CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5082 matches found

Vulnrichment•added 2025/03/17 12:0 a.m.•4 views

CVE-2025-25612

FS Inc S3150-8T2F prior to version S3150-8T2F2.2.0D135103 is vulnerable to Cross Site Scripting XSS in the Time Range Configuration functionality of the administration interface. An attacker can inject malicious JavaScript into the "Time Range Name" field, which is improperly sanitized. When this...

6.7AI score0.00872EPSS

Exploits0References2

Cvelist•added 2025/03/17 12:0 a.m.•10 views

CVE-2025-25612

0.00872EPSS

Exploits0References2

NVD•added 2025/03/14 5:15 p.m.•6 views

CVE-2025-1888

The Leica Web Viewer within the Aperio Eslide Manager Application is vulnerable to reflected cross-site scripting XSS. An authenticated user can access the slides within a project and injecting malicious JavaScript into the "memo" field. The memo field has a hover over action that will display a...

4.6CVSS0.0021EPSS

Exploits0References1

CVE•added 2025/03/14 4:11 p.m.•46 views

CVE-2025-1888

CVE-2025-1888 affects the Leica Web Viewer component of the Aperio Eslide Manager Application. A reflected XSS vulnerability exists in the memo field used to annotate slides; an authenticated user can trigger execution by injecting malicious JavaScript via the memo hover/tooltip interface, which ...

4.6CVSS6.1AI score0.0021EPSS

Exploits0References1

Cvelist•added 2025/03/14 4:11 p.m.•12 views

CVE-2025-1888 Reflected Cross Site Scripting in Aperio Eslide Manager

4.6CVSS0.0021EPSS

Exploits0References1

Vulnrichment•added 2025/03/14 4:11 p.m.•4 views

CVE-2025-1888 Reflected Cross Site Scripting in Aperio Eslide Manager

4.6CVSS4.5AI score0.0021EPSS

Exploits0References1

RedhatCVE•added 2025/03/13 6:7 p.m.•5 views

CVE-2025-0062

SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitation, an attacker could cause limited impac...

4.7CVSS4.9AI score0.00254EPSS

Exploits0References1

Vulnrichment•added 2025/03/13 12:0 a.m.•6 views

CVE-2025-25625

A stored cross-site scripting vulnerability exists in FS model S3150-8T2F switches running firmware s3150-8t2f-switch-fsos-220d118101 and web firmware v2.2.2, which allows an authenticated web interface user to bypass input filtering on user names, and stores un-sanitized HTML and Javascript on t...

5.7AI score0.00217EPSS

Exploits0References1

OSV•added 2025/03/12 3:15 p.m.•2 views

CVE-2025-27914

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0 and 10.1. A Reflected Cross-Site Scripting XSS vulnerability exists in the /h/rest endpoint, allowing authenticated attackers to inject and execute arbitrary JavaScript in a victim's session. Exploitation requires a valid auth token...

5.4CVSS6AI score

Exploits0References2

NVD•added 2025/03/12 3:15 p.m.•6 views

CVE-2025-27914

5.4CVSS0.00244EPSS

Exploits0References2

Vulnrichment•added 2025/03/12 12:0 a.m.•7 views

CVE-2025-27914

5.2AI score0.00244EPSS

Exploits0References2

NVD•added 2025/03/11 1:15 a.m.•5 views

CVE-2025-0062

4.7CVSS0.00254EPSS

Exploits0References2

Vulnrichment•added 2025/03/11 12:31 a.m.•4 views

CVE-2025-0062 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)

4.7CVSS7.1AI score0.00254EPSS

Exploits0References2

CVE•added 2025/03/11 12:31 a.m.•48 views

CVE-2025-0062

SAP BusinessObjects BI Platform Web Intelligence is affected by CVE-2025-0062: a cross-site scripting vulnerability allowing an attacker to inject JavaScript in Web Intelligence reports. The issue arises when script/html execution is enabled by the Central Management Console administrator. Exploi...

4.7CVSS7.1AI score0.00254EPSS

Exploits0References2

Cvelist•added 2025/03/11 12:31 a.m.•7 views

CVE-2025-0062 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)

4.7CVSS0.00254EPSS

Exploits0References2

Tenable Nessus•added 2025/03/05 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2023-37360

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be...

6.1CVSS6.2AI score0.00332EPSS

Exploits1References3

Tenable Nessus•added 2025/03/05 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2023-23942

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml...

6.1CVSS6.1AI score0.00657EPSS

Exploits0References3

NVD•added 2025/03/04 7:15 p.m.•6 views

CVE-2025-26202

Cross-Site Scripting XSS vulnerability exists in the WPA/WAPI Passphrase field of the Wireless Security settings 2.4GHz & 5GHz bands in DZS Router Web Interface. An authenticated attacker can inject malicious JavaScript into the passphrase field, which is stored and later executed when an...

4.3CVSS0.00647EPSS

Exploits0References1

CVE•added 2025/03/04 12:0 a.m.•61 views

CVE-2025-26202

CVE-2025-26202 describes a Cross-Site Scripting (XSS) vulnerability in the WPA/WAPI Passphrase field of the Wireless Security settings on the DZS Router Web Interface (2.4 GHz & 5 GHz). An authenticated attacker can inject malicious JavaScript into the passphrase, which is stored and later execut...

4.3CVSS5.4AI score0.00647EPSS

Exploits0References1

Cvelist•added 2025/03/04 12:0 a.m.•15 views

CVE-2025-26202

0.00647EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by