CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6724 matches found

RedhatCVE•added 2025/07/17 1:57 p.m.•5 views

CVE-2025-34111

An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version 15.1 and earlier via the ELFinder component's default connector connector.minimal.php, which allows remote attackers to upload and execute malicious PHP scripts in the context of the web server. The...

9.8CVSS7.2AI score0.01521EPSS

Exploits1References1

RedhatCVE•added 2025/07/16 11:1 p.m.•8 views

CVE-2025-53834

Caido is a web security auditing toolkit. A reflected cross-site scripting XSS vulnerability was discovered in Caido’s toast UI component in versions prior to 0.49.0. Toast messages may reflect unsanitized user input in certain tools such as Match and Scope. This could allow an attacker to craft...

6.3CVSS6.2AI score0.00221EPSS

Exploits0References1

NVD•added 2025/07/16 3:15 p.m.•3 views

CVE-2024-42912

A cross-site scripting XSS vulnerability in META-INF Kft. Email This Issue Data Center before 9.13.0-GA allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the recipient field of an e-mail message...

5.4CVSS0.0017EPSS

Exploits0References2

Cvelist•added 2025/07/16 1:55 p.m.•6 views

CVE-2025-53924 Emlog vulnerable to stored Cross-site Scripting in links functionality

Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including pro-2.5.17 allows authenticated remote attackers to inject arbitrary web script or HTML via the siteurl parameter. It is possible to inject malicious code into siteurl parameter...

6.9CVSS0.00269EPSS

Exploits1References1

Snyk•added 2025/07/16 12:30 p.m.•2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Administration Console. An attacker can execute arbitrary scripts in the context of a user's browser by tricking the user into visiting a crafted URL. Details Cross-site scripting or XSS is a code...

7.3CVSS5.5AI score0.00198EPSS

Exploits0References2

Snyk•added 2025/07/16 12:30 p.m.•3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Administration Console. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious payloads through user-controllable input fields. Details Cross-site scripting o...

6.9CVSS5.5AI score0.00205EPSS

Exploits0References2

OSV•added 2025/07/16 5:15 a.m.•1 views

CVE-2025-6977

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘pmgetmessengernotification’ function in all versions up to, and including, 5.9.5.4 due to insufficient input sanitization and output escaping. This makes it possib...

6.1CVSS6AI score0.00274EPSS

Exploits0References5

Snyk•added 2025/07/16 4:57 a.m.•3 views

Cross-site Scripting (XSS)

Overview org.webjars.bowergithub.kazupon:vue-i18n is an Internationalization plugin for Vue.js Affected versions of this package are vulnerable to Cross-site Scripting XSS when performing translations with escapeParameterHtml set to true. An attacker can execute arbitrary JavaScript code in the...

9.3CVSS5.4AI score0.0067EPSS

Exploits0References2

CNNVD•added 2025/07/16 12:0 a.m.•3 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is an enterprise-grade content management solution from Adobe designed to help companies efficiently build, manage and deliver multi-channel digital content and personalized experiences. Adobe Experience Manager suffers from a cross-site scripting vulnerability that stems...

5.4CVSS5.9AI score0.00254EPSS

Exploits0References1

Positive Technologies•added 2025/07/16 12:0 a.m.•3 views

PT-2025-29746 · Nanbu · Nanbu Welcart E-Commerce

Name of the Vulnerable Software and Affected Versions: nanbu Welcart e-Commerce versions through 2.11.16 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting XSS. This can potentially lead to the...

5.9CVSS6AI score0.00177EPSS

Exploits0References4

CNNVD•added 2025/07/16 12:0 a.m.•1 views

META-INF Kft. Email This Issue 安全漏洞

META-INF Kft. Email This Issue is an advanced email management plugin for Jira from Hungarian company META-INF Kft. A security vulnerability exists in versions prior to META-INF Kft. Email This Issue 9.13.0-GA, which stems from the injection of a specially crafted payload into the recipient field...

5.4CVSS6.8AI score0.0017EPSS

Exploits0References2

Cvelist•added 2025/07/16 12:0 a.m.•7 views

CVE-2024-42912

0.0017EPSS

Exploits0References2

NVD•added 2025/07/14 11:15 p.m.•3 views

CVE-2025-53834

Caido is a web security auditing toolkit. A reflected cross-site scripting XSS vulnerability was discovered in Caido’s toast UI component in versions prior to 0.49.0. Toast messages may reflect unsanitized user input in certain tools such as Match&Replace and Scope. This could allow an attacker t...

6.3CVSS0.00221EPSS

Exploits0References2

Vulnrichment•added 2025/07/14 10:49 p.m.•2 views

CVE-2025-53834 Caido Toast Vulnerable to Reflected Cross-site Scripting

Caido is a web security auditing toolkit. A reflected cross-site scripting XSS vulnerability was discovered in Caido’s toast UI component in versions prior to 0.49.0. Toast messages may reflect unsanitized user input in certain tools such as Match&Replace and Scope. This could allow an attacker t...

6.3CVSS5.7AI score0.00221EPSS

Exploits0References2

CVE•added 2025/07/14 10:49 p.m.•15 views

CVE-2025-53834

Caido Toast XSS (CVE-2025-53834): A reflected XSS vulnerability exists in Caido’s toast UI component in versions before 0.49.0, where unsanitized user input reflected in tools like Match&Replace and Scope can lead to arbitrary script execution. The issue is fixed in version 0.49.0. Affected produ...

6.3CVSS5.7AI score0.00221EPSS

Exploits0References2

CNNVD•added 2025/07/14 12:0 a.m.•1 views

Caido 跨站脚本漏洞

Caido is a Caido open source application. Designed to help security professionals and enthusiasts audit web applications efficiently and easily. A cross-site scripting vulnerability exists in versions prior to Caido 0.49.0 that stems from reflective cross-site scripting and could lead to arbitrar...

6.3CVSS6.2AI score0.00221EPSS

Exploits0References3

RedhatCVE•added 2025/07/13 3:20 p.m.•12 views

CVE-2025-30661

An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processing of Juniper Networks Junos OS allows a local, low-privileged user to install scripts to be executed as root, leading to privilege escalation. A local user with access to the local file system can...

8.5CVSS7.4AI score0.00168EPSS

Exploits0References1

CVE•added 2025/07/11 2:38 p.m.•24 views

CVE-2025-30661

CVE-2025-30661 affects Juniper Networks Junos OS line cards (MPC10, MPC11, LC4800, LC9600, MX304-LMIC16, SRX4700, EX9200-15C). The root cause is an incorrect permission assignment in line card script processing that lets a local, low-privilege user install scripts which are executed as root at sy...

8.5CVSS6.7AI score0.00168EPSS

Exploits0References2Affected Software1

Cvelist•added 2025/07/11 2:38 p.m.•7 views

CVE-2025-30661 Junos OS: Low-privileged user can cause script to run as root, leading to privilege escalation

8.5CVSS0.00168EPSS

Exploits0References2

OSV•added 2025/07/11 12:15 a.m.•4 views

CVE-2025-41442

A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting XSS attack. By manipulating certain input parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosu...

5.1CVSS5.7AI score0.00194EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by