CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5124 matches found

Positive Technologies•added 2025/12/16 12:0 a.m.•4 views

PT-2025-51766

Name of the Vulnerable Software and Affected Versions Ctera Portal versions 8.1.x 8.1.1417.24 Description A Server-Side Request Forgery SSRF issue exists in Ctera Portal. This allows remote attackers to make arbitrary HTTP requests by providing a crafted HTML file containing an iframe. The...

7.5CVSS6.7AI score0.003EPSS

Exploits0References6

Vulnrichment•added 2025/12/16 12:0 a.m.•4 views

CVE-2025-52196

Server-Side Request Forgery SSRF vulnerability in Ctera Portal 8.1.x 8.1.1417.24 allows remote attackers to induce the server to make arbitrary HTTP requests via a crafted HTML file containing an iframe...

6.5AI score0.003EPSS

Exploits0References2

CNNVD•added 2025/12/16 12:0 a.m.•3 views

Rukovoditel 安全漏洞

Rukovoditel is a web-based open source project management software from the Rukovoditel team. The software features project management, customer relationship management, and more. A security vulnerability exists in Rukovoditel version 3.4.1, which stems from a stored cross-site scripting...

5.4CVSS5.8AI score0.00205EPSS

Exploits1References3

CVE•added 2025/12/16 12:0 a.m.•12 views

CVE-2025-52196

CVE-2025-52196 affects Ctera Portal 8.1.x (8.1.1417.24). It is a Server-Side Request Forgery (SSRF) where a crafted HTML file containing an iframe can cause the server to perform arbitrary HTTP requests. Root cause: improper handling of HTML iframe content in uploads. Impact per disclosures: pote...

7.5CVSS6.5AI score0.003EPSS

Exploits0References2Affected Software1

NVD•added 2025/12/15 7:15 a.m.•2 views

CVE-2025-14021

The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content...

4.3CVSS0.00177EPSS

Exploits0References1

OSV•added 2025/12/15 7:15 a.m.•3 views

CVE-2025-14021

4.3CVSS5.9AI score0.00177EPSS

Exploits0References1

EUVD•added 2025/12/15 6:41 a.m.•3 views

EUVD-2025-203345

4.3CVSS6.4AI score0.00177EPSS

Exploits0References2

Cvelist•added 2025/12/15 6:41 a.m.•24 views

CVE-2025-14021

4.3CVSS0.00177EPSS

Exploits0References1

Vulnrichment•added 2025/12/15 6:41 a.m.•2 views

CVE-2025-14021

4.3CVSS6.5AI score0.00177EPSS

Exploits0References1

Veracode•added 2025/12/13 4:26 a.m.•4 views

Cross-site Scripting (XSS)

com.liferay.portal, release.portal.bom is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the absence of the sandbox attribute in elements within the Blogs widget, which allows attackers to inject malicious scripts via crafted content and gain access to the parent page through...

5.4CVSS5.2AI score0.00201EPSS

Exploits0References3Affected Software2

RedhatCVE•added 2025/12/10 6:13 p.m.•7 views

CVE-2025-34407

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the theme parameter of /Mondo/lang/sys/Forms/Statistics.aspx. The theme value is insufficiently sanitized when processed via a GET request and is reflected in the response, allowing an attacker to bre...

6.1CVSS5.8AI score0.00402EPSS

Exploits0References1

Malwarebytes•added 2025/12/10 12:41 p.m.•4 views

GhostFrame phishing kit fuels widespread attacks against millions

GhostFrame is a new phishing-as-a-service PhaaS kit, tracked since September 2025, that has already powered more than a million phishing attacks. Threat analysts spotted a series of phishing attacks featuring tools and techniques they hadn't seen before. A few months later, they had linked over a...

6.5AI score

Exploits0

EUVD•added 2025/12/09 6:30 p.m.•3 views

EUVD-2025-202197

6.1CVSS5.3AI score0.00402EPSS

Exploits0References4

NVD•added 2025/12/09 6:15 p.m.•5 views

CVE-2025-34407

6.1CVSS0.00402EPSS

Exploits0References3

Cvelist•added 2025/12/09 6:7 p.m.•17 views

CVE-2025-34407 MailEnable < 10.54 Reflected XSS in theme Parameter of Statistics.aspx

5.3CVSS0.00402EPSS

Exploits0References3

Vulnrichment•added 2025/12/09 6:7 p.m.•4 views

CVE-2025-34407 MailEnable < 10.54 Reflected XSS in theme Parameter of Statistics.aspx

5.3CVSS5.4AI score0.00402EPSS

Exploits0References3

Positive Technologies•added 2025/12/09 12:0 a.m.•5 views

PT-2025-50145

Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS issue in the theme parameter of the ''/Mondo/lang/sys/Forms/Statistics.aspx'' endpoint. The theme value is not...

6.1CVSS5.6AI score0.00402EPSS

Exploits0References5

The Hacker News•added 2025/12/08 5:37 p.m.•10 views

Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT

Cybersecurity researchers are calling attention to a new campaign dubbed JSSMUGGLER that has been observed leveraging compromised websites as a distribution vector for a remote access trojan named NetSupport RAT. The attack chain, analyzed by Securonix, involves three main moving parts: An...

6.8AI score

Exploits0

EUVD•added 2025/11/27 6:30 p.m.•5 views

EUVD-2025-199832

ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting XSS vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if t...

6.2CVSS5.3AI score0.00033EPSS

Exploits0References3

OSV•added 2025/11/27 6:30 p.m.•3 views

GHSA-5P82-2Q3R-WJ3M ThingsBoard allows an authenticated user to upload malicious SVG images

6.2CVSS5.7AI score0.00033EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by