CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

RedhatCVE•added 2025/11/17 7:3 a.m.•12 views

CVE-2025-13185

A security flaw has been discovered in Bdtask/CodeCanyon News365 up to 7.0.3. This affects an unknown function of the file /admin/dashboard/profile. The manipulation of the argument profileimage/bannerimage results in unrestricted upload. The attack can be launched remotely. The exploit has been...

7.2CVSS6.5AI score0.00061EPSS

Exploits1References1

NVD•added 2025/11/14 9:15 p.m.•3 views

CVE-2025-13185

7.2CVSS0.00061EPSS

Exploits1References4

OSV•added 2025/11/14 9:15 p.m.•1 views

CVE-2025-13185

7.2CVSS5.5AI score

Exploits0References4

EUVD•added 2025/11/14 9:2 p.m.•4 views

EUVD-2025-197658

5.8CVSS6.2AI score0.00061EPSS

Exploits1References5

CNNVD•added 2025/11/14 12:0 a.m.•1 views

Bdtask News365 代码问题漏洞

Bdtask News365 is a web magazine software from Bdtask Bangladesh. A code issue vulnerability exists in Bdtask News365 7.0.3 and earlier versions, which stems from incorrect manipulation of the parameters profileimage/bannerimage in the file /admin/dashboard/profile, which may result in unlimited...

7.2CVSS5AI score0.00061EPSS

Exploits1References4

CNNVD•added 2025/10/08 12:0 a.m.•3 views

OPEXUS FOIAXpress 安全漏洞

OPEXUS FOIAXpress is an information disclosure management software from OPEXUS Corporation. A security vulnerability exists in OPEXUS FOIAXpress prior to version 11.13.3.0 that originates from an administrator user being able to inject JavaScript or other content into the Annual Report Corporate...

4.8CVSS5.6AI score0.0003EPSS

Exploits0References3

Vulnrichment•added 2025/10/07 11:13 p.m.•2 views

CVE-2025-61997 OPEXUS FOIAXpress stored XSS via banner image

OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Enterprise Banner image upload field. Injected content is executed in the context of other users when they generate an Annual Report. Successful exploitation allows the...

4.8CVSS6.5AI score0.0003EPSS

Exploits0References3

CVE•added 2025/10/07 11:13 p.m.•8 views

CVE-2025-61997

CVE-2025-61997 : OPEXUS FOIAXpress versions before 11.13.3.0 are affected by a stored XSS via the Annual Report Banner image/upload field. An administrative user can inject JavaScript or content that is executed in the context of other users when they generate an Annual Report, enabling actions o...

4.8CVSS6.5AI score0.0003EPSS

Exploits0References3Affected Software1

Cvelist•added 2025/10/07 11:13 p.m.•7 views

CVE-2025-61997 OPEXUS FOIAXpress stored XSS via banner image

4.8CVSS0.0003EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2016-10260

Malware in sbrugna...

5.4CVSS6AI score0.00317EPSS

Exploits0References5

RedhatCVE•added 2025/05/22 11:25 p.m.•2 views

CVE-2022-3992

A vulnerability classified as problematic was found in SourceCodester Sanitization Management System. Affected by this vulnerability is an unknown functionality of the file admin/?page=systeminfo of the component Banner Image Handler. The manipulation leads to cross site scripting. The attack can...

6.1CVSS5.6AI score0.00218EPSS

Exploits0References1

NVD•added 2022/11/14 5:15 p.m.•14 views

CVE-2022-3992

6.1CVSS0.00218EPSS

Exploits0References1

Positive Technologies•added 2022/11/14 12:0 a.m.•4 views

PT-2022-25114 · Sourcecodester · Sourcecodester Sanitization Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Sanitization Management System affected versions not specified Description: A problematic vulnerability was found in the SourceCodester Sanitization Management System, affecting an unknown functionality of the file...

6.1CVSS6AI score0.00218EPSS

Exploits0References2

Cvelist•added 2022/11/14 12:0 a.m.•14 views

CVE-2022-3992 SourceCodester Sanitization Management System Banner Image cross site scripting

2.4CVSS6.2AI score0.00218EPSS

Exploits0References1

CVE•added 2022/11/14 12:0 a.m.•44 views

CVE-2022-3992

CVE-2022-3992 affects SourceCodester Sanitization Management System. The vulnerability is in an unknown functionality of the file admin/?page=system_info within the Banner Image Handler, enabling cross-site scripting. Attacks can be launched remotely; CVSS scores in the sources range from 6.1 (NV...

6.1CVSS4.8AI score0.00218EPSS

Exploits0References1Affected Software1

Exploit DB•added 2021/01/25 12:0 a.m.•407 views

MyBB Timeline Plugin 1.0 - Persistent Cross-Site Scripting

Exploit Title: MyBB Timeline Plugin 1.0 - Cross-Site Scripting / CSRF Date: 1/21/2021 Author: 0xB9 Software Link: https://community.mybb.com/mods.php?action=view&pid=1428 Version: 1.0 Tested on: Windows 10 1. Description: MyBB Timeline replaces the default MyBB user profile. This introduces...

7.4AI score

Exploits0

CNVD•added 2017/06/08 12:0 a.m.•2 views

Two File Upload Vulnerabilities Exist in Website Builder Star Backend

Ltd., is a cloud computing-based Internet application service provider. There are file upload vulnerabilities in the background of sitestar 1 banner scroll bar edit-select single image upload and 2 product management in the background-edit more image upload. Allow attackers to upload webshell and...

7.3AI score

Exploits0

OSV•added 2017/03/28 2:59 a.m.•11 views

CVE-2016-9454

Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted non-admin account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages...

5.4CVSS6AI score

Exploits0References3

NVD•added 2017/03/28 2:59 a.m.•9 views

CVE-2016-9454

5.4CVSS5.3AI score0.00317EPSS

Exploits0References3

Cvelist•added 2017/03/28 2:46 a.m.•17 views

CVE-2016-9454

5.7AI score0.00317EPSS

Exploits0References3

Rows per page