CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3301 matches found

Cvelist•added 2024/11/11 7:6 a.m.•32 views

CVE-2024-11019 Grand Vice info Webopac7 - Reflected XSS

Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques...

6.1CVSS0.00324EPSS

Exploits0References2

Vulnrichment•added 2024/11/11 12:0 a.m.•13 views

CVE-2024-46962

The SYQ com.downloader.video.fast aka Master Video Downloader application through 2.0 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.video.fast.SpeedMainAct component...

7.6AI score0.00377EPSS

Exploits0References2

CNNVD•added 2024/11/11 12:0 a.m.•3 views

SYQ com.downloader.video.fast 安全漏洞

SYQ com.downloader.video.fast SYQ Master Video Downloader is a video downloader from SYQ Inc. A security vulnerability exists in SYQ com.downloader.video.fast Master Video Downloader version 2.0 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary JavaScript code...

9.1CVSS7.3AI score0.00377EPSS

Exploits0References1

CNNVD•added 2024/11/11 12:0 a.m.•2 views

DS Browsers allvideo.downloader.browser 安全漏洞

DS Browsers allvideo.downloader.browser DS Browsers Fast Video Downloader: Browser is a video downloader from DS Browsers. A security vulnerability exists in DS Browsers allvideo.downloader.browser Fast Video Downloader: Browser version 1.6-RC1 and earlier versions. An attacker can exploit this...

5.4CVSS7.3AI score0.00235EPSS

Exploits0References1

Positive Technologies•added 2024/11/11 12:0 a.m.•3 views

PT-2024-34350 · Axigen · Axigen Mail Server

Name of the Vulnerable Software and Affected Versions: Axigen Mail Server versions prior to 10.5.29 Description: The issue concerns persistent and reflected XSS vulnerabilities in the themeMode cookie and h URL parameter. This could allow attackers to execute arbitrary Javascript, potentially...

6.1CVSS7AI score0.00235EPSS

Exploits0References4

Positive Technologies•added 2024/11/11 12:0 a.m.•2 views

PT-2024-16710 · Grand Vice Info · Webopac

Name of the Vulnerable Software and Affected Versions: Webopac from Grand Vice info affected versions not specified Description: The issue is a Stored Cross-site Scripting vulnerability, allowing remote attackers with regular privileges to inject arbitrary JavaScript code into the server. When...

5.4CVSS6.5AI score0.00279EPSS

Exploits0References12

Positive Technologies•added 2024/11/07 12:0 a.m.•3 views

PT-2024-32302 · Winshot · Winshot

Name of the Vulnerable Software and Affected Versions: Inshot com.downloader.privatebrowser aka Video Downloader - XDownloader versions 1.3.5 and earlier Description: The issue allows an attacker to execute arbitrary JavaScript code via the com.downloader.privatebrowser.activity.PrivateMainActivi...

8.1CVSS7.3AI score0.00395EPSS

Exploits0References5

CNNVD•added 2024/11/07 12:0 a.m.•3 views

ASD Dev Video Player HD Video Downloader 安全漏洞

ASD Dev Video Player HD Video Downloader is a video downloader from ASD Dev Video Player, Inc. A security vulnerability exists in ASD Dev Video Player HD Video Downloader version 7.0.129 and earlier, which originates from a vulnerability that allows attackers to execute arbitrary JavaScript code...

8.8CVSS7.4AI score0.00449EPSS

Exploits0References1

CVE•added 2024/11/04 12:0 a.m.•58 views

CVE-2024-30618

CVE-2024-30618 is a Stored XSS in Chamilo LMS 1.11.26 triggered by a malicious payload in the content parameter of group_topics.php. Impact is to execute JavaScript in a victim’s browser (confidentiality/integrity) with network access and user interaction required. Root cause is insufficient inpu...

6.1CVSS6AI score0.00381EPSS

Exploits1References2Affected Software1

CNNVD•added 2024/11/04 12:0 a.m.•2 views

Chamilo LMS 安全漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS version 1.11.26, which stems...

6.1CVSS6.4AI score0.00381EPSS

Exploits1References2

NVD•added 2024/10/30 6:15 p.m.•12 views

CVE-2024-42041

The com.videodownload.browser.videodownloader aka AppTool-Browser-Video All Video Downloader application 20-30.05.24 for Android allows an attacker to execute arbitrary JavaScript code via the acr.browser.lightning.DefaultBrowserActivity component...

8.1CVSS0.00339EPSS

Exploits0References1

Cvelist•added 2024/10/30 12:0 a.m.•12 views

CVE-2024-31972

EnGenius ESR580 A8J-EMR5000 devices allow a remote attacker to conduct stored XSS attacks that could lead to arbitrary JavaScript code execution under the context of the user's session via the Wi-Fi SSID input fields. Web scripts embedded into the vulnerable fields this way are executed immediate...

0.00431EPSS

Exploits0References1

Cvelist•added 2024/10/30 12:0 a.m.•14 views

CVE-2024-42041

0.00339EPSS

Exploits0References1

CNNVD•added 2024/10/30 12:0 a.m.•2 views

EnGenius ESR580 安全漏洞

The EnGenius ESR580 is a series of wireless access points from EnGenius. A security vulnerability exists in the EnGenius ESR580 that originates from allowing remote attackers to conduct a stored cross-site scripting attack via the Wi-Fi SSID input field, which can lead to arbitrary JavaScript cod...

4.3CVSS6.6AI score0.00431EPSS

Exploits0References1

CNNVD•added 2024/10/30 12:0 a.m.•3 views

Video Downloader 安全漏洞

Video Downloader is a video downloading application. A security vulnerability exists in Video Downloader version 20-30.05.24. An attacker can exploit this vulnerability to execute arbitrary JavaScript code via the acr.browser.lightning.DefaultBrowserActivity component...

8.1CVSS7.4AI score0.00339EPSS

Exploits0References1

Vulnrichment•added 2024/10/30 12:0 a.m.•8 views

CVE-2024-42041

7.6AI score0.00339EPSS

Exploits0References1

Positive Technologies•added 2024/10/29 12:0 a.m.•2 views

PT-2024-31656

Name of the Vulnerable Software and Affected Versions: Apache NiFi versions 1.10.0 through 1.27.0 Apache NiFi versions 2.0.0-M1 through 2.0.0-M3 Description: The vulnerability allows an authenticated user, authorized to configure a Parameter Context, to enter arbitrary JavaScript code in the...

5.1CVSS5.8AI score0.00646EPSS

Exploits0References16

RedHat Linux•added 2024/10/28 12:58 a.m.•48 views

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

9.8CVSS7.6AI score0.0937EPSS

Exploits2References13

Github Security Blog•added 2024/10/24 6:13 p.m.•20 views

OpenRefine's error page lacks escaping, leading to potential Cross-site Scripting on import of malicious project

Summary The built-in "Something went wrong!" error page includes the exception message and exception traceback without escaping HTML tags, enabling injection into the page if an attacker can reliably produce an error with an attacker-influenced message. It appears that the only way to reach this...

6.1CVSS6.9AI score0.00487EPSS

Exploits1References5Affected Software1

Github Security Blog•added 2024/10/24 6:0 p.m.•26 views

OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand

Summary The export-rows command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to a malicious page that submits a form POST that contains embedded JavaScript code. This code would then ...

8.1CVSS7.4AI score0.00361EPSS

Exploits1References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by