CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

221 matches found

RedhatCVE•added 2025/12/02 12:19 a.m.•3 views

CVE-2025-63534

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg and...

8.5CVSS5.8AI score0.00025EPSS

Exploits0References1

Positive Technologies•added 2025/12/01 12:0 a.m.•3 views

PT-2025-48456

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System within the abs.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg parameter,...

8.5CVSS5.8AI score0.00027EPSS

Exploits1References4

RedhatCVE•added 2025/11/27 12:58 a.m.•4 views

CVE-2025-66258

Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into patchlist.xml. User-controlled filenames a...

7.1CVSS5.8AI score0.00023EPSS

Exploits1References1

Veracode•added 2025/10/31 8:12 a.m.•3 views

Cross-site Scripting

Liferay Portal is vulnerable to Cross-Site Scripting. The vulnerability is due to the Calendar events feature failing to escape or validate HTML in the First Name, Middle Name, and Last Name text fields, and attackers can exploit this by submitting crafted payloads into those fields to execute...

5.4CVSS7AI score0.00031EPSS

Exploits0References4Affected Software1

RedhatCVE•added 2025/10/15 4:43 p.m.•1 views

CVE-2025-42901

SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user's browser when accessing the affected functionality of BAPI explorer. This has low impact on confidentiality and integrity with no impact on availability ...

5.4CVSS6.6AI score0.00032EPSS

Exploits0References1

Vulnrichment•added 2025/10/14 12:17 a.m.•1 views

CVE-2025-42901 Code Injection vulnerability in SAP Application Server for ABAP (BAPI Browser)

5.4CVSS6.2AI score0.00032EPSS

Exploits0References2

GithubExploit•added 2025/10/12 7:35 a.m.•120 views

XSS-Payloads-to-Bypass-WAFs

PoC exploit for XSS payloads to bypass WAFs, specifically target...

6.5AI score

Exploits0

OSV•added 2025/10/09 3:19 p.m.•1 views

GHSA-CJJF-27CC-PVMV pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters

Summary pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load CNL Blueprint. This flaw allowed untrusted user input to be processed unsafely, which could be exploited by an attacker to inject arbitrary content into the web UI or...

8.1CVSS6.3AI score0.00067EPSS

Exploits0References5