CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

372 matches found

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of the view/update.php script, which read $POSTupdateFile as a relative path under the...

6.9CVSS5.8AI score0.0006EPSS

Exploits1References1

Vulnrichment•added 2026/05/25 2:15 p.m.•3 views

CVE-2018-25378 Notebook Pro 2.0 Denial of Service via Notebook Name Field

Notebook Pro 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the notebook name field. Attackers can create a malicious text file containing 500 or more characters, paste the content into the New Noteboo...

6.9CVSS5.8AI score0.00017EPSS

Exploits0References2

CVE•added 2026/05/25 2:15 p.m.•16 views

CVE-2018-25378

Notebook Pro 2.0 is affected by a local denial-of-service vulnerability in the New Notebook Name field. An attacker can crash the application by supplying a string of 500+ characters, e.g., via a crafted text file pasted into the name field and attempting to create/save the notebook. The vulnerab...

6.9CVSS5.8AI score0.00017EPSS

Exploits0References2

CNNVD•added 2026/05/20 12:0 a.m.•4 views

react-doc-viewer 跨站脚本漏洞

react-doc-viewer is a React documentation viewer component developed by Damian Cyntler. Version 1.17.1 of react-doc-viewer contains a cross-site scripting vulnerability. This vulnerability arises from the TXTRenderer component failing to clean up file content and explicitly converting raw data in...

6.1CVSS5.9AI score0.00014EPSS

Exploits0References1

ATTACKERKB•added 2026/05/20 12:0 a.m.•6 views

CVE-2026-30691

Cross-Site Scripting XSS vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize file content and explicitly casts raw data as a ReactNode...

6.1CVSS6.1AI score0.00014EPSS

Exploits0References3

Cvelist•added 2026/05/20 12:0 a.m.•32 views

CVE-2026-30691

0.00014EPSS

Exploits0References2

Positive Technologies•added 2026/05/20 12:0 a.m.•5 views

PT-2026-42214

Name of the Vulnerable Software and Affected Versions @cyntler/react-doc-viewer version 1.17.1 Description A Cross-Site Scripting XSS issue exists where remote attackers can execute arbitrary JavaScript by using a crafted .txt file. This occurs because the TXTRenderer component does not sanitize...

6.1CVSS6AI score0.00014EPSS

Exploits0References5

OSV•added 2026/05/01 2:14 p.m.•1 views

MAL-2026-3213 Malicious code in funkratov-renderkit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 78b5f3b4a8756df49b4a5eb41647e9dd20328da005f95869f81447355e2f7880 Package is prepared to exfiltrate .log and .txt files to the target already associated with exfiltrating sensitive data. --- Category: MALICIOUS - The campaign...

5.9AI score

Exploits0References4

Debian CVE•added 2026/05/01 12:0 a.m.•5 views

CVE-2026-42476

Two heap-based out-of-bounds read vulnerabilities in the STL ASCII file parser in Open CASCADE Technology OCCT V800rc5 exist in RWStlReader::ReadAscii because buffers returned by StandardReadLineBuffer::ReadLine are not properly length-validated before strncasecmp or direct byte access...

7.1CVSS5.8AI score0.00014EPSS

Exploits0

NVD•added 2026/04/26 10:17 p.m.•1 views

CVE-2018-25274

InfraRecorder 0.53 contains a denial of service vulnerability that allows local attackers to crash the application by importing a maliciously crafted text file. Attackers can create a text file containing 6000 bytes of data and import it through the Edit menu's Import function to trigger an...

6.9CVSS0.00018EPSS

Exploits0References2

EUVD•added 2026/04/26 1:19 p.m.•3 views

EUVD-2018-21794

6.9CVSS5.3AI score0.00018EPSS

Exploits0References2

ATTACKERKB•added 2026/04/26 1:19 p.m.•0 views

CVE-2018-25274

6.9CVSS5.2AI score0.00018EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/04/26 1:19 p.m.•4 views

CVE-2018-25274 InfraRecorder 0.53 Denial of Service via txt File Import

6.9CVSS5.2AI score0.00018EPSS

Exploits0References2

CVE•added 2026/04/26 1:19 p.m.•5 views

CVE-2018-25274

CVE-2018-25274 affects InfraRecorder 0.53. ADenial of Service vulnerability allows a local attacker to crash the application by importing a crafted text file. Specifically, a 6000-byte text file imported via the Edit → Import function can trigger the crash. The connected documents confirm the loc...

6.9CVSS5.3AI score0.00018EPSS

Exploits0References2

Cvelist•added 2026/04/26 1:19 p.m.•27 views

CVE-2018-25274 InfraRecorder 0.53 Denial of Service via txt File Import

6.9CVSS0.00018EPSS

Exploits0References2

CNNVD•added 2026/04/26 12:0 a.m.•5 views

InfraRecorder 安全漏洞

InfraRecorder is a tool software developed by InfraRecorder Inc. designed for burning discs and creating disc images. Version 0.53 of InfraRecorder contains a security vulnerability. This vulnerability stems from a denial-of-service attack when importing malicious text files. It is possible for...

6.9CVSS5.8AI score0.00018EPSS

Exploits0References1

RedhatCVE•added 2026/04/20 7:23 p.m.•3 views

CVE-2026-41253

In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious file whose name is valid output from the conductor encoding path, such as a pathname with an initial ace/c+ substring, aka "hypothetical in-band...

7.8CVSS6.2AI score0.00006EPSS

Exploits1References1

NVD•added 2026/04/18 6:16 a.m.•0 views

CVE-2026-41253

7.8CVSS0.00006EPSS

Exploits1References4

Vulnrichment•added 2026/04/18 5:27 a.m.•0 views

CVE-2026-41253

6.9CVSS6.2AI score0.00006EPSS

Exploits1References4

CVE•added 2026/04/18 5:27 a.m.•13 views

CVE-2026-41253