CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux - уязвимость в zabbix

The HttpRequest object allows you to retrieve the HTTP headers from the server’s response after sending a request. The issue is that the returned strings are created directly from the data sent by the server and are not properly encoded for JavaScript. This enables the creation of internal string...

9.1CVSS5.8AI score0.0023EPSS

Exploits0References2

EUVD•added 2026/04/17 3:31 p.m.•1 views

EUVD-2026-22836

Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross-site Scripting XSS due to improper ordering of URL validation and normalization. The renderer validates link destinations using a prefix-based check IsDangerousURL before resolving HTML entities...

6.1CVSS6.1AI score0.0005EPSS

Exploits0References3

CNNVD•added 2026/02/28 12:0 a.m.•4 views

WordPress plugin wpForo Forum 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The wpFo...

5.5CVSS5.6AI score0.00043EPSS

Exploits0References3

Tenable Nessus•added 2025/03/05 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2024-42330

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created...

9.1CVSS8.2AI score0.0023EPSS

Exploits0References3

SUSE CVE•added 2024/11/28 3:56 a.m.•4 views

SUSE CVE-2024-42330

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that...

9.1CVSS6.9AI score0.0023EPSS

Exploits0References3

NVD•added 2024/11/27 12:15 p.m.•20 views

CVE-2024-42330

9.1CVSS0.0023EPSS

Exploits0References2

OSV•added 2024/11/27 12:15 p.m.•1 views

DEBIAN-CVE-2024-42330

9.1CVSS8.3AI score0.0023EPSS

Exploits0References1

AlpineLinux•added 2024/11/27 12:15 p.m.•13 views

CVE-2024-42330

9.1CVSS7.2AI score0.0023EPSS

Exploits0References2

OSV•added 2024/11/27 12:15 p.m.•1 views

UBUNTU-CVE-2024-42330

9.1CVSS5.8AI score0.0023EPSS

Exploits0References3

Vulnrichment•added 2024/11/27 12:5 p.m.•19 views

CVE-2024-42330 JS - Internal strings in HTTP headers

9.1CVSS7.1AI score0.0023EPSS

Exploits0References1

SUSE CVE•added 2023/02/15 5:54 a.m.•1 views

SUSE CVE-2011-0446

Multiple cross-site scripting XSS vulnerabilities in the mailto helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted 1 name or 2 email value...

4.3CVSS6.8AI score0.0067EPSS

Exploits1References4

ThreatPost•added 2021/01/21 2:0 p.m.•36 views

Google Searches Expose Stolen Corporate Credentials

Attackers behind a recently discovered phishing campaign have unintentionally left more than 1,000 stolen credentials available online via simple Google searches, researchers have found. The campaign, which began in August 2020, used e-mails that spoof notifications from Xerox scans to lure victi...

0.2AI score

Exploits0References8