CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5930 matches found

Rockylinux•added 2025/07/29 1:38 p.m.•2 views

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. Security...

9.8CVSS7.9AI score0.00994EPSS

Exploits1

NVD•added 2025/07/29 1:15 p.m.•2 views

CVE-2025-40686

Reflected Cross-Site Scripting XSS in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'employeeid' parameter in/detailview.php...

6.1CVSS0.00129EPSS

Exploits0References1

NVD•added 2025/07/29 1:15 p.m.•4 views

CVE-2025-40683

6.1CVSS0.00129EPSS

Exploits0References1

Vulnrichment•added 2025/07/29 12:12 p.m.•1 views

CVE-2025-40686 Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System

4.8CVSS5.8AI score0.00129EPSS

Exploits0References1

Cvelist•added 2025/07/29 12:12 p.m.•6 views

CVE-2025-40686 Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System

4.8CVSS0.00129EPSS

Exploits0References1

CVE•added 2025/07/29 12:12 p.m.•19 views

CVE-2025-40686

CVE-2025-40686 affects Human Resource Management System v1.0. A reflected Cross-Site Scripting vulnerability exists in the /detailview.php page via the employeeid parameter, allowing injected JavaScript to run in a victim’s browser. Exploitation details are not provided in the CVE entry; related ...

6.1CVSS5.8AI score0.00129EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/07/29 12:12 p.m.•2 views

CVE-2025-40684 Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System

4.8CVSS5.8AI score0.00129EPSS

Exploits0References1

Cvelist•added 2025/07/29 12:12 p.m.•9 views

CVE-2025-40684 Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System

4.8CVSS0.00129EPSS

Exploits0References1

CVE•added 2025/07/29 12:12 p.m.•16 views

CVE-2025-40684

The CVE-2025-40684 entry describes a Reflected XSS vulnerability in the Human Resource Management System (HRMS) version 1.0. The flaw allows an attacker to execute arbitrary JavaScript in a victim’s browser by supplying a crafted URL that targets the searccountry parameter in the /country.php end...

6.1CVSS5.8AI score0.00129EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/07/29 12:12 p.m.•1 views

CVE-2025-40683 Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System

4.8CVSS5.8AI score0.00129EPSS

Exploits0References1

Cvelist•added 2025/07/29 12:12 p.m.•9 views

CVE-2025-40683 Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System

4.8CVSS0.00129EPSS

Exploits0References1

Positive Technologies•added 2025/07/29 12:0 a.m.•3 views

PT-2025-31192 · Unknown · Human Resource Management System Version 1.0

Name of the Vulnerable Software and Affected Versions: Human Resource Management System version 1.0 Description: This issue allows an attacker to execute JavaScript code in a victim’s browser by sending a malicious URL. The vulnerability is due to a reflected Cross-Site Scripting XSS flaw in the...

6.1CVSS6.5AI score0.00129EPSS

Exploits0References6

CVE•added 2025/07/28 7:53 p.m.•23 views

CVE-2025-54423

CVE-2025-54423 affects the Copyparty portable file server. Versions up to and including 1.18.4 allow an unauthenticated attacker to execute arbitrary JavaScript in a victim’s browser due to improper sanitization of multimedia tags in music files (including m3u). This is a DOM-based XSS vulnerabil...

6.1CVSS7.1AI score0.00203EPSS

Exploits1References3Affected Software1

OSV•added 2025/07/28 4:41 p.m.•4 views

GHSA-9Q4R-X2HJ-JMVR copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata

Summary An unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including m3u files. Details Multimedia metadata is rendered in the web-app without sanitization. This can be exploited in two way...

5.4CVSS7.1AI score0.00203EPSS

Exploits1References5

CVE•added 2025/07/28 1:36 p.m.•12 views

CVE-2025-32731

Talos-disclosed CVE-2025-32731 is a pre-auth reflected XSS in MedDream PACS Premium 7.3.5.860, specifically in the radiationDoseReport.php script. The vulnerability stems from the path parameter being written into HTML output without sanitization, enabling a crafted URL to execute arbitrary JavaS...

6.1CVSS6.2AI score0.00318EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2025/07/28 1:36 p.m.•3 views

CVE-2025-32731

A reflected cross-site scripting xss vulnerability exists in the radiationDoseReport.php functionality of meddream MedDream PACS Premium 7.3.5.860. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabilit...

6.1CVSS6.2AI score0.00318EPSS

Exploits1References1

Cvelist•added 2025/07/28 1:36 p.m.•6 views

CVE-2025-32731

6.1CVSS0.00318EPSS

Exploits1References1

NVD•added 2025/07/28 11:15 a.m.•5 views

CVE-2025-40730

HTML injection in Vox Media's Chorus CMS. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the 'q' parameter in '/search'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to...

4.8CVSS0.0027EPSS

Exploits0References1

Vulnrichment•added 2025/07/28 10:28 a.m.•3 views

CVE-2025-40730 HTML injection in Vox Media's Chorus CMS

4.8CVSS6.7AI score0.0027EPSS

Exploits0References1

Cvelist•added 2025/07/28 10:28 a.m.•8 views

CVE-2025-40730 HTML injection in Vox Media's Chorus CMS

4.8CVSS0.0027EPSS

Exploits0References1

Rows per page