CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

OSV•added 2026/01/13 11:15 p.m.•1 views

CVE-2022-50908

Mailhog 1.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through email attachments. Attackers can send crafted emails with XSS payloads to execute arbitrary API calls, including message deletion and browser manipulation...

7.2CVSS5.9AI score0.00055EPSS

Exploits0References4

CVE•added 2026/01/13 10:51 p.m.•8 views

CVE-2022-50908

MailHog 1.0.1 is affected by a stored XSS vulnerability in attachments that allows execution of arbitrary API calls (e.g., message deletion, browser manipulation) when a crafted email is processed. Technical details from multiple sources indicate the issue stems from improper handling of attachme...

7.2CVSS5.6AI score0.00055EPSS

Exploits0References4

CNNVD•added 2026/01/13 12:0 a.m.•6 views

MailHog 跨站脚本漏洞

MailHog is MailHog open source a SMTP protocol testing tool . Mailhog version 1.0.1 suffers from a cross-site scripting vulnerability that stems from stored cross-site scripting , which could lead to an attacker injecting malicious scripts and executing arbitrary API calls via email attachments...

7.2CVSS5.8AI score0.00055EPSS

Exploits0References5

Veracode•added 2025/12/13 4:46 a.m.•3 views

Cross-Site Request Forgery (CSRF)

Liferay Portal is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper validation of requests in the Headless API endpoint parameter, which allows a remote attacker to execute arbitrary Headless API calls by crafting a malicious request...

7CVSS6.1AI score0.00023EPSS

Exploits0References3Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2012-4430

Malware in sbrugna...

10CVSS6.6AI score0.02729EPSS

Exploits0References4

RedhatCVE•added 2025/05/22 2:33 a.m.•6 views

CVE-2012-4501

Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs...

10CVSS7.2AI score0.02729EPSS

Exploits0References1

RedhatCVE•added 2023/03/01 6:30 p.m.•36 views

CVE-2023-0507

A flaw was found in the GeoMap Grafana plugin, where a user can store unsanitized HTML in the GeoMap plugin under the Attribution text field, and the client will process it. The vulnerability makes it possible to use XHR to make arbitrary API calls on behalf of the attacked user. This means that ...

7.3CVSS5.6AI score0.60579EPSS

Exploits0References4