CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5082 matches found

CVE•added 2025/02/14 1:22 p.m.•70 views

CVE-2025-0178

The CVE-2025-0178 issue affects WatchGuard Fireware OS Web UI, where improper input validation allows manipulation of the HTTP Host header. The vulnerability could enable redirection to malicious sites, web cache poisoning, or injection of malicious JavaScript into responses. Affected range is Fi...

6.1CVSS6.8AI score0.00215EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/02/14 12:14 a.m.•11 views

CVE-2024-35432

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting XSS via an Audio File. An authenticated user can injection malicious JavaScript code to trigger a Cross Site Scripting...

6.1CVSS6.1AI score0.00418EPSS

Exploits1References3

RedhatCVE•added 2025/02/13 7:11 p.m.•8 views

CVE-2025-24413

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

8.7CVSS7.5AI score0.00656EPSS

Exploits0References3

Vulnrichment•added 2025/02/13 12:49 p.m.•5 views

CVE-2025-1271 Reflected Cross-Site Scripting (XSS) vulnerability in H6Web

Reflected Cross-Site Scripting XSS in Anapi Group's h6web. This security flaw could allow an attacker to inject malicious JavaScript code into a URL. When a user accesses that URL, the injected code is executed in their browser, which can result in the theft of sensitive information, identity the...

6.1CVSS6AI score0.00262EPSS

Exploits0References1

CVE•added 2025/02/13 12:49 p.m.•56 views

CVE-2025-1271

CVE-2025-1271: Reflected XSS in Anapi Group's h6web. A malicious URL can trigger JavaScript in the user’s browser, potentially stealing data or allowing unauthorized actions. CVSSv3.1 base score 6.1 (Network, Low/Moderate impact; user interaction required; changed scope). Connected sources provid...

6.1CVSS6.1AI score0.00262EPSS

Exploits0References1Affected Software1

OSV•added 2025/02/11 6:31 p.m.•11 views

GHSA-GC27-RVVM-Q77R Magento Stored Cross-Site Scripting (XSS) Vulnerability

Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

8.7CVSS5.2AI score0.00656EPSS

Exploits0References3

OSV•added 2025/02/11 6:31 p.m.•9 views

GHSA-G3J6-9753-8MP2 Magento Stored Cross-Site Scripting (XSS) Vulnerability

8.7CVSS5.2AI score0.00656EPSS

Exploits0References3

Github Security Blog•added 2025/02/11 6:31 p.m.•9 views

Magento Stored Cross-Site Scripting (XSS) Vulnerability

8.7CVSS5.2AI score0.00656EPSS

Exploits0References3Affected Software2

OSV•added 2025/02/11 6:15 p.m.•4 views

CVE-2025-24438

8.7CVSS7.5AI score

Exploits0References1

NVD•added 2025/02/11 6:15 p.m.•15 views

CVE-2025-24415

8.7CVSS0.00656EPSS

Exploits0References1

OSV•added 2025/02/11 6:15 p.m.•7 views

CVE-2025-24412

8.7CVSS5.5AI score

Exploits0References1

Vulnrichment•added 2025/02/11 5:37 p.m.•11 views

CVE-2025-24416 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

8.7CVSS5.2AI score0.00656EPSS

Exploits0References1

Cvelist•added 2025/02/11 5:37 p.m.•13 views

CVE-2025-24413 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

8.7CVSS0.00656EPSS

Exploits0References1

CVE•added 2025/02/10 10:5 p.m.•50 views

CVE-2025-25189

CVE-2025-25189 describes a reflected cross-site scripting vulnerability in the ZOO-Project Web Processing Service (WPS) publish.py CGI script, prior to commit 7a5ae1a. The issue stems from the script reflecting the user-supplied jobid parameter into the HTML response without HTML encoding or sani...

6.9CVSS5.9AI score0.00418EPSS

Exploits0References2

OSV•added 2025/02/10 10:5 p.m.•6 views

CVE-2025-25189 [XBOW-025-031] Reflected Cross-Site Scripting via jobid Parameter in ZOO-Project WPS publish.py CGI Script

The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service WPS publish.py CGI script prior to commit 7a5ae1a. The script reflects user input from the jobid parameter in its HTTP response without proper HTM...

6.9CVSS6.2AI score0.00418EPSS

Exploits0References4

RedhatCVE•added 2025/02/09 12:26 a.m.•3 views

CVE-2024-57279

A reflected Cross-Site Scripting XSS vulnerability has been identified in the LDAP User Manager = ce92321, specifically in the /setup/index.php endpoint via the returnto parameter. This vulnerability arises due to improper sanitization of user-supplied input, allowing an attacker to inject...

5.4CVSS5.6AI score0.00201EPSS

Exploits0References1

RedhatCVE•added 2025/02/08 4:28 a.m.•14 views

CVE-2024-53943

An issue was discovered in NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to XSS via the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute JavaScript within the context of the current user by injecting JavaScript into the SSID...

6.1CVSS5.8AI score0.0029EPSS

Exploits0References1

Vulnrichment•added 2025/02/07 12:0 a.m.•3 views

CVE-2024-57278

A reflected Cross-Site Scripting XSS vulnerability exists in /webscan/sqlmap/index.html in QingScan =v1.8.0. The vulnerability is caused by improper input sanitization of the query parameter, allowing an attacker to inject malicious JavaScript payloads. When a victim accesses a crafted URL...

5.7AI score0.00205EPSS

Exploits0References1

Cvelist•added 2025/02/07 12:0 a.m.•27 views

CVE-2024-52882

An issue was discovered in AudioCodes One Voice Operations Center OVOC before 8.4.582. Due to improper neutralization of input via the devices API, an attacker can inject malicious JavaScript code XSS to attack logged-in administrator sessions...

0.00217EPSS

Exploits0References2

Cvelist•added 2025/02/07 12:0 a.m.•10 views

CVE-2024-57279

0.00201EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by