CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-50305

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00528EPSS

Exploits0References2

NVD•added 2025/08/23 7:15 a.m.•2 views

CVE-2025-5352

A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This...

9.6CVSS0.00208EPSS

Exploits1References2

Cvelist•added 2025/08/23 6:56 a.m.•3 views

CVE-2025-5352 Environment Variable XSS in Analytics Component in lunary-ai/lunary

8.1CVSS0.00208EPSS

Exploits1References2

RedhatCVE•added 2025/05/23 12:25 a.m.•5 views

CVE-2022-47544

An issue was discovered in Siren Investigate before 12.1.7. Script variable whitelisting is insufficiently sandboxed...

9.8CVSS6.9AI score0.00528EPSS

Exploits0

CNNVD•added 2025/02/18 12:0 a.m.•2 views

Cordaware bestinformed 安全漏洞

Cordaware bestinformed is a mass notification system from Cordaware, Germany. A security vulnerability exists in Cordaware bestinformed that stems from a script variable execution issue that allows an authenticated user to remotely execute code...

8.6CVSS6.8AI score0.00193EPSS

Exploits1References2

Positive Technologies•added 2025/01/30 12:0 a.m.•4 views

PT-2025-4035 · Embedai · Embedai

Name of the Vulnerable Software and Affected Versions: EmbedAI versions 2.1 and earlier Description: A Reflected Cross-Site Scripting issue has been identified, allowing an authenticated attacker to craft a malicious URL by leveraging the "/embedai/users/show/" endpoint. This enables the injectio...

6.1CVSS6.3AI score0.00098EPSS

Exploits0References4

NVD•added 2023/01/05 9:15 p.m.•16 views

CVE-2022-47544

An issue was discovered in Siren Investigate before 12.1.7. Script variable whitelisting is insufficiently sandboxed...

9.8CVSS9.5AI score0.00528EPSS

Exploits0References2

Positive Technologies•added 2023/01/05 12:0 a.m.•2 views

PT-2023-15394 · Unknown · Siren Investigate

Name of the Vulnerable Software and Affected Versions: Siren Investigate versions prior to 12.1.7 Description: An issue was discovered in Siren Investigate where script variable whitelisting is insufficiently sandboxed. Recommendations: For versions prior to 12.1.7, update to version 12.1.7 or...

9.8CVSS9.3AI score0.00528EPSS

Exploits0References4

Cvelist•added 2023/01/05 12:0 a.m.•9 views

CVE-2022-47544

An issue was discovered in Siren Investigate before 12.1.7. Script variable whitelisting is insufficiently sandboxed...

9.6AI score0.00528EPSS

Exploits0References2

Vulnrichment•added 2023/01/05 12:0 a.m.•3 views

CVE-2022-47544

An issue was discovered in Siren Investigate before 12.1.7. Script variable whitelisting is insufficiently sandboxed...

9.5AI score0.00528EPSS

Exploits0References2

Tenable Nessus•added 2004/08/18 12:0 a.m.•11 views

MyBB < 1.1.1 Multiple Script Variable Overwrite

Binary data 3519.prm...

5.8CVSS7.3AI score0.00898EPSS

Exploits0References3

Exploit DB•added 1999/01/26 12:0 a.m.•75 views

Microsoft IIS 5.0 - IISAPI Extension Enumerate Root Web Server Directory

source: https://www.securityfocus.com/bid/194/info A GET request that specifies a nonexistent file with an IISAPI-registered extension ie .pl, .idq will cause the IIS server to return an error message that includes the full path of the root web server directory. This can happen if the file is...

7.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by