CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

106 matches found

RedhatCVE•added 2026/01/09 10:39 a.m.•3 views

CVE-2022-35554

Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side...

6.1CVSS6.6AI score0.0031EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 8:43 a.m.•6 views

CVE-2022-42967

Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled. This directly leads to client-side code execution...

9.6CVSS6AI score0.00385EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-18325

Malware in sbrugna...

6.1CVSS6.3AI score0.00509EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-2681

Malware in sbrugna...

6.1CVSS6.7AI score0.00449EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2023-51441

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00084EPSS

Exploits1References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-18995

Malicious code in bioql PyPI...

6.3CVSS6.3AI score0.00253EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-37369

Malicious code in bioql PyPI...

6.8CVSS6.4AI score0.00089EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-29559

Malicious code in bioql PyPI...

8.8CVSS6.5AI score0.03924EPSS

Exploits2References2

OSV•added 2025/06/26 4:54 p.m.•6 views

GHSA-XH32-CX6C-CP4V Gogs XSS allowed by stored call in PDF renderer

Summary A stored XSS is present in Gogs which allows client-side Javascript code execution. Details Gogs Version: docker images REPOSITORY TAG IMAGE ID CREATED SIZE gogs/gogs latest fe92583bc4fe 10 hours ago 99.3MB Application version: 0.14.0+dev Local setup using: bash Pull image from Docker Hub...

6.3CVSS9.2AI score0.00253EPSS

Exploits0References6

RedhatCVE•added 2025/06/26 4:17 a.m.•4 views

CVE-2025-47943

Gogs is an open source self-hosted Git service. In application version 0.14.0+dev and prior, there is a stored cross-site scripting XSS vulnerability present in Gogs, which allows client-side Javascript code execution. The vulnerability is caused by the usage of a vulnerable and outdated componen...

6.3CVSS6.1AI score0.00253EPSS

Exploits0References1

NVD•added 2025/06/24 4:15 a.m.•3 views

CVE-2025-47943

6.3CVSS0.00253EPSS

Exploits0References4

RedhatCVE•added 2025/05/22 7:46 p.m.•5 views

CVE-2021-32853

Erxes, an experience operating system XOS with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches...

9.6CVSS6.4AI score0.84524EPSS

Exploits1

Exploit DB•added 2025/03/19 12:0 a.m.•216 views

Loaded Commerce 6.6 - Client-Side Template Injection(CSTI)

Exploit Title: Loaded Commerce 6.6 Client-Side Template InjectionCSTI Date: 03/13/2025 Exploit Author: tmrswrr Vendor Homepage: https://loadedcommerce.com/ Version: 6.6 Tested on: https://www.softaculous.com/apps/ecommerce/LoadedCommerce Injecting 77 into the search parameter...

7.4AI score

Exploits0

OSV•added 2025/01/21 8:8 p.m.•4 views

GHSA-WPHC-5F2J-JHVG Unauthenticated DOM Based XSS in YesWiki

Unauthenticated DOM Based XSS in YesWiki ' . "\n"; if $nbtotal 1 $output .= t'TAGSTOTALNBPAGES', 'nbtotal' = $nbtotal; elseif $nbtotal == 1 $output .= t'TAGSONEPAGEFOUND'; else $output .= t'TAGSNOPAGE'; $output .= !empty$tabselectedtags ? ' ' . t'TAGSWITHKEYWORD' . ' ' . implode' '...

7.6CVSS7.3AI score0.00285EPSS

Exploits1References4

Github Security Blog•added 2025/01/21 8:8 p.m.•8 views

Unauthenticated DOM Based XSS in YesWiki

7.6CVSS6AI score0.00285EPSS

Exploits1References4Affected Software1

NVD•added 2023/06/19 6:15 p.m.•8 views

CVE-2023-34461

PyBB is an open source bulletin board. A manual code review of the PyBB bulletin board server has revealed that a vulnerability could have been exploited in which users could submit any type of HTML tag, and have said tag run. For example, a malicious that looks like xss could have been used to r...

5.4CVSS4.9AI score0.00119EPSS

Exploits0References2

NVD•added 2023/04/03 2:15 p.m.•17 views

CVE-2022-27665

Reflected XSS via AngularJS sandbox escape expressions exists in Progress Ipswitch WSFTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add fold...

6.1CVSS7AI score0.01096EPSS

Exploits1References3

OSV•added 2023/02/21 12:30 a.m.•14 views

GHSA-G9PH-R9HC-34R8 Erxes vulnerable to Cross-site Scripting

Erxes, an experience operating system XOS with a set of plugins, is vulnerable to cross-site scripting in all versions. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches...

6.1CVSS7.4AI score0.84524EPSS

Exploits1References5

Github Security Blog•added 2023/02/21 12:30 a.m.•20 views

Erxes vulnerable to Cross-site Scripting

9.6CVSS8.4AI score0.84524EPSS

Exploits1References5Affected Software1

OSV•added 2023/02/20 11:15 p.m.•20 views

CVE-2021-32853

9.6CVSS9AI score

Exploits0References3

Rows per page