CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

RedhatCVE•added 2026/06/05 7:23 p.m.•6 views

CVE-2026-35451

Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting XSS vulnerability exists in the BlockNote editor component. Due to a lack of protocol validation in the FileBlock component and insufficient server-side inspection of block content, an attacker can inject a javascript: U...

5.7CVSS5.8AI score0.00244EPSS

Exploits0References1

NVD•added 2026/04/21 5:16 p.m.•7 views

CVE-2026-35451

5.7CVSS0.00244EPSS

Exploits0References2

EUVD•added 2026/04/21 4:22 p.m.•1 views

EUVD-2026-24161

5.7CVSS6.1AI score0.00244EPSS

Exploits0References2

ATTACKERKB•added 2026/04/21 4:22 p.m.•4 views

CVE-2026-35451

5.7CVSS6.1AI score0.00244EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/04/21 12:0 a.m.•13 views

PT-2026-34007

5.7CVSS6.1AI score0.00244EPSS

Exploits0References3

CNNVD•added 2026/04/21 12:0 a.m.•5 views

Twenty 跨站脚本漏洞

Twenty is an open-source CRM platform developed by Twenty. Versions of Twenty prior to 1.20.6 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient protocol validation and server-side checks in the BlockNote editor component, which could lead to storage-base...

5.7CVSS5.7AI score0.00244EPSS

Exploits0References1

CNNVD•added 2026/01/28 12:0 a.m.•11 views

OpenProject data falsification vulnerability

OpenProject is an open-source web-based project management software. In versions 17.0.0 to 17.0.2 of OpenProject, there was a data manipulation vulnerability. This vulnerability stemmed from the BlockNote editor extension not properly verifying work package IDs, allowing arbitrary GET requests to...

7.3CVSS5.9AI score0.00105EPSS

Exploits0References3