CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2002-2308

Malware in sbrugna...

5CVSS6.4AI score0.004EPSS

AlpineLinux•added 2025/08/12 3:47 p.m.•3 views

CVE-2025-54800

Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...

7.1CVSS7AI score0.0005EPSS

Exploits0References2

Tenable Nessus•added 2023/06/29 12:0 a.m.•26 views

Schneider Electric Modicon Cross-site Scripting (CVE-2015-6462)

Reflected Cross-Site Scripting nonpersistent allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H,...

5.4CVSS5.7AI score0.00376EPSS

Exploits0References2

NVD•added 2021/06/07 10:15 p.m.•17 views

CVE-2021-32671

Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 our last beta before v1.0.0 and was not noticed or documented. This allowed for any user to type...

10CVSS0.00758EPSS

Prion•added 2021/06/07 10:15 p.m.•9 views

Design/Logic Flaw

4.3CVSS9.4AI score0.00758EPSS

Exploits0References3Affected Software1

OSV•added 2021/06/07 9:48 p.m.•26 views

GHSA-5QJQ-69W6-FG57 XSS vulnerability with translator

Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 our last beta before v1.0.0 and was not noticed or documented. This allowed for any user to type malicious HTML markup within certain user input field...

10CVSS9.4AI score0.00758EPSS

Github Security Blog•added 2021/06/07 9:48 p.m.•140 views

XSS vulnerability with translator

10CVSS0.00758EPSS

Exploits0References5Affected Software1

Cvelist•added 2021/06/07 9:25 p.m.•10 views

CVE-2021-32671 XSS vulnerability with translator

10CVSS9.6AI score0.00758EPSS

Packet Storm•added 2021/05/02 12:0 a.m.•239 views

GetSimple CMS Custom JS 0.1 CSRF / XSS / Code Execution

Exploit Title: GetSimple CMS Custom JS v0.1 - CSRF to XSS to RCE Exploit Author: Bobby Cooke boku & Abhishek Joshi Date: April 30th, 2021 Vendor Homepage: http://get-simple.info Software Link: http://get-simple.info/download/ & http://get-simple.info/extend/plugin/custom-js/1267/ Vendor: 4Enzo...

0.3AI score

OSV•added 2016/05/11 7:27 p.m.•6 views

MGASA-2016-0171 Updated squid packages fix security vulnerability

Due to incorrect data validation of intercepted HTTP Request messages Squid is vulnerable to clients bypassing the protection against CVE-2009-0801 related issues. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache...

8.6CVSS8.5AI score0.82841EPSS

Packet Storm•added 2011/11/10 12:0 a.m.•35 views

Drupal String Overrides Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vulnerability Report Reported to Vendor: March 16, 2011 15:25 EST Description of Vulnerability: - ----------------------------- Drupal http://drupal.org is a robust content management system CMS written in PHP and MySQL. The Drupal String Overrides...

7.4AI score

securityvulns•added 2011/02/01 12:0 a.m.•52 views

Drupal Custom Pagers Module XSS

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Description of Vulnerability: - ----------------------------- Drupal http://drupal.org is a robust content management system CMS written in PHP and MySQL. The Drupal Custom Pagers module http://drupal.org/project/custompagers "allows administrators to...

securityvulns•added 2011/02/01 12:0 a.m.•42 views

Drupal Panels 5.x-1.2 XSS Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Description of Vulnerability: - ----------------------------- Drupal http://drupal.org is a robust content management system CMS written in PHP and MySQL. The Drupal Panels module http://drupal.org/project/panels "allows a site administrator to create...

0.2AI score

Cvelist•added 2007/10/26 7:0 p.m.•13 views

CVE-2002-2330

Cross-site scripting XSS vulnerability in stat.pl in StatsPlus 1.25 allows remote attackers to inject arbitrary web script or HTML via 1 HTTPUSERAGENT or 2 HTTPREFERER, which is written to stats.html and executed in client browsers...

5.8AI score0.004EPSS

securityvulns•added 2003/05/28 12:0 a.m.•29 views

S21SEC-023 - Vignette multiple Cross Site Scripting vulnerabilities

ID: S21SEC-023-en Title: Multiple Cross Site Scripting vulnerabilities in Vignette Date: 03/04/2003 Status: Vendor contacted and solution available Scope: HTML code Execution in client browsers Platforms: All Author: rpinuaga Location: http://www.s21sec.com/es/avisos/s21sec-023-en.txt Release:...

0.9AI score

NVD•added 2002/12/31 5:0 a.m.•10 views

CVE-2002-2060

Buffer overflow in Links 2.0 pre4 allows remote attackers to crash client browsers and possibly execute arbitrary code via gamma tables in large 16-bit PNG images...

7.5CVSS7.9AI score0.05761EPSS