CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

Veracode•added 2026/01/16 1:21 p.m.•4 views

Type Confusion

Preact is vulnerable to Type Confusion. The vulnerability is due to weakened JSON serialization protections that allow specially crafted JSON objects to be treated as valid Virtual DOM nodes, which allows an attacker to inject malicious HTML or scripts when untrusted data is rendered without prop...

9.2CVSS5.5AI score0.00081EPSS

Exploits1References4Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•6 views

EUVD-2019-7032

Malware in sbrugna...

6.1CVSS7.2AI score0.00821EPSS

Exploits0References9

EUVD•added 2025/10/03 8:7 p.m.•6 views

EUVD-2022-24542

Malicious code in bioql PyPI...

7.8CVSS7.7AI score0.00307EPSS

Exploits2References1

Positive Technologies•added 2025/07/27 12:0 a.m.•2 views

PT-2025-31031 · Unknown · Projectworlds Online Admission System

Name of the Vulnerable Software and Affected Versions: Projectworlds Online Admission System version 1.0 Description: A critical issue exists in Projectworlds Online Admission System. The vulnerability allows for remote SQL injection through manipulation of the markof argument within the /admin.p...

8.8CVSS6.8AI score0.00224EPSS

Exploits1References7

Github Security Blog•added 2025/04/07 4:38 p.m.•6 views

tarteaucitron.js allows UI manipulation via unrestricted CSS injection

A vulnerability was identified in tarteaucitron.js, where user-controlled inputs for element dimensions width and height were not properly validated. This allowed an attacker with direct access to the site's source code or a CMS plugin to set values like 100%;height:100%;position:fixed;,...

6.6CVSS7.2AI score0.00153EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2025/03/20 12:0 a.m.•4 views

PT-2025-12119 · Unknown · Imartinez/Privategpt

Name of the Vulnerable Software and Affected Versions: imartinez/privategpt version v0.6.2 Description: A Denial of Service DoS vulnerability exists in the file upload feature. The issue is due to improper handling of form-data with a large filename in the file upload request. An attacker can...

7.5CVSS7.3AI score0.00529EPSS

Exploits1References5

Positive Technologies•added 2024/11/14 12:0 a.m.•1 views

PT-2024-35211 · Unknown · Do That Task

Name of the Vulnerable Software and Affected Versions: Do That Task versions 1.5.5 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can be exploited to gain unauthorized access to the...

10CVSS9.8AI score0.00888EPSS

Exploits0References6

Veracode•added 2024/05/08 6:1 a.m.•14 views

Cross-Site Scripting (XSS)

yab/quarx is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input validation and sanitization in several components including Blog Title, FAQ Question, Pages Title, Widgets Name, and Menus Name...

6.1CVSS6.5AI score0.00234EPSS

Exploits2References5Affected Software1

OSV•added 2022/09/16 9:15 a.m.•0 views

CVE-2022-2798

The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data...

8CVSS5.8AI score

Exploits0References1

OSV•added 2019/09/11 2:15 p.m.•1 views

DEBIAN-CVE-2019-16220

In WordPress before 5.2.3, validation and sanitization of a URL in wpvalidateredirect in wp-includes/pluggable.php could lead to an open redirect if a provided URL path does not start with a forward slash...

6.1CVSS6.9AI score0.00821EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by