CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4727 matches found

EUVD•added 2025/11/12 4:29 a.m.•1 views

EUVD-2025-112237

Malicious code in javascript-await-upgrade-venus npm...

6.6AI score

Exploits0

HackRead•added 2025/11/07 12:44 p.m.•6 views

Fake 0-Day Exploit Emails Trick Crypto Users Into Running Malicious Code

Bolster AI reveals a new scam using a simple JS code via Emkei's Mailer to fake 37% profits and steal crypto. Act fast to secure your wallet...

7.3AI score

Exploits0

Veracode•added 2025/11/05 7:47 a.m.•4 views

Cross-Site Scripting (XSS)

dotnetnuke.core is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the Biography field, which allows an attacker to inject and execute malicious JavaScript code in the context of the website, affecting other users including administrators and...

6.3CVSS6.3AI score0.00027EPSS

Exploits0References3Affected Software1

GithubExploit•added 2025/11/03 12:1 a.m.•127 views

xss_test

It is an offensive tool for web application testing. The tool ta...

6.3AI score

Exploits0

CNNVD•added 2025/10/28 12:0 a.m.•4 views

IPFire 安全漏洞

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that can be exploited by attackers to inject arbitrary JavaScript code...

5.4CVSS6.2AI score0.00024EPSS

Exploits0References4

Cvelist•added 2025/10/27 12:53 p.m.•5 views

CVE-2025-41384 Reflected Cross-Site Scripting (XSS) in SuiteCRM

Cross-Site Scripting XSS vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary doma...

5.1CVSS0.00025EPSS

Exploits0References1

RedhatCVE•added 2025/10/17 6:44 p.m.•4 views

CVE-2025-62418

Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted SVG file containing embedded JavaScript. When viewed, the malicious code executes in the context of the...

6.9CVSS7AI score0.00036EPSS

Exploits1References1

CVE•added 2025/10/13 9:17 a.m.•5 views

CVE-2025-11183

CVE-2025-11183. QGIS QWC2’s attribute table is vulnerable to Cross-Site Scripting (XSS) due to improper handling of user input, allowing an authorized attacker to inject and execute arbitrary JavaScript in the user’s browser. Affected version: QWC2

6.9CVSS6.1AI score0.00015EPSS

Exploits0References1

Positive Technologies•added 2025/10/10 12:0 a.m.•2 views

PT-2025-41590

Name of the Vulnerable Software and Affected Versions Bagisto version 2.3.6 Description An authenticated stored Cross-Site Scripting XSS issue exists in the admin panel's product creation functionality. An attacker can upload a crafted SVG file containing malicious JavaScript code. This allows...

8.3CVSS5.9AI score0.00014EPSS

Exploits1References13

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-11978

Malware in sbrugna...

5.4CVSS5.5AI score0.00237EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-25364

Malware in sbrugna...

7.2CVSS6.5AI score0.00072EPSS

Exploits0References3