CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

53 matches found

Positive Technologies•added 2026/01/12 12:0 a.m.•1 views

PT-2026-2320

Name of the Vulnerable Software and Affected Versions Ollama versions 0.11.5-rc0 through 0.13.5 Description Ollama contains a flaw due to insufficient validation of base64-encoded image data. Specifically, when processing image data through the /api/chat endpoint, the application does not verify...

8.7CVSS6.8AI score0.0014EPSS

Exploits1References8

OSV•added 2025/12/03 5:15 p.m.•0 views

CVE-2025-20382

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.10, 10.0.2503.8, and 9.3.2411.120, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a views dashboard with a custom background using th...

5.4CVSS5.8AI score

Exploits0References1

CVE•added 2025/12/03 5:0 p.m.•4 views

CVE-2025-20382

CVE-2025-20382 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user (not admin/power role) can create a views dashboard with a custom background via the data:image/png;base64 protocol, potentially causing an unvalidated redirect. This bypasses the external URL warning mechan...

5.4CVSS6.3AI score0.00027EPSS

Exploits0References1Affected Software2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-27034

Malicious code in bioql PyPI...

8.7CVSS6.4AI score0.00639EPSS

Exploits0References2

OSV•added 2025/09/16 4:57 a.m.•1 views

MAL-2025-47317 Malicious code in html-to-base64-image (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 344ae7d30a0afbb65b792da96ef3c9756e42e9fc82a6204b5f9e1ab0ce925a4c Any computer that has this package installed or running should be considered fully compromised. All...

7.1AI score

Exploits0References6

Snyk•added 2025/09/15 7:39 a.m.•1 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

9.8CVSS7AI score

Exploits0References2

OSSF Malicious Packages•added 2025/08/14 6:52 p.m.•2 views

Malicious code in react-native-save-base64-image (npm)

The package react-native-save-base64-image was found to contain malicious code...

7AI score

Exploits0

OSV•added 2025/08/14 6:52 p.m.•1 views

MAL-2025-31828 Malicious code in react-native-save-base64-image (npm)

The package react-native-save-base64-image was found to contain malicious code...

7.2AI score

Exploits0

Positive Technologies•added 2025/01/26 12:0 a.m.•2 views

PT-2025-02: Access to files or directories to external paties in TCPDF

The vulnerability was identified in TCPDF, version 6.8.0. The discovered vulnerability allows an attacker to transmit a specially created HTML file containing an image in Base64 format. Using the specified payload, the attacker can access an arbitrary image outside of the directory. Vulnerability...

6.9CVSS7.1AI score

Exploits0

CNNVD•added 2024/03/17 12:0 a.m.•2 views

74CMS 安全漏洞

74CMS is an online recruitment system based on PHP and MySQL. A file upload vulnerability exists in version 3.28.0 of 74CMS, which stems from the lack of valid validation of the uploaded file by imgBase64, a parameter of the function sendCompanyLogo in file /controller/company/Index.php. The...

8.8CVSS7.8AI score0.19529EPSS

Exploits1References4

CNNVD•added 2023/12/29 12:0 a.m.•1 views

Sven gopeak masterlab code issue vulnerability

Sven gopeak masterlab is a Sven open source application. Provides simple and efficient , agile development based project management tools . Sven gopeak masterlab version 3.3.10 and earlier versions of the code problematic vulnerability , the vulnerability stems from app/ctrl/User.php...

9.8CVSS6.8AI score0.00165EPSS

Exploits0References4

OSV•added 2023/02/14 6:15 p.m.•0 views

CVE-2023-22932

In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting XSS through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0...

6.1CVSS6.4AI score

Exploits0References2

Huntr•added 2021/10/26 2:0 a.m.•12 views

in bookstackapp/bookstack

Description The image extension validation service for Base64 image extraction in new Bookstack version is flawed as it uses the vulnerable trim function. This allows attackers to upload malicious files with broken extension, such as pngr, and browsers will interpret broken extension hosted on th...

4CVSS1.3AI score0.00229EPSS

Exploits1

Openbugbounty•added 2020/10/06 10:49 a.m.•6 views

fgmarket.com Cross Site Scripting vulnerability OBB-1384852

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.3AI score

Exploits0

Openbugbounty•added 2020/09/20 12:44 p.m.•10 views

waterserver-takuhai.jp Cross Site Scripting vulnerability OBB-1349840

0.6AI score

Exploits0

Openbugbounty•added 2020/09/14 7:3 a.m.•10 views

movie4kk.unblocked2.icu Cross Site Scripting vulnerability OBB-1334138

0.6AI score

Exploits0

Openbugbounty•added 2020/09/13 11:8 a.m.•6 views

teixeira-bat-renovation.fr Cross Site Scripting vulnerability OBB-1332052