CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3319 matches found

RedHat Linux•added 2025/05/06 7:45 a.m.•3 views

thunderbird: Leak of hashed Window credentials via crafted attachment URL

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to...

6.3CVSS6.6AI score0.001EPSS

Exploits0References7

Veracode•added 2025/05/06 3:6 a.m.•9 views

Cross-site Scripting (XSS)

n8n is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper MIME type handling in the attachments view endpoint, allowing malicious files to be interpreted as HTML and executed in the browser...

5.4CVSS6.2AI score0.00599EPSS

Exploits0References6Affected Software2

CNNVD•added 2025/05/01 12:0 a.m.•1 views

Sematell ReplyOne 安全漏洞

Sematell ReplyOne is an artificial intelligence-based reply management software from Sematell. A security vulnerability exists in Sematell ReplyOne version 7.4.3.0 that stems from the presence of cross-site scripting via ReplyDesk email attachment names...

6.1CVSS6.2AI score0.00181EPSS

Exploits1References1

Cvelist•added 2025/04/30 6:27 p.m.•19 views

CVE-2025-46554 XWiki missing authorization when accessing the wiki level attachments list and metadata via REST API

XWiki is a generic wiki platform. In versions starting from 1.8.1 to before 14.10.22, from 15.0-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.7.0, anyone can access the metadata of any attachment in the wiki using the wiki attachment REST endpoint...

5.3CVSS0.00067EPSS

Exploits1References5

Vulnrichment•added 2025/04/29 4:35 a.m.•9 views

CVE-2025-46343 n8n Vulnerable to Stored XSS through Attachments View Endpoint

n8n is a workflow automation platform. Prior to version 1.90.0, n8n is vulnerable to stored cross-site scripting XSS through the attachments view endpoint. n8n workflows can store and serve binary files, which are accessible to authenticated users. However, there is no restriction on the MIME typ...

5CVSS4.7AI score0.00599EPSS

Exploits0References4

Cvelist•added 2025/04/29 4:35 a.m.•19 views

CVE-2025-46343 n8n Vulnerable to Stored XSS through Attachments View Endpoint

5CVSS0.00599EPSS

Exploits0References4

OSV•added 2025/04/29 4:35 a.m.•7 views

CVE-2025-46343 n8n Vulnerable to Stored XSS through Attachments View Endpoint

5CVSS5.3AI score0.00599EPSS

Exploits0References6

IBM Security Bulletins•added 2025/04/29 2:26 a.m.•96 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-39077 DESCRIPTION: IBM Security Guardium stores user credentials in plain clear text which can be read by a local privileged user. CVSS Base score: 4.4 CVSS Temporal Score: See:...

10CVSS10AI score0.15391EPSS

Exploits3Affected Software1

Hacker One•added 2025/04/25 7:8 a.m.•9 views

Nextcloud: Calendar attachments of local files are offered to downloaded

A security vulnerability in calendar attachments of local files was discovered, where users were offered to download the attachments...

5.7CVSS6.6AI score0.00024EPSS

Exploits0

SUSE CVE•added 2025/04/20 11:25 p.m.•1 views

SUSE CVE-2017-2645

In Moodle 3.x, XSS can occur via attachments to evidence of prior learning...

6.1CVSS6.4AI score0.00285EPSS

Exploits0References3

RedhatCVE•added 2025/04/17 4:8 p.m.•6 views

CVE-2025-3523

When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from...

6.4CVSS6.5AI score0.00106EPSS

Exploits0References6

SUSE CVE•added 2025/04/17 1:35 a.m.•1 views

SUSE CVE-2025-3523

6.4CVSS6.6AI score0.00106EPSS

Exploits0References8

NVD•added 2025/04/15 3:16 p.m.•7 views

CVE-2025-3523

6.4CVSS0.00106EPSS

Exploits0References3

OSV•added 2025/04/15 3:16 p.m.•5 views

CVE-2025-3523

6.4CVSS6.8AI score

Exploits0References3

OSV•added 2025/04/15 3:16 p.m.•11 views

CVE-2025-3522

Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validate...

6.3CVSS6.9AI score

Exploits0References3

AlpineLinux•added 2025/04/15 3:16 p.m.•1 views

CVE-2025-3523

6.4CVSS7AI score0.00106EPSS

Exploits0References3

OSV•added 2025/04/15 3:16 p.m.•0 views

UBUNTU-CVE-2025-3523

6.4CVSS6.6AI score0.00106EPSS

Exploits0References7

CVE•added 2025/04/15 3:6 p.m.•108 views

CVE-2025-3523

Vulnerability in Thunderbird where the X-Mozilla-External-Attachment-URL header is processed such that only the last external link is shown on hover for multi-attachment messages. The hover text can mislead users into downloading content from untrusted sources, while the correct link is used on c...

6.4CVSS6.6AI score0.00106EPSS

Exploits0References3Affected Software1