CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

EUVD•added 2026/05/28 8:45 p.m.•9 views

EUVD-2026-33055

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains a stored cross-site scripting vulnerability that allows a low-privilege user to execute arbitrary JavaScript in an administrator's browser session. This affects instances configured with SSO/OAuth...

8.5CVSS5.9AI score0.00096EPSS

Exploits0References1

CNNVD•added 2026/05/28 12:0 a.m.•4 views

LinkAce 跨站脚本漏洞

LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce prior to 2.5.6 had a cross-site scripting vulnerability. This vulnerability stemmed from a storage-based cross-site scripting flaw. Low-privilege users could se...

8.5CVSS5.7AI score0.00096EPSS

Exploits0References2

Vulnrichment•added 2026/05/15 6:36 p.m.•4 views

CVE-2021-47967 PHP Timeclock 1.04 Multiple Cross-Site Scripting via Parameters

PHP Timeclock 1.04 contains multiple cross-site scripting vulnerabilities that allow unauthenticated attackers to inject arbitrary JavaScript by manipulating URL paths and POST parameters. Attackers can append malicious payloads to login.php, timeclock.php, audit.php, and timerpt.php endpoints, o...

6.1CVSS5.9AI score0.00095EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-4924

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00313EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-44564

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00256EPSS

Exploits0References1

RedhatCVE•added 2025/09/20 8:29 p.m.•5 views

CVE-2025-59424

LinkAce is a self-hosted archive to collect website links. Prior to 2.3.1, a Stored Cross-Site Scripting XSS vulnerability has been identified on the /system/audit page. The application fails to properly sanitize the username field before it is rendered in the audit log. An authenticated attacker...

7.3CVSS5AI score0.00074EPSS

Exploits1References1

NVD•added 2025/09/18 8:15 p.m.•2 views

CVE-2025-59424

7.3CVSS0.00074EPSS

Exploits1References2

Cvelist•added 2025/09/18 7:53 p.m.•6 views

CVE-2025-59424 LinkAce Vulnerable to Stored XSS on the Audit Page

7.3CVSS0.00074EPSS

Exploits1References2

OSV•added 2025/09/18 7:53 p.m.•3 views

CVE-2025-59424 LinkAce Vulnerable to Stored XSS on the Audit Page

7.3CVSS5.1AI score0.00074EPSS

Exploits1References4

Vulnrichment•added 2025/09/18 7:53 p.m.•3 views

CVE-2025-59424 LinkAce Vulnerable to Stored XSS on the Audit Page

7.3CVSS4.8AI score0.00074EPSS

Exploits1References2

RedhatCVE•added 2025/05/23 7:56 a.m.•3 views

CVE-2024-4456

In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page...

5.4CVSS6.3AI score0.00256EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 11:14 p.m.•3 views

CVE-2022-38617

SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:jid97 parameter at /SVFE2/pages/audit/voiceaudit.jsf...

8.8CVSS7.3AI score0.00307EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 4:11 p.m.•4 views

CVE-2020-11823

In Dolibarr 10.0.6, if USERLOGINFAILED is active, there is a stored XSS vulnerability on the admin tools -- audit page. This may lead to stealing of the admin account...

5.4CVSS5.7AI score0.00313EPSS

Exploits1References1

OSV•added 2025/04/03 2:4 p.m.•3 views

BIT-DOLIBARR-2020-11823

In Dolibarr 10.0.6, if USERLOGINFAILED is active, there is a stored XSS vulnerability on the admin tools -- audit page. This may lead to stealing of the admin account...

5.4CVSS5.4AI score0.00313EPSS

Exploits1References2

NVD•added 2024/05/08 1:15 a.m.•9 views

CVE-2024-4456

In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page...

5.4CVSS4.2AI score0.00256EPSS

Exploits0References1

OSV•added 2024/05/08 1:15 a.m.•2 views

CVE-2024-4456

In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page...

5.4CVSS5.8AI score0.00256EPSS

Exploits0References1

Cvelist•added 2024/05/08 12:46 a.m.•19 views

CVE-2024-4456

In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page...

4.1CVSS4.6AI score0.00256EPSS

Exploits0References1

Vulnrichment•added 2024/05/08 12:46 a.m.•8 views

CVE-2024-4456

In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page...

4.1CVSS6.3AI score0.00256EPSS

Exploits0References1

Positive Technologies•added 2024/05/08 12:0 a.m.•2 views

PT-2024-31182 · Unknown · Octopus Server

Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The issue allows an attacker to embed a Cross-Site Scripting payload on the audit page in affected versions of Octopus Server, given certain access levels. Recommendations: At the...

5.4CVSS5.8AI score0.00256EPSS

Exploits0References5

CNNVD•added 2024/05/08 12:0 a.m.•1 views

Octopus Server 安全漏洞

Octopus Server is an automated deployment platform. A security vulnerability exists in Octopus Server that stems from the presence of a cross-site scripting XSS vulnerability that could embed a cross-site scripting payload on an audit page. The affected versions are as follows: versions 3.xx, 4.x...

5.4CVSS5.6AI score0.00256EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by