CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

863 matches found

RedhatCVE•added 2026/01/09 8:35 a.m.•20 views

CVE-2024-34707

Nautobot is a Network Source of Truth and Network Automation Platform. A Nautobot user with admin privileges can modify the BANNERTOP, BANNERBOTTOM, and BANNERLOGIN configuration settings via the /admin/constance/config/ endpoint. Normally these settings are used to provide custom banner text at...

7.5CVSS6.2AI score0.00606EPSS

Exploits1References1

EUVD•added 2025/12/31 9:30 p.m.•3 views

EUVD-2025-206078

STVS ProVision 5.9.10 contains a cross-site scripting vulnerability in the 'files' POST parameter that allows authenticated attackers to inject arbitrary HTML code. Attackers can exploit the unvalidated input to execute malicious scripts within a user's browser session in the context of the...

5.4CVSS5.7AI score0.00182EPSS

Exploits1References8

Cvelist•added 2025/12/19 8:5 p.m.•23 views

CVE-2025-67712 HTML injection issue in ArcGIS Web App Builder

There is an HTML injection issue in Esri ArcGIS Web AppBuilder developer edition versions prior to 2.30 that allows a remote, unauthenticated attacker to potentially entice a user to click a link that causes arbitrary HTML to render in a victim's browser. There is no evidence of JavaScript...

4.7CVSS0.00278EPSS

Exploits0References1

Drupal•added 2025/12/03 12:0 a.m.•8 views

Mini site - Moderately critical - Cross-Site Scripting - SA-CONTRIB-2025-117

This module allows uploading a zip file and extracting its content in the public file directory to serve this content from a Drupal website. These zip files may contain arbitrary HTML or SVG content that could allow cross-site scripting vulnerabilities. While this is an expected feature, the modu...

5.4CVSS5.5AI score0.00148EPSS

Exploits0References2

CVE•added 2025/11/07 3:11 a.m.•31 views

CVE-2025-64187

OctoPrint versions 1.11.3 and earlier are vulnerable to XSS through Action Command notifications and prompts. A crafted file can inject arbitrary HTML/JavaScript into printer popups and notifications, potentially disrupting prints or exposing sensitive information if the user has permission. The ...

4.6CVSS6.5AI score0.00131EPSS

Exploits0References2Affected Software1

CNVD•added 2025/10/17 12:0 a.m.•3 views

Centreon cross-site scripting vulnerability (CNVD-2025-24649)

Centreon is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. Centreon cross-site scripting vulnerability , the vulnerability stems from the lack of effective...

6.8CVSS6.5AI score0.00235EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2021-25553

Malware in sbrugna...

4.8CVSS5.2AI score0.00614EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2008-3836

Malware in sbrugna...

4.3CVSS6.4AI score0.01462EPSS

Exploits0References5