CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

Veracode•added 2026/05/04 6:1 a.m.•5 views

HTML Injection

github.com/abhinavxd/libredesk is vulnerable to stored HTML injection. The vulnerability is due to improper sanitization of user input in the contact notes feature, which allows an attacker to inject arbitrary HTML by manipulating the request and exploit it to perform phishing, CSRF-style actions...

8.6CVSS5.9AI score0.00193EPSS

Exploits1References4Affected Software1

SUSE CVE•added 2026/03/04 12:26 a.m.•0 views

SUSE CVE-2026-26957

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: Upon further research, the maintainer determined that the behavior described by the CVE record is intended behavior. Per the GitHub Security Advisory: "Libredesk is a single-tenant, self-hosted application. Configuring outbound...

5.5AI score0.00061EPSS

Exploits0References3

OSV•added 2026/02/23 6:23 p.m.•5 views

GO-2026-4505 Libredesk has a SSRF Vulnerability in Webhooks in github.com/abhinavxd/libredesk

Libredesk has a SSRF Vulnerability in Webhooks in github.com/abhinavxd/libredesk...

5.3AI score0.00061EPSS

Exploits0References3

NVD•added 2026/02/20 12:16 a.m.•4 views

CVE-2026-26957

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: Upon further research, the maintainer determined that the behavior described by the CVE record is intended behavior. Per the GitHub Security Advisory: "Libredesk is a single-tenant, self-hosted application...

0.00061EPSS

Exploits0

CNNVD•added 2026/02/20 12:0 a.m.•6 views

Libredesk 代码问题漏洞

Libredesk is a user support platform developed by Abhinav Raut personally. Versions of Libredesk prior to 1.0.2-0.20260215211005-727213631ce6 contained code vulnerabilities. These vulnerabilities stemmed from unvalidated Webhook target URLs, which could allow the server to send HTTP requests to...

6.9CVSS6AI score0.00061EPSS

Exploits0References2

Cvelist•added 2026/02/19 11:30 p.m.•28 views

CVE-2026-26957

...

0.00061EPSS

Exploits0

ATTACKERKB•added 2026/02/19 11:30 p.m.•4 views

CVE-2026-26957

Libredesk is a self-hosted customer support desk application. Versions prior to 1.0.2-0.20260215211005-727213631ce6 fail to validate destination URLs for webhooks, allowing an attacker posing as an authenticated "Application Admin" to force the server to make HTTP requests to arbitrary internal...

6.9CVSS5.8AI score0.00061EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/02/19 11:30 p.m.•3 views

CVE-2026-26957

...

5.4AI score0.00061EPSS

Exploits0

CVE•added 2026/02/19 11:30 p.m.•8 views

CVE-2026-26957

CVE-2026-26957 is rejected and does not represent an active vulnerability entry.

5.8AI score0.00061EPSS

Exploits0

OSV•added 2026/02/19 11:30 p.m.•6 views

CVE-2026-26957 Libredesk has an SSRF Vulnerability via Webhooks

6.9CVSS5.7AI score0.00061EPSS

Exploits0References4

Vulnrichment•added 2025/12/27 12:4 a.m.•3 views

CVE-2025-68927 Improper Neutralization of HTML Tags in a Web Page in libredesk

Libredesk is a self-hosted customer support desk. Prior to version 0.8.6-beta, LibreDesk is vulnerable to stored HTML injection in the contact notes feature. When adding notes via POST /api/v1/contacts/id/notes, the backend automatically wraps user input in tags. However, by intercepting the...

8.6CVSS6.6AI score0.00193EPSS

Exploits1References2

Cvelist•added 2025/12/27 12:4 a.m.•20 views

CVE-2025-68927 Improper Neutralization of HTML Tags in a Web Page in libredesk

8.6CVSS0.00193EPSS

Exploits1References2

CVE•added 2025/12/27 12:4 a.m.•15 views

CVE-2025-68927

Libredesk prior to version 0.8.6-beta is vulnerable to stored HTML injection in the contact notes feature. Notes added via POST /api/v1/contacts/{id}/notes are wrapped in tags; removing the wrapper in transit allows attackers to inject arbitrary HTML (e.g., forms, images) that is stored and rend...

8.6CVSS6.6AI score0.00193EPSS

Exploits1References2Affected Software1

EUVD•added 2025/12/27 12:4 a.m.•7 views

EUVD-2025-203846

8.6CVSS6.5AI score0.00193EPSS

Exploits1References3

OSV•added 2025/12/27 12:4 a.m.•4 views

CVE-2025-68927 Improper Neutralization of HTML Tags in a Web Page in libredesk

8.6CVSS6.9AI score0.00193EPSS

Exploits1References4

CNNVD•added 2025/12/27 12:0 a.m.•3 views

Libredesk 跨站脚本漏洞

Libredesk is a user support platform by the individual developer Abhinav Raut. A cross-site scripting vulnerability exists in versions prior to Libredesk 0.8.6-beta, which stems from a stored HTML injection issue in the contact notes feature that could lead to phishing and CSRF attacks...

8.6CVSS5.9AI score0.00193EPSS

Exploits1References3

Positive Technologies•added 2025/12/27 12:0 a.m.•6 views

PT-2025-53612

Name of the Vulnerable Software and Affected Versions Libredesk versions prior to 0.8.6-beta Description Libredesk is a self-hosted customer support desk application. A stored HTML injection issue exists in the contact notes feature. When adding notes through the POST /api/v1/contacts/id/notes...

8.6CVSS6.7AI score0.00193EPSS

Exploits1References6

OSV•added 2025/12/22 6:15 p.m.•3 views

GO-2025-4243 Libredesk has Improper Neutralization of HTML Tags in a Web Page in github.com/abhinavxd/libredesk

Libredesk has Improper Neutralization of HTML Tags in a Web Page in github.com/abhinavxd/libredesk...

8.6CVSS6.5AI score0.00193EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by