CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

EUVD•added 2026/05/02 3:0 p.m.•3 views

EUVD-2026-26798

A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1. Affected is the function addMcpServer of the file app/mcp/actions.ts. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be...

7.5CVSS5.2AI score0.00058EPSS

Exploits0References5

RedhatCVE•added 2026/01/09 10:42 a.m.•7 views

CVE-2022-26332

Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field...

5.4CVSS5.5AI score0.00195EPSS

Exploits1References1

CNNVD•added 2024/05/03 12:0 a.m.•3 views

Unified Automation UaGateway 安全漏洞

Unified Automation UaGateway is a high performance wrapper/proxy from Unified Automation programmed in C++. A security vulnerability exists in Unified Automation UaGateway that stems from a specific flaw in the implementation of the AddServer method that allows an attacker to create a denial of...

5.8CVSS5.7AI score0.01045EPSS

Exploits0References3

Github Security Blog•added 2022/03/02 12:0 a.m.•23 views

Cross-site Scripting in Cipi

Cipi 3.1.15 allows Add Server stored cross-site scripting via the /api/servers name field...

5.4CVSS3.3AI score0.00195EPSS

Exploits1References4Affected Software1

OSV•added 2022/03/02 12:0 a.m.•20 views

GHSA-VPMW-77VM-4MJG Cross-site Scripting in Cipi

Cipi 3.1.15 allows Add Server stored cross-site scripting via the /api/servers name field...

5.4CVSS5.2AI score0.00195EPSS

Exploits1References4

GitLab Advisory Database•added 2022/03/02 12:0 a.m.•22 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field...

5.4CVSS3.2AI score0.00195EPSS

Exploits1References4Affected Software1

OSV•added 2022/03/01 1:15 a.m.•11 views

CVE-2022-26332

Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field...

5.4CVSS5.2AI score

Exploits0References2

NVD•added 2022/03/01 1:15 a.m.•9 views

CVE-2022-26332

Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field...

5.4CVSS0.00195EPSS

Exploits1References2

Prion•added 2022/03/01 1:15 a.m.•4 views

Cross site scripting

Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field...

3.5CVSS5.1AI score0.00195EPSS

Exploits1References2Affected Software1

CVE•added 2022/03/01 12:46 a.m.•105 views

CVE-2022-26332

CVE-2022-26332 affects Cipi 3.1.15 and enables stored XSS in the /api/servers name field. Multiple sources (NVD entry, Red Hat advisory, Veracode/GHSA, OSV, GITLAB file) confirm a stored XSS condition arising from unsafely accepted input for adding a server, enabling injection of arbitrary JavaSc...

5.4CVSS5.1AI score0.00195EPSS

Exploits1References2Affected Software1

CNVD•added 2018/12/06 12:0 a.m.•1 views

DomainMOD cross-site scripting vulnerability (CNVD-2019-07969)

DomainMOD is an open source application for managing your domain names and other Internet assets in a central location. A cross-site scripting vulnerability exists in DomainMOD versions 4.11.01 and earlier, which can be exploited by an attacker via the admin/dw/add-server.php DisplayName, HostNam...

4.8CVSS8.1AI score0.01183EPSS

Exploits5References1

OSV•added 2017/10/27 4:29 p.m.•0 views

UBUNTU-CVE-2017-15924

In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the addserver, buildconfig, and constructcommandline functions...

7.8CVSS5.8AI score0.00451EPSS

Exploits1References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by