CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5930 matches found

RedhatCVE•added 2025/07/12 12:28 a.m.•12 views

CVE-2025-45662

A cross-site scripting XSS vulnerability in the component /master/login.php of mpgram-web commit 94baadb allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload...

6.1CVSS5.7AI score0.00223EPSS

Exploits0References1

RedhatCVE•added 2025/07/11 12:25 a.m.•13 views

CVE-2025-52357

Cross-Site Scripting XSS vulnerability exists in the ping diagnostic feature of FiberHome FD602GW-DX-R410 router firmware V2.2.14, allowing an authenticated attacker to execute arbitrary JavaScript code in the context of the router s web interface. The vulnerability is triggered via user-supplied...

4.1CVSS6.2AI score0.00155EPSS

Exploits2References1

Github Security Blog•added 2025/07/10 5:43 p.m.•3 views

@pdfme/common vulnerable to to XSS and Prototype Pollution through its expression evaluation

Summary The expression evaluation feature in pdfme 5.2.0 to 5.4.0 contains critical vulnerabilities allowing sandbox escape leading to XSS and prototype pollution attacks. Details 1. Sandbox Escape Leading to XSS The expression evaluator's sandbox can be bypassed to execute arbitrary JavaScript...

6.1CVSS6.9AI score0.00075EPSS

Exploits0References6Affected Software1

OSV•added 2025/07/10 5:43 p.m.•1 views

GHSA-54XV-94QV-2GFG @pdfme/common vulnerable to to XSS and Prototype Pollution through its expression evaluation

6.1CVSS6.5AI score0.00075EPSS

Exploits0References6

RedhatCVE•added 2025/07/10 12:23 p.m.•9 views

CVE-2025-40720

Reflected Cross-site Scripting XSS vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the campo parameter in /FacturaE/VerFacturaPDF...

5.1CVSS5.7AI score0.00167EPSS

Exploits0References1

RedhatCVE•added 2025/07/10 12:23 p.m.•10 views

CVE-2025-40719

5.1CVSS5.7AI score0.00167EPSS

Exploits0References1

RedhatCVE•added 2025/07/10 12:23 p.m.•11 views

CVE-2025-40721

5.1CVSS5.7AI score0.00129EPSS

Exploits0References1

Vulnrichment•added 2025/07/10 12:0 a.m.•2 views

CVE-2025-45662

6.1AI score0.00223EPSS

Exploits0References3

Cvelist•added 2025/07/10 12:0 a.m.•8 views

CVE-2025-45662

0.00223EPSS

Exploits0References3

Positive Technologies•added 2025/07/10 12:0 a.m.•3 views

PT-2025-29149 · Unknown · Mpgram-Web

Name of the Vulnerable Software and Affected Versions: mpgram-web commit 94baadb Description: A cross-site scripting XSS issue exists in the /master/login.php component. This allows attackers to execute arbitrary Javascript in the context of a user's browser using a crafted payload...

6.1CVSS5.8AI score0.00223EPSS

Exploits0References6

CVE•added 2025/07/10 12:0 a.m.•21 views

CVE-2025-45662

CVE-2025-45662 affects mpgram-web (commit 94baadb) with a vulnerability in /master/login.php enabling cross-site scripting (XSS). An attacker can inject arbitrary Javascript in the victim’s browser. Documented impact: JavaScript execution in user context; CVSSv3.1 base score 6.1 (Medium) with net...

6.1CVSS5.8AI score0.00223EPSS

Exploits0References3Affected Software1

CNNVD•added 2025/07/10 12:0 a.m.•1 views

MPGram Web 跨站脚本漏洞

MPGram Web is a lightweight telegram based web client from the individual developer Arman Jussupgaliyev. MPGram Web suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting attack in which an attacker can execute arbitrary Javascript in the contex...

6.1CVSS6.4AI score0.00223EPSS

Exploits0References4

RedhatCVE•added 2025/07/09 3:14 p.m.•3 views

CVE-2025-53486

The WikiCategoryTagCloud extension is vulnerable to reflected XSS via the linkstyle attribute, which is improperly concatenated into inline HTML without escaping. An attacker can inject JavaScript event handlers such as onmouseenter using carefully crafted input via the tag:tagcloud parser...

5.4CVSS6AI score0.0021EPSS

Exploits0References1

Vulnrichment•added 2025/07/09 12:0 a.m.•3 views

CVE-2025-52357

6.1AI score0.00155EPSS

Exploits2References2

Vulnrichment•added 2025/07/08 9:40 p.m.•3 views

CVE-2025-49547 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions FP11.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.8AI score0.00172EPSS

Exploits0References1

NVD•added 2025/07/08 12:15 p.m.•4 views

CVE-2025-40719

6.1CVSS0.00167EPSS

Exploits0References1

OSV•added 2025/07/08 12:15 p.m.•4 views

CVE-2025-40720

6.1CVSS6AI score

Exploits0References1

Vulnrichment•added 2025/07/08 11:43 a.m.•2 views

CVE-2025-40721 Reflected Cross-site Scripting (XSS) vulnerability in Quiter Gateway

5.1CVSS6.2AI score0.00129EPSS

Exploits0References1

CVE•added 2025/07/08 11:43 a.m.•20 views

CVE-2025-40721

Summary of the CVE-2025-40721 details: Quiter Gateway (versions prior to 4.7.0) is affected by a reflected XSS vulnerability. The issue arises from user-supplied input in the id_factura parameter passed to the endpoint /FacturaE/listado_facturas_ficha.jsp, allowing an attacker to inject and execu...

5.4CVSS5.7AI score0.00129EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/07/08 11:43 a.m.•6 views

CVE-2025-40721 Reflected Cross-site Scripting (XSS) vulnerability in Quiter Gateway

5.1CVSS0.00129EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by