CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

156 matches found

NVD•added 2026/05/28 9:16 p.m.•7 views

CVE-2026-44657

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, using showinline=1 parameter and a valid fileshowinlinetoken CSRF token on filedownload.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript attachment. This vulnerability i...

7.5CVSS0.00072EPSS

Exploits0References4

ATTACKERKB•added 2026/05/28 8:25 p.m.•5 views

CVE-2026-44657

7.5CVSS6AI score0.00072EPSS

Exploits0References5Affected Software1

Cvelist•added 2026/05/28 8:25 p.m.•23 views

CVE-2026-44657 MantisBT: Stored XSS in File Download

7.5CVSS0.00072EPSS

Exploits0References4

EUVD•added 2026/05/28 8:25 p.m.•8 views

EUVD-2026-33023

7.5CVSS6AI score0.00072EPSS

Exploits0References4

CNNVD•added 2026/05/28 12:0 a.m.•7 views

Mantis Bug Tracker 跨站脚本漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker prior to 2.28.2 contained a cross-site scripting vulnerability. This vulnerability occurred when using the showinline=1 parameter and a valid CSRF token, allowing attackers to...

7.5CVSS5.8AI score0.00072EPSS

Exploits0References4

Github Security Blog•added 2026/05/11 7:40 p.m.•5 views

MantisBT Vulnerable to Stored XSS in File Download

Using showinline=1 parameter and a valid fileshowinlinetoken CSRF token on filedownload.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript attachment. Impact Cross-site scripting Patches - 26647b2e68ba30b9d7987d4e03d7a16416684bc2 Workarounds None...

7.5CVSS6AI score0.00072EPSS

Exploits0References5Affected Software1

Snyk•added 2026/05/11 7:40 p.m.•7 views

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the filedownload.php process when the showinline=1 parameter and a valid fileshowinlinetoken CSRF token are provided. An attacker can execute arbitrary JavaScript co...

7.5CVSS5.8AI score0.00072EPSS

Exploits0References2

Positive Technologies•added 2026/05/11 12:0 a.m.•8 views

PT-2026-39900

Name of the Vulnerable Software and Affected Versions MantisBT affected versions not specified Description An attacker can execute code via stored cross-site scripting XSS by uploading a crafted XHTML attachment that references a JavaScript attachment. This is achieved by using the 'file...

7.5CVSS5.8AI score0.00072EPSS

Exploits0References10

EUVD•added 2026/03/24 12:30 a.m.•2 views

EUVD-2026-14650

The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on importpopuptemplates function as well as insufficient file type validation in the uploadfiles function in all versions up to, and including, 4.14.1. This makes it possible for Authenticat...

8.8CVSS5.9AI score0.00329EPSS

Exploits0References5

Positive Technologies•added 2026/03/11 12:0 a.m.•1 views

PT-2026-24758

Impact An attacker can upload a file with a file extension or content type that is not blocked by the default configuration of the Parse Server fileUpload.fileExtensions option. The file can contain malicious code, for example JavaScript in an SVG or XHTML file. When the file is accessed via its...

6.3CVSS5.8AI score0.00064EPSS

Exploits0References10

RedhatCVE•added 2026/01/09 10:49 a.m.•4 views

CVE-2022-37307

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature...

6.1CVSS6.2AI score0.01122EPSS

Exploits2References1

Fedora•added 2025/12/25 1:8 a.m.•7 views

[SECURITY] Fedora 42 Update: roundcubemail-1.6.12-1.fc42

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

7.5CVSS7AI score0.06858EPSS

Exploits1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2014-8819

Malware in sbrugna...

4.3CVSS6.4AI score0.00256EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2021-1654

Malware in sbrugna...

6.1CVSS7.7AI score0.00468EPSS

Exploits0References9

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2014-2281

Malware in sbrugna...

4.3CVSS9.2AI score0.00499EPSS

Exploits1References11

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2016-9928

Malware in sbrugna...

7.5CVSS7.6AI score0.01261EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2011-1131

Malware in sbrugna...

7.5CVSS8.3AI score0.01822EPSS

Exploits2References12

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-39943

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.01122EPSS

Exploits2References2

OSV•added 2025/08/27 10:15 p.m.•0 views

CVE-2024-13980

H3C Intelligent Management Center IMC versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters,...

10CVSS6.1AI score0.02906EPSS

Exploits0References6

CVE•added 2025/08/27 9:25 p.m.•13 views

CVE-2024-13980

CVE-2024-13980 affects H3C Intelligent Management Center (IMC) /byod/index.xhtml. The root cause is improper handling of JSF ViewState, allowing unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters and potentially achieve arbitrary command execution. Explo...

10CVSS7.1AI score0.02906EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by