such as the attendee's name. If a customer's name contains HTML or Markdown formatting, th...

6.1CVSS5.4AI score0.00028EPSS

Exploits0References7

Veracode•added 2025/11/26 7:59 a.m.•4 views

Cross-Site Scripting (XSS)

nicegui is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the framework not sanitizing HTML or JavaScript when rendering unescaped user input through ui.html, which allows an attacker to execute arbitrary JavaScript in a user’s browser...

6.1CVSS6.6AI score0.00025EPSS

Exploits0References4Affected Software1

RedhatCVE•added 2025/10/07 6:27 p.m.•2 views

CVE-2025-53354

NiceGUI is a Python-based UI framework. Versions 2.24.2 and below are at risk for Cross-Site Scripting XSS when developers render unescaped user input into the DOM using ui.html. NiceGUI did not enforce HTML or JavaScript sanitization, so applications that directly combine components like ui.inpu...

6.1CVSS6.1AI score0.00025EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-0528

Malware in sbrugna...

7.2CVSS5.6AI score0.01315EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-7229

Malware in sbrugna...

8.8CVSS6.2AI score0.00593EPSS

Exploits0References4