CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Name of the Vulnerable Software and Affected Versions PAD CMS affected versions not specified Description PAD CMS is susceptible to Reflected Cross-Site Scripting XSS in the printing and save to PDF features. An attacker can create a specially crafted URL that, when opened by a user, leads to the...

10CVSS5.9AI score0.00868EPSS

Exploits0References4

CVE•added 2025/09/29 6:35 p.m.•8 views

CVE-2025-57875

CVE-2025-57875 affects Esri Portal for ArcGIS

4.8CVSS6.2AI score0.00028EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/09/24 7:34 p.m.•2 views

CVE-2025-59430

Mesh Connect JS SDK contains JS libraries for integrating with Mesh Connect. Prior to version 3.3.2, the lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. This is technically...

8.2CVSS7AI score0.00054EPSS

Exploits0References1

Positive Technologies•added 2025/09/22 12:0 a.m.•1 views

PT-2025-39033

Name of the Vulnerable Software and Affected Versions Mesh Connect JS SDK versions prior to 3.3.2 Description Mesh Connect JS SDK contains JS libraries for integrating with Mesh Connect. A lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrar...

8.2CVSS6.9AI score0.00054EPSS

Exploits0References10

Snyk•added 2025/09/18 1:2 p.m.•2 views

Prototype Pollution

Overview expr-eval-fork is a Mathematical expression evaluator fork with prototype pollution fix Affected versions of this package are vulnerable to Prototype Pollution via the evaluation process, which accesses global values by searching for item.value in expr.functions. An attacker can access...

9.8CVSS8.1AI score0.00056EPSS

Exploits1References2

OSV•added 2025/09/09 5:16 p.m.•0 views

CVE-2025-57538

A stored cross-site scripting XSS vulnerability in the HTTP Proxy field within the Datacenter configuration panel of Proxmox Virtual Environment PVE 8.4 allows an authenticated user to inject malicious input. The input is stored and executed in the context of other users' browsers when they view...

5.4CVSS5.7AI score

Exploits0References3

Cvelist•added 2025/09/09 12:0 a.m.•4 views

CVE-2025-57538

0.00085EPSS

Exploits1References3

RedhatCVE•added 2025/08/22 7:36 a.m.•3 views

CVE-2025-9225

Stored cross-site scripting XSS in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser...

5.5CVSS6.1AI score0.00076EPSS

Exploits0References1

CVE•added 2025/08/05 8:3 p.m.•14 views

CVE-2012-10032

Maxthon3 before version 3.3 is vulnerable to cross-context scripting (XCS) via the about:history page. The trusted zone may execute injected script content with privileged context, enabling modification of browser configuration and execution of arbitrary code through Maxthon’s exposed DOM APIs (e...

8.7CVSS6.1AI score0.67787EPSS

Exploits0References6

OSV•added 2025/08/01 6:31 p.m.•6 views

GHSA-MVJ3-HC7J-VP74 Microweber has Reflected XSS Vulnerability in the layout Parameter

Reflected Cross-Site Scripting XSS in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users...

6.1CVSS5.5AI score0.00218EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by