CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/01/09 10:54 a.m.•4 views

CVE-2022-23052

PeteReport Version 0.5 contains a Cross Site Request Forgery CSRF vulnerability allowing an attacker to trick users into deleting users, products, reports and findings on the application...

6.5CVSS7AI score0.00098EPSS

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-28161

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00221EPSS

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-28162

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00098EPSS

RedhatCVE•added 2025/05/22 10:36 p.m.•7 views

CVE-2022-25220

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding...

4.8CVSS6.8AI score0.00305EPSS

CNVD•added 2022/03/04 12:0 a.m.•18 views

PeteReport Cross-Site Request Forgery Vulnerability

PeTeReport is an open source application vulnerability reporting tool. Designed to assist penetration testing/red team efforts by simplifying the task of report writing and generation, PeTeReport suffers from a cross-site request forgery vulnerability that could be exploited by attackers to trick...

6.5CVSS2.7AI score0.00098EPSS

CNVD•added 2022/03/04 12:0 a.m.•13 views

PeTeReport Cross-Site Scripting Vulnerability (CNVD-2022-23466)

PeTeReport is an open source application vulnerability reporting tool. Designed to assist penetration testing/red team efforts by simplifying the task of report writing and generation, PeTeReport version 0.5 contains a cross-site scripting vulnerability that stems from the software's lack of...

4.8CVSS1.8AI score0.00305EPSS

OSV•added 2022/03/03 10:15 p.m.•2 views

CVE-2022-25220

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding...

4.8CVSS5.9AI score0.00305EPSS

NVD•added 2022/03/03 10:15 p.m.•8 views

CVE-2022-25220

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding...

4.8CVSS0.00305EPSS

NVD•added 2022/03/03 10:15 p.m.•11 views

CVE-2022-23051

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svgfile' parameter...

5.4CVSS0.00221EPSS

NVD•added 2022/03/03 10:15 p.m.•10 views

CVE-2022-23052

PeteReport Version 0.5 contains a Cross Site Request Forgery CSRF vulnerability allowing an attacker to trick users into deleting users, products, reports and findings on the application...

6.5CVSS0.00098EPSS

Prion•added 2022/03/03 10:15 p.m.•11 views

Code injection

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svgfile' parameter...

3.5CVSS5.5AI score0.00221EPSS

Prion•added 2022/03/03 10:15 p.m.•8 views

Cross site request forgery (csrf)

PeteReport Version 0.5 contains a Cross Site Request Forgery CSRF vulnerability allowing an attacker to trick users into deleting users, products, reports and findings on the application...

4.3CVSS6.6AI score0.00098EPSS

Cvelist•added 2022/03/03 9:57 p.m.•12 views

CVE-2022-25220

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding...

5.4AI score0.00305EPSS

CVE•added 2022/03/03 9:57 p.m.•74 views

CVE-2022-25220

PeteReport Version 0.5 contains a cross-site scripting vulnerability where an authenticated admin can inject persistent JavaScript into markdown descriptions when creating a product, report, or finding. Root cause: lack of escaping for user data in markdown descriptions. Affected component: PeteR...

4.8CVSS5.1AI score0.00305EPSS

CVE•added 2022/03/03 9:56 p.m.•88 views

CVE-2022-23052

PeteReport Version 0.5 contains a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to trick authenticated users into deleting users, products, reports and findings within the application. The issue is described across multiple sources (NVD, Red Hat, CNVD, etc.) with no...

6.5CVSS6.5AI score0.00098EPSS

Cvelist•added 2022/03/03 9:56 p.m.•11 views

CVE-2022-23052

PeteReport Version 0.5 contains a Cross Site Request Forgery CSRF vulnerability allowing an attacker to trick users into deleting users, products, reports and findings on the application...

6.7AI score0.00098EPSS

CVE•added 2022/03/03 9:55 p.m.•77 views

CVE-2022-23051

PeteReport Version 0.5 contains an authenticated-admin Cross-Site Scripting (XSS) vulnerability: by modifying the svg_file parameter while adding an Attack Tree, an admin can inject persistent JavaScript. The issue stems from lack of filtering/escaping of user data. Affected product appears to be...

5.4CVSS5.4AI score0.00221EPSS

Cvelist•added 2022/03/03 9:55 p.m.•11 views

CVE-2022-23051

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svgfile' parameter...

5.8AI score0.00221EPSS