CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

801 matches found

osTicket - Arbitrary File Read

Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficientl...

8.7CVSS6.1AI score0.74425EPSS

Exploits3References3

NVD•added 2026/05/22 6:16 p.m.•4 views

CVE-2026-39964

TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Typebot viewer packages/embeds/js renders anchor tags from rich text bubble content without filtering the javascript: URI scheme. A bot author can set a link URL to javascript:PAYLOAD, which executes in the visitor's browser...

5.4CVSS0.00049EPSS

Exploits0References3

Positive Technologies•added 2026/05/22 12:0 a.m.•7 views

PT-2026-42817

Name of the Vulnerable Software and Affected Versions TypeBot versions prior to 3.16.0 Description The Typebot viewer renders anchor tags from rich text bubble content without filtering the javascript: URI scheme. This allows a bot author to set a link URL containing a malicious payload that...

5.4CVSS5.8AI score0.00049EPSS

Exploits0References6

CNNVD•added 2026/05/22 12:0 a.m.•4 views

Typebot 安全漏洞

Typebot is an open-source chat bot builder developed by Baptiste Arnaud. There were security vulnerabilities in versions of Typebot prior to 3.16.0. These vulnerabilities stemmed from the Typebot viewer’s failure to filter javascript: URI schemes when rendering rich text bubble content, allowing...

5.4CVSS5.9AI score0.00049EPSS

Exploits0References3

Snyk•added 2026/05/14 6:26 p.m.•3 views

Server-side Request Forgery (SSRF)

Overview apostrophe is a content management system CMS for Node.js. It supports in-context editing, schema-driven content types, flexible widgets and a great deal more. This module contains everything necessary to build a website with ApostropheCMS. Affected versions of this package are vulnerabl...

8.5CVSS5.9AI score

Exploits0References2

Patchstack•added 2026/05/14 6:26 p.m.•7 views

NPM: Apostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget

NPM: Apostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget vulnerability discovered by ? in WordPress Npm apostrophe versions = 4.29.0...

5.8AI score

Exploits0References2Affected Software1

OSV•added 2026/05/14 6:26 p.m.•1 views

GHSA-PR28-MF3Q-QPG6 Apostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget

Summary ApostropheCMS contains an authenticated server-side request forgery SSRF in the rich-text widget import flow. An authenticated user who can submit/edit rich-text widget content can cause the server to fetch attacker-controlled URLs during widget validation. For image-compatible responses,...

7.6CVSS5.8AI score

Exploits0References2

Github Security Blog•added 2026/05/14 6:26 p.m.•9 views

Apostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget

5.8AI score

Exploits0References2Affected Software1

Positive Technologies•added 2026/05/14 12:0 a.m.•6 views

PT-2026-41154

7.6CVSS5.8AI score

Exploits0References3

RedhatCVE•added 2026/05/13 8:23 p.m.•2 views

CVE-2026-32170

Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally...

6.7CVSS5.8AI score0.00054EPSS

Exploits0References1

RedhatCVE•added 2026/05/13 8:21 p.m.•2 views

CVE-2026-21530

Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally...

6.7CVSS5.8AI score0.00054EPSS

Exploits0References1

EUVD•added 2026/05/12 6:30 p.m.•3 views

EUVD-2026-29570

Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally...

6.7CVSS5.8AI score0.00054EPSS

Exploits0References2

NVD•added 2026/05/12 6:16 p.m.•3 views

CVE-2026-32170

Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally...

6.7CVSS0.00054EPSS

Exploits0References1

NVD•added 2026/05/12 6:16 p.m.•2 views

CVE-2026-21530

Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally...

6.7CVSS0.00054EPSS

Exploits0References1

Cvelist•added 2026/05/12 4:58 p.m.•27 views

CVE-2026-32170 Windows Rich Text Edit Elevation of Privilege Vulnerability

...

6.7CVSS0.00054EPSS

Exploits0References1

Vulnrichment•added 2026/05/12 4:58 p.m.•3 views

CVE-2026-32170 Windows Rich Text Edit Elevation of Privilege Vulnerability

...

6.7CVSS5.8AI score0.00054EPSS

Exploits0References1

CVE•added 2026/05/12 4:58 p.m.•16 views

CVE-2026-32170

Technical details for CVE-2026-32170 are not publicly available in the provided documents beyond the basic description. No vendor, product, version, root cause, impact, or fix specifics are supplied here. Monitor official disclosures and CVE/Microsoft update guidance for updates.

6.7CVSS5.8AI score0.00054EPSS

Exploits0References1Affected Software14

Vulnrichment•added 2026/05/12 4:58 p.m.•2 views

CVE-2026-21530 Windows Rich Text Edit Elevation of Privilege Vulnerability

...

6.7CVSS5.8AI score0.00054EPSS

Exploits0References1

CVE•added 2026/05/12 4:58 p.m.•23 views

CVE-2026-21530

CVE-2026-21530 : A double-free vulnerability in Windows Rich Text Edit is described as enabling an authorized attacker to perform local privilege escalation. The connected documents confirm the affected component and the local-privilege-elevation impact but do not provide exploit details, specifi...

6.7CVSS5.8AI score0.00054EPSS

Exploits0References1Affected Software14

Cvelist•added 2026/05/12 4:58 p.m.•25 views

CVE-2026-21530 Windows Rich Text Edit Elevation of Privilege Vulnerability

...

6.7CVSS0.00054EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by