CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

116 matches found

CVE•added 2026/05/20 7:35 p.m.•8 views

CVE-2026-9139

The CVE-2026-9139 entry covers Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8, where the embedded web configuration interface authenticates purely via client-side JavaScript in login.zhtml, exposing static plaintext credentials within the page source. Unauthenticated attackers with network ...

9.8CVSS5.8AI score0.00156EPSS

Exploits0References2

Github Security Blog•added 2026/05/05 6:28 p.m.•3 views

@tdurieux/anonymous_github Vulnerable to XSS via Unsanitized GitHub Repository Content Rendering in Anonymous GitHub Origin

Summary Anonymous GitHub fetches repository content e.g., markdown files from GitHub's API and renders it without sanitization. On the client side, markdown is parsed with marked with sanitize: false and injected into the DOM via $sce.trustAsHtml + ng-bind-html, bypassing AngularJS's built-in XSS...

6AI score

Exploits0References2Affected Software1

Tenable Nessus•added 2026/02/05 12:0 a.m.•12 views

RHEL 9 : freerdp (RHSA-2026:2048)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2048 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to R...

9.8CVSS6.4AI score0.00225EPSS

Exploits7References16

Cvelist•added 2026/02/01 12:15 p.m.•28 views

CVE-2022-50942 Incinga Web 2.8.2 Client-Side Cross-Site Scripting via EventListener

Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the EventListener.handleEvent method to execute arbitrary scripts, potentially leading to session hijacki...

5.4CVSS0.00059EPSS

Exploits0References4

Vulnrichment•added 2026/01/16 12:0 a.m.•1 views

CVE-2025-62291

In the eap-mschapv2 plugin client-side in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow...

8.1CVSS6.8AI score0.00016EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 9:33 a.m.•3 views

CVE-2024-39334

MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. When a victim opens the details of this transaction in the client, files can be written to the computer on which the client process is running. The server process is not affected...

6.5CVSS6.9AI score0.0012EPSS

Exploits0References1

CNNVD•added 2026/01/08 12:0 a.m.•1 views

Asseco InfoMedica 安全漏洞

Asseco InfoMedica is a comprehensive healthcare information management system from Asseco Poland. A security vulnerability exists in Asseco InfoMedica version 4.50.1 and prior to version 5.38.0, which stems from a client-side algorithm that can decode stored passwords, potentially leading to...

5.9CVSS6.3AI score0.0003EPSS

Exploits0References1

Vulnrichment•added 2025/11/27 2:50 a.m.•2 views

CVE-2025-13762 Client-Side Denial of Service Condition in SWS Extension prior to version 2.2.30305

Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.This issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305...

4.8CVSS6.4AI score0.0004EPSS

Exploits0References2

RedhatCVE•added 2025/11/19 2:10 p.m.•1 views

CVE-2025-59113

Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. Only version 4.1 was tested and...

7.5CVSS6.6AI score0.00038EPSS

Exploits0References1

NVD•added 2025/11/18 3:16 p.m.•1 views

CVE-2025-59113

7.5CVSS0.00038EPSS

Exploits0References2

Vulnrichment•added 2025/11/18 12:0 a.m.•1 views

CVE-2025-63883

A DOM-based cross-site scripting vulnerability exists in electic-shop v1.0 Bhabishya-123/E-commerce. The site's client-side JavaScript reads attacker-controlled input for example, values derived from the URL or page fragment and inserts it into the DOM via unsafe sinks...

6AI score0.00013EPSS

Exploits1References1

OSV•added 2025/10/27 12:0 p.m.•1 views

UBUNTU-CVE-2025-62291

8.1CVSS6.1AI score0.00016EPSS

Exploits0References4

OSV•added 2025/10/21 7:21 p.m.•1 views

CVE-2025-56800

Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable...

5.1CVSS5.8AI score0.0008EPSS

Exploits2References2