CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

97 matches found

RedhatCVE•added 2026/06/06 12:43 p.m.•13 views

CVE-2026-11345

An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided...

6.9CVSS5.5AI score0.00414EPSS

Exploits0References1

Vulnrichment•added 2026/06/05 11:29 a.m.•8 views

CVE-2026-11345 Improper Authentication Bypass in linqi CDN File Access

6.9CVSS5.5AI score0.00414EPSS

Exploits0References1

ATTACKERKB•added 2026/05/08 3:14 a.m.•5 views

CVE-2026-41646

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to read local .js and .json files through the require function, bypassing the default local file acce...

5.5CVSS5.7AI score0.00114EPSS

Exploits0References4Affected Software1

CNNVD•added 2026/04/23 12:0 a.m.•8 views

hackage-server 跨站脚本漏洞

hackage-server is a Haskell open-source package repository server. hackage-server has a cross-site scripting vulnerability, which stems from the direct provision of HTML and JavaScript files. This vulnerability could allow malicious package maintainers to hijack user sessions...

9.9CVSS5.6AI score0.00309EPSS

Exploits0References1

Snyk•added 2026/04/22 7:58 p.m.•2 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the require process. An attacker can access sensitive local .js and .json files by supplying malicious JavaScript templates that exploit the module loader to bypass file access restrictions. This is only...

6.8CVSS5.8AI score0.00114EPSS

Exploits0References2

Packet Storm News•added 2026/01/29 12:0 a.m.•2 views

InvisibleJS Detection and Analysis Scanner

InvisibleJS is an obfuscation technique that hides JavaScript source code using zero‑width Unicode characters, making files appear empty while still executing at runtime via eval or dynamic import with data: URIs. Although visually deceptive, this method provides no real cryptographic protection...

5.9AI score

Exploits0

Packet Storm News•added 2026/01/23 12:0 a.m.•10 views

JS Secret Hunter 2

JS Secret Hunter is an advanced Python tool designed for security researchers to automate the detection of hardcoded secrets in client-side JavaScript. Unlike simple scanners, V2 includes a dynamic crawler that parses the HTML of the target website to extract all loaded JavaScript files...

5.5AI score

Exploits0

OSSF Malicious Packages•added 2025/11/11 3:48 a.m.•4 views

Malicious code in joko-rojak57-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc44b6dfd1d4e95f071bd56189d3ab13823b9d34f3d54a0e9393a6c595032699 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

Exploits0

The Hacker News•added 2025/10/14 11:0 a.m.•10 views

What AI Reveals About Web Applications— and Why It Matters

Before an attacker ever sends a payload, they've already done the work of understanding how your environment is built. They look at your login flows, your JavaScript files, your error messages, your API documentation, your GitHub repos. These are all clues that help them understand how your syste...

7.2AI score

Exploits0

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-2210

Malware in sbrugna...

6.1CVSS6.1AI score0.01481EPSS

Exploits1References7

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2020-6225

Malware in sbrugna...

8.8CVSS8.6AI score0.01774EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2017-6244

Malware in sbrugna...

7.8CVSS7.6AI score0.01986EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2025-5488

Malicious code in bioql PyPI...

8.1CVSS6.5AI score0.00388EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•6 views

EUVD-2023-36976

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.02937EPSS

Exploits4References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-31658

Malicious code in bioql PyPI...

6.9CVSS6.4AI score0.00454EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-5295

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.0496EPSS

Exploits5References11

RedhatCVE•added 2025/05/23 9:42 a.m.•8 views

CVE-2024-23659

SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js...

6.1CVSS5.9AI score0.00441EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 3:48 p.m.•9 views

CVE-2020-14066

IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access...

8.8CVSS7.1AI score0.01774EPSS

Exploits0

RedhatCVE•added 2025/05/22 5:23 a.m.•2 views

CVE-2017-1000192

Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information...

9.8CVSS7AI score0.00886EPSS

Exploits0References1

Positive Technologies•added 2025/05/01 12:0 a.m.•3 views

PT-2025-18373 · Ladybird · Ladybird

Name of the Vulnerable Software and Affected Versions: Ladybird versions prior to f5a6704 Description: The issue is related to a use-after-free vulnerability in LibJS, which is part of the Ladybird browser engine. This vulnerability allows remote attackers to execute arbitrary code via a crafted...

9CVSS7.8AI score0.00588EPSS

Exploits0References20

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by