CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3490 matches found

EUVD•added 2025/12/08 3:30 p.m.•5 views

EUVD-2025-201710

In affected versions, vulnerability-lookup handled user-controlled content in comments and bundles in an unsafe way, which could lead to stored Cross-Site Scripting XSS. On the backend, the relatedvulnerabilities field of bundles accepted arbitrary strings without format validation or proper...

8.3CVSS5.6AI score0.0005EPSS

Exploits0References2

NVD•added 2025/12/08 1:15 p.m.•3 views

CVE-2025-42620

8.3CVSS0.0005EPSS

Exploits0References1

Vulnrichment•added 2025/12/08 12:15 p.m.•3 views

CVE-2025-42620 CSRF vulnerability in CIRCL Vulnerability-Lookup

8.3CVSS5.7AI score0.0005EPSS

Exploits0References1

CVE•added 2025/12/08 12:15 p.m.•7 views

CVE-2025-42620

The CVE-2025-42620 issue affects Vulnerability-Lookup prior to 2.18.0. The root cause is unsafe handling of user-controlled content in comments and bundles: the backend’s related_vulnerabilities field accepts unvalidated strings, while the frontend converts Markdown to HTML and injects it into th...

8.3CVSS5.7AI score0.0005EPSS

Exploits0References1

Positive Technologies•added 2025/12/08 12:0 a.m.•3 views

PT-2025-49551

In affected versions, vulnerability-lookup handled user-controlled content in comments and bundles in an unsafe way, which could lead to stored Cross-Site Scripting XSS. On the backend, the related vulnerabilities field of bundles accepted arbitrary strings without format validation or proper...

8.3CVSS6.2AI score0.0005EPSS

Exploits0References2

RedhatCVE•added 2025/12/05 5:35 p.m.•2 views

CVE-2025-14012

A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing a manipulation can lead to sql injection. The attack can be launched remotel...

7.2CVSS4.9AI score0.00028EPSS

Exploits1References1

NVD•added 2025/12/04 6:15 p.m.•3 views

CVE-2025-14012

7.2CVSS0.00028EPSS

Exploits1References4

OSV•added 2025/12/04 6:15 p.m.•3 views

CVE-2025-14012

7.2CVSS4.9AI score

Exploits0References4

Cvelist•added 2025/12/04 5:32 p.m.•23 views

CVE-2025-14012 JIZHICMS Batch Delete Comments deleteAll.html delete sql injection

5.8CVSS0.00028EPSS

Exploits1References4

CVE•added 2025/12/04 5:32 p.m.•8 views

CVE-2025-14012

In JIZHICMS up to version 2.5.5, the Batch Delete Comments component exposes an SQL injection through the file /index.php/admins/Comment/deleteAll.html via the functions deleteAll, findAll, and delete. The issue is triggered by manipulated input and can be exploited remotely. Public exploit infor...

7.2CVSS4.9AI score0.00028EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2025/12/04 5:32 p.m.•3 views

CVE-2025-14012 JIZHICMS Batch Delete Comments deleteAll.html delete sql injection

5.8CVSS4.9AI score0.00028EPSS

Exploits1References4

Veracode•added 2025/12/04 6:2 a.m.•4 views

Cross-site Scripting (XSS)

com.liferay, com.liferay.mentions.web are vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in name-related text fields, which allows an attacker to inject malicious scripts that execute in various widgets or apps such as comments,...

5.4CVSS6.2AI score0.00031EPSS

Exploits0References5Affected Software1

Veracode•added 2025/12/04 4:53 a.m.•3 views

Cross-Site Request Forgery (CSRF)

com.liferay, com.liferay.change.tracking.web is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient request-validation mechanisms, which allows an attacker to trick users into unknowingly performing actions that add or edit publication comments...

5.1CVSS6.9AI score0.00007EPSS

Exploits0References6Affected Software1

Fedora•added 2025/12/04 12:53 a.m.•5 views

[SECURITY] Fedora 43 Update: python-ezdxf-1.4.3-3.fc43

This Python package is designed to facilitate the creation and manipulation of DXF documents, with compatibility across various DXF versions. It empowers users to seamlessly load and edit DXF files while preserving all content, except for comments. Any unfamiliar DXF tags encountered in the...

6.8AI score

Exploits0

CNNVD•added 2025/12/04 12:0 a.m.•2 views

JIZHICMS SQL注入漏洞

JIZHICMS Jizhi CMS is an open source content management system CMS from China Jizhi JIZHI. A SQL injection vulnerability exists in JIZHICMS 2.5.5 and earlier versions, which stems from incorrect operation of the component Batch Delete Comments in the file /index.php/admins/Comment/deleteAll.html,...

7.2CVSS5.6AI score0.00028EPSS

Exploits1References4

RedhatCVE•added 2025/12/02 12:19 a.m.•5 views

CVE-2025-63522

Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function...

4.6CVSS6.9AI score0.00029EPSS

Exploits1References1

Github Security Blog•added 2025/12/01 9:30 p.m.•7 views

Mattermost fails to validate user permissions when deleting comments in Boards

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to validate user permissions when deleting comments in Boards, which allows an authenticated user with the editor role to delete comments created by other users...

4.3CVSS6.8AI score0.00035EPSS

Exploits0References3Affected Software2

OSV•added 2025/12/01 9:30 p.m.•4 views

GHSA-P6GJ-JC38-X2M7 Mattermost fails to validate user permissions when deleting comments in Boards

4.3CVSS6.6AI score0.00035EPSS

Exploits0References3

EUVD•added 2025/12/01 9:30 p.m.•3 views

EUVD-2025-200087

4.3CVSS6.2AI score0.00035EPSS

Exploits0References2

OSV•added 2025/12/01 8:15 p.m.•6 views

CVE-2025-12756