CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/04/27 3:11 p.m.•19 views

CVE-2026-41467 ProjeQtor < 12.4.4 Stored XSS via checkValidFileName()

ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the file upload functionality where the checkValidFileName function fails to restrict HTML and HTM file uploads. Authenticated attackers can upload HTML files containing arbitrary JavaScript through the...

5.4CVSS0.00036EPSS

Exploits0References4

Vulnrichment•added 2026/04/27 3:11 p.m.•1 views

CVE-2026-41467 ProjeQtor < 12.4.4 Stored XSS via checkValidFileName()

5.4CVSS5.1AI score0.00036EPSS

Exploits0References4

Vulnrichment•added 2026/04/27 2:21 p.m.•1 views

CVE-2026-40514 SmarterTools SmarterMail < Build 9610 Cryptographic Weakness via Weak RNG

SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000...

8.2CVSS5.5AI score0.00035EPSS

Cvelist•added 2026/04/27 2:21 p.m.•29 views

CVE-2026-40514 SmarterTools SmarterMail < Build 9610 Cryptographic Weakness via Weak RNG

8.2CVSS0.00035EPSS

Positive Technologies•added 2026/04/27 12:0 a.m.•1 views

PT-2026-35434

8.2CVSS5.5AI score0.00035EPSS

Vulnrichment•added 2026/04/13 8:32 p.m.•1 views

CVE-2026-33659 EspoCRM: SSRF via DNS Rebinding in Attachment fromImageUrl Endpoint Allows Internal Network Access

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Attachment/fromImageUrl endpoint is vulnerable to Server-Side Request Forgery SSRF via a DNS rebinding TOCTOU condition. Host validation uses dnsgetrecord but the actual HTTP...

3.5CVSS6.4AI score0.00057EPSS

Exploits1References3

NVD•added 2026/03/19 12:16 a.m.•2 views

CVE-2026-32255

Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...

8.6CVSS0.00062EPSS

CNNVD•added 2026/03/19 12:0 a.m.•3 views

kan 代码问题漏洞

Kan is an open-source project management tool developed by kanbn. Versions of Kan 0.5.4 and earlier contained code vulnerabilities. These vulnerabilities stemmed from the lack of authentication and URL validation in the/api/download/attatchment endpoint, allowing unauthenticated attackers to send...

8.6CVSS5.9AI score0.00062EPSS

CVE•added 2026/03/18 11:11 p.m.•16 views

CVE-2026-32255

Kan is vulnerable to unauthenticated SSRF via /api/download/attatchment in versions 0.5.4 and earlier. The endpoint accepts a user-supplied URL query parameter, passes it server-side to fetch(), and returns the full response body without authentication or URL validation. An unauthenticated attack...

8.6CVSS5.8AI score0.00062EPSS

Exploits0References3Affected Software1

Hacker One•added 2026/03/09 1:57 p.m.•8 views

Nextcloud: Stored XSS in attachment-display exploitable through SameSite

A stored XSS vulnerability was discovered in the attachment-display feature of Roundcube. By uploading an HTML file and opening it through the display-attachment endpoint, the embedded script could execute under the Roundcube origin. The issue was caused by the lack of a restrictive Content...

5.8AI score

Exploits0

CNNVD•added 2026/02/04 12:0 a.m.•2 views

Group Office 操作系统命令注入漏洞

Group Office is a modular office suite developed by the Dutch company Group Office. Versions of Group Office prior to 6.8.150, 25.0.82, and 26.0.5 contained an operating system command injection vulnerability. This vulnerability stemmed from improper parameter concatenation in the...

9.4CVSS5.8AI score0.23825EPSS

Exploits2References2

CVE•added 2025/12/17 6:36 a.m.•7 views

CVE-2025-13750

Technical details for CVE-2025-13750 are not publicly available in the provided documents. Monitor for updates from official advisories to confirm affected versions, impact, and remediation.

4.3CVSS4.9AI score0.00036EPSS

RedhatCVE•added 2025/12/10 6:13 p.m.•3 views

CVE-2025-41066

Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated attacker to determine the existence of valid accounts on the system. To exploit the vulnerability, an HTTP request must be sent to ‘/imp/attachment.php’ including the parameters ‘id’ and ‘u’. If the...

6.9CVSS6.9AI score0.0005EPSS

EUVD•added 2025/12/02 3:30 p.m.•3 views

EUVD-2025-200240

6.9CVSS6.4AI score0.0005EPSS

OSV•added 2025/12/02 2:16 p.m.•5 views

DEBIAN-CVE-2025-41066

5.3CVSS5.4AI score0.0005EPSS

OSV•added 2025/12/02 2:16 p.m.•3 views

CVE-2025-41066

5.3CVSS6.9AI score

OSV•added 2025/12/02 2:16 p.m.•2 views

UBUNTU-CVE-2025-41066

6.9CVSS5.8AI score0.0005EPSS

Debian CVE•added 2025/12/02 2:1 p.m.•4 views

CVE-2025-41066

6.9CVSS5.4AI score0.0005EPSS

Exploits0

NVD•added 2025/11/29 4:15 a.m.•3 views

CVE-2025-66290

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application’s recruitment attachment retrieval endpoint does not enforce the required authorization checks before serving candidate files. Even users restricted to ESS-level access, who have no...

5.3CVSS0.00033EPSS