CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Name of the Vulnerable Software and Affected Versions Mesh Connect JS SDK versions prior to 3.3.2 Description Mesh Connect JS SDK contains JS libraries for integrating with Mesh Connect. A lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrar...

8.2CVSS6.9AI score0.00054EPSS

Exploits0References10

Packet Storm•added 2025/09/16 12:0 a.m.•145 views

📄 Node.JS 4.1.1 Directory Listing

Node.JS versions 4.1.1 and below suffer from a Range header issue that results in a directory listing. !/bin/bash Exploit Title: Node.JS -u \n" exit else echo -e "\n+ TARGET: $TARGET$URI\n" curl -s -H "Range: 99999" $TARGET$URI | html2text | sed '1d;$d' fi...

7AI score

Exploits0

Github Security Blog•added 2025/09/15 7:59 p.m.•15 views

Flowise has Remote Code Execution vulnerability

Description Cause of the Vulnerability The CustomMCP node allows users to input configuration settings for connecting to an external MCP Model Context Protocol server. This node parses the user-provided mcpServerConfig string to build the MCP server configuration. However, during this process, it...

10CVSS8AI score0.86202EPSS

Exploits20References10Affected Software1

Positive Technologies•added 2025/09/05 12:0 a.m.•3 views

PT-2025-36170

Name of the Vulnerable Software and Affected Versions: Parallax Scrolling Enllax.js versions through 0.0.6 Description: A Cross-Site Request Forgery CSRF issue exists in Parallax Scrolling Enllax.js, potentially allowing attackers to perform actions on behalf of authenticated users...

4.3CVSS6.2AI score0.00053EPSS

Exploits0References3

NVD•added 2025/08/19 9:15 p.m.•3 views

CVE-2025-55033

Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks. This vulnerability was fixed in Focus for iOS 142...

6.1CVSS0.00046EPSS

Exploits0References2

Tenable Nessus•added 2025/08/18 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2020-7676

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping elements in...

5.4CVSS5.4AI score0.00563EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by