CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2025/01/16 10:28 p.m.•13 views

CVE-2024-56144 Stored XSS-LibreNMS-Display Name 2 in librenms

4.6CVSS0.00114EPSS

OSV•added 2025/01/16 5:32 p.m.•7 views

GHSA-C66P-64FJ-JMC2 LibreNMS Misc Section Stored Cross-site Scripting vulnerability

StoredXSS-LibreNMS-MiscSection Description: Stored XSS on the parameter: ajaxform.php - param: state Request: http POST /ajaxform.php HTTP/1.1 Host: X-Requested-With: XMLHttpRequest X-CSRF-TOKEN: Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Cookie:...

4.6CVSS4.9AI score0.04872EPSS

Exploits1References5

Github Security Blog•added 2025/01/16 5:32 p.m.•17 views

LibreNMS Misc Section Stored Cross-site Scripting vulnerability

5.4CVSS4.7AI score0.04872EPSS

Exploits1References5Affected Software1

OSV•added 2025/01/16 5:18 p.m.•10 views

GHSA-2F4W-6MC7-4W78 LibreNMS Display Name 2 Stored Cross-site Scripting vulnerability

StoredXSS-LibreNMS-Display Name 2 Description: XSS on the parameters Replace $DEVICEID with your specific $DEVICEID value:/device/$DEVICEID/edit - param: display of Librenms versions 24.11.0 https://github.com/librenms/librenms allows remote attackers to inject malicious scripts. When a user view...

4.6CVSS4.9AI score0.00114EPSS

Exploits1References5

CNNVD•added 2025/01/16 12:0 a.m.•1 views

JFinalOA 安全漏洞

JFinalOA is an enterprise office system developed on the JFinal framework by rabbit individual developers. A security vulnerability exists in JFinalOA versions prior to v2025.01.01. An attacker exploiting this vulnerability could execute arbitrary web script or HTML via a specially crafted payloa...

4.8CVSS6.5AI score0.00193EPSS

OSV•added 2025/01/07 3:15 a.m.•0 views

CVE-2025-22395

Dell Update Package Framework, versions prior to 22.01.02, contains a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of...

7.8CVSS6AI score0.00128EPSS

Cvelist•added 2024/12/27 12:0 a.m.•11 views

CVE-2024-54451

A cross-site scripting XSS vulnerability in the graphicCustomization.do page in Kurmi Provisioning Suite before 7.9.0.38, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15 allows remote attackers authenticated as system administrators to inject arbitrary web script or HTML via the...

0.00113EPSS

CVE•added 2024/12/27 12:0 a.m.•53 views

CVE-2024-54451

Kurmi Provisioning Suite is affected by an XSS flaw in the graphicCustomization.do page. The vulnerability allows an authenticated system administrator to inject arbitrary web script or HTML through the COMPONENT_fields(htmlTitle) field, which can be rendered on other pages for all users if graph...

4.8CVSS5.8AI score0.00113EPSS

CVE•added 2024/12/17 8:24 p.m.•62 views

CVE-2024-11993

CVE-2024-11993 is a reflected cross-site scripting (XSS) vulnerability affecting Liferay Portal 7.4.0–7.4.3.38 and Liferay DXP 7.4 GA through update 38, exploitable via the Dispatch name field. The connected documents consistently describe an XSS flaw resulting from improper handling of user inpu...

6.1CVSS6AI score0.00175EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/12/17 8:24 p.m.•13 views

CVE-2024-11993

Reflected cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field...

4.6CVSS0.00175EPSS

Vulnrichment•added 2024/12/16 12:0 a.m.•5 views

CVE-2024-37776

A cross-site scripting XSS vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens...

5.8AI score0.00204EPSS

OSSF Malicious Packages•added 2024/12/14 4:26 p.m.•3 views

Malicious code in rwoka (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 601385385b682f6bdaa31c763e64c5fafb16f22df60acd266c9c7f23f73208ee The package contains highly obfuscated content, that install another, downloaded from a remote location obfuscated script in the installation path of the...

7.2AI score

OSV•added 2024/12/14 4:26 p.m.•1 views

MAL-2024-12342 Malicious code in rwoka (PyPI)

7.1AI score

OSSF Malicious Packages•added 2024/12/12 9:48 p.m.•2 views

Malicious code in python-bitget-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cac6988c3746b27c0cc34a156657431c2a0c0c36de45c6b88a00130d30dfd66e Importing the module starts an obfuscated PowerShell code, which downloads and executes a remote script. On Windows, the script appears to just start the...

7.1AI score

OSV•added 2024/12/12 9:48 p.m.•2 views

MAL-2024-12333 Malicious code in python-bitget-api (PyPI)

7AI score

NVD•added 2024/12/09 6:15 p.m.•12 views

CVE-2024-54935

A Stored Cross-Site Scripting XSS vulnerability was found in /sendmessageteachertostudent.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the mymessage parameter...

5.4CVSS0.0034EPSS

NVD•added 2024/12/09 4:15 a.m.•12 views

CVE-2024-53283

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in Router Port Forward functionality in Synology Router Manager SRM before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing...

5.9CVSS0.00692EPSS

Cvelist•added 2024/12/09 3:30 a.m.•16 views

CVE-2024-53282

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager SRM before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing...

5.9CVSS0.01088EPSS

Cvelist•added 2024/12/09 12:0 a.m.•11 views

CVE-2024-54935

0.0034EPSS