CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1059 matches found

RedhatCVE•added 2025/02/05 12:20 a.m.•4 views

CVE-2024-31112

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Stephanie Leary Convert Post Types allows Reflected XSS.This issue affects Convert Post Types: from n/a through 1.4...

7.1CVSS8.6AI score0.00084EPSS

Exploits0References1

Virtuozzo•added 2025/01/20 12:0 a.m.•11 views

Virtuozzo Hybrid Server 7.5 Update 7 Hotfix 2 (7.5.7-167)

The Hotfix 2 for Virtuozzo Hybrid Server 7.5 Update 7 provides fixes for the c2v-convert tool. Vulnerability id: PSBM-159914 c2v-convert could fail if the container's template does not match the distribution installed in the container due to actions like Ubuntu's apt dist-upgrade or apt...

7.2AI score

Exploits0

BDU FSTEC•added 2025/01/20 12:0 a.m.•2 views

The vulnerability of the Convert-Online.php script (phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php) in the PhpSpreadsheet PHP library allows attackers to perform cross-site scripting attacks.

The vulnerability of the Convert-Online.php script phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php in the PhpSpreadsheet library is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site...

8.5CVSS5.2AI score0.01392EPSS

Exploits1References4Affected Software1

Snyk•added 2025/01/15 10:4 p.m.•4 views

Failure to Sanitize Paired Delimiters

Overview Affected versions of this package are vulnerable to Failure to Sanitize Paired Delimiters via the Authorization header, by sending a crafted request to the /convert endpoint. Note: This is only exploitable if the Homarus microservice is directly accessible from the Internet. Remediation...

9.8CVSS6.9AI score0.0438EPSS

Exploits0References3

Positive Technologies•added 2025/01/15 12:0 a.m.•2 views

PT-2025-7069

Name of the Vulnerable Software and Affected Versions: Crayfish versions prior to 4.1.0 Description: Remote code execution may be possible in web-accessible installations of Homarus in certain configurations. The exploit requires making a request against the Homarus's "/convert" endpoint. To redu...

9.8CVSS5.9AI score0.0438EPSS

Exploits0References13

Github Security Blog•added 2025/01/03 4:5 p.m.•16 views

PhpSpreadsheet allows unauthorized Reflected XSS in `Convert-Online.php` file

Unauthorized Reflected XSS in Convert-Online.php file Product: Phpspreadsheet Version: version 3.6.0 CWE-ID: CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CVSS vector v.3.1: 8.2 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N CVSS vector v.4.0: 8.3...

8.3CVSS5.7AI score0.01392EPSS

Exploits1References7Affected Software2

CVE•added 2025/01/03 4:5 p.m.•65 views

CVE-2024-56408

PhpSpreadsheet (PHP) has a cross-site scripting (XSS) vulnerability in the Convert-Online.php sample due to missing input sanitization. Affected versions are prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7; these versions lack sanitization in /vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-...

8.3CVSS6.1AI score0.01392EPSS

Exploits1References5Affected Software1

Cvelist•added 2025/01/03 4:5 p.m.•13 views

CVE-2024-56408 PhpSpreadsheet allows unauthorized reflected XSS in `Convert-Online.php` file

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have no sanitization in the /vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php file, which leads to the possibility of a cross-site scripting attack...

8.3CVSS0.01392EPSS

Exploits1References5

Vulnrichment•added 2025/01/03 4:5 p.m.•7 views

CVE-2024-56408 PhpSpreadsheet allows unauthorized reflected XSS in `Convert-Online.php` file

8.3CVSS6.1AI score0.01392EPSS

Exploits1References5

OSV•added 2024/12/24 6:43 p.m.•2 views

CLSA-2024-1735065830 Fix CVE(s): CVE-2024-11233

SECURITY UPDATE: Security vulnerability in package - debian/patches/CVE-2024-11233.patch: fix error in convert.quoted printable-decode filter certain data leading to buffer overread. Fix segfault with streams and invalid data. - CVE-2024-11233...

8.2CVSS6.3AI score0.00728EPSS

Exploits1References1

Positive Technologies•added 2024/12/23 12:0 a.m.•3 views

PT-2024-10179 · Phpoffice · Phpspreadsheet

Name of the Vulnerable Software and Affected Versions: PhpSpreadsheet versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 Description: The issue is related to the lack of sanitization in the /vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php file, which can lead to a cross-site...

8.3CVSS5.9AI score0.01392EPSS

Exploits1References18

OSV•added 2024/12/11 9:23 a.m.•2 views

CLSA-2024-1733908995 php: Fix of CVE-2024-11233

CVE-2024-11233: Fix buffer overflow vulnerability in convert.quoted-printable-decode filter; fix bug 74267...

8.2CVSS6.3AI score0.00728EPSS

Exploits1References1

CNNVD•added 2024/12/11 12:0 a.m.•1 views

GStreamer 缓冲区错误漏洞

GStreamer is the GStreamer open source set of frameworks for processing streaming media. A buffer error vulnerability exists in GStreamer versions prior to 1.24.10, which stems from an out-of-bounds write vulnerability found in the converttos3341a function in isomp4/qtdemux.c. The vulnerability i...

9.8CVSS9.5AI score0.00442EPSS

Exploits0References5