CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

33 matches found

GithubExploit•added 2 days ago•49 views

Exploit for Prototype Pollution in Cure53 Dompurify

No d...

9.8CVSS7.1AI score0.02592EPSS

Exploits2

Positive Technologies•added 2025/04/11 12:0 a.m.•1 views

PT-2025-16150 · Crates.Io · Surrealdb

SurrealDB allows authenticated users with OWNER or EDITOR permissions at the root, database or namespace levels to define their own database functions using the DEFINE FUNCTION statement A custom database function comprises a name together with a function body. In the function body, the user...

7.1CVSS7.5AI score

Exploits0References4

OSV•added 2024/11/18 8:3 p.m.•2 views

GHSA-JP37-5QHW-MFFW Sharks has a Bias of Polynomial Coefficients in Secret Sharing

Affected versions of this crate allowed for a bias when generating random polynomials for Shamir Secret Sharing, where instead of being within the range 0, 255 they were instead in the range 1, 255. A description from Cure53, who originally found the issue, is available: The correct method to...

6CVSS5.7AI score

Exploits0References3

Github Security Blog•added 2024/11/18 8:3 p.m.•9 views

Sharks has a Bias of Polynomial Coefficients in Secret Sharing

7AI score

Exploits0References3Affected Software1

OSV•added 2024/11/16 12:0 p.m.•3 views

RUSTSEC-2024-0398 Bias of Polynomial Coefficients in Secret Sharing

7AI score

Exploits0References3

Github Security Blog•added 2024/08/16 6:45 p.m.•27 views

Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API

Impact Due to ReferenceGrant changes not being immediately propagated in Cilium's GatewayAPI controller, Gateway resources are able to access secrets in other namespaces after the associated ReferenceGrant has been revoked. This can lead to Gateways continuing to establish sessions using secrets...

7.2CVSS6.7AI score0.00243EPSS

Exploits0References7Affected Software1

Github Security Blog•added 2024/03/28 5:27 p.m.•23 views

Cilium has insecure IPsec transport encryption

Impact Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to the following attacks by a man-in-the-middle attacker: - Chosen plaintext attacks - Key recovery attacks -...

8CVSS7AI score0.0003EPSS

Exploits0References8Affected Software1

Github Security Blog•added 2023/11/15 6:32 p.m.•21 views

TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes

Impact A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text nodes contain a special character...

6.1CVSS5.7AI score0.02076EPSS

Exploits0References7Affected Software2

Prion•added 2023/10/19 11:15 p.m.•17 views

Cross site scripting

Home assistant is an open source home automation. Whilst auditing the frontend code to identify hidden parameters, Cure53 detected authcallback=1, which is leveraged by the WebSocket authentication logic in tandem with the state parameter. The state parameter contains the hassUrl, which is...

6CVSS8.7AI score0.00204EPSS

Exploits0References2Affected Software2

Cvelist•added 2023/10/19 10:30 p.m.•29 views

CVE-2023-41896 Fake websocket server installation permits full takeover in Home Assistant Core

7.1CVSS9AI score0.00204EPSS

Exploits0References2

Github Security Blog•added 2023/10/19 4:36 p.m.•31 views

TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin

Impact A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before being stored in the undo stack. If t...

6.1CVSS6AI score0.01282EPSS

Exploits0References7Affected Software2

Tenable Nessus•added 2022/12/19 12:0 a.m.•77 views

Dell Wyse Management Suite < 4.0 Multiple Vulnerabilities (DSA-2022-329)

The version of Dell Wyse Management Suite installed on the remote host is prior to 4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the DSA-2022-329 advisory. - Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not...

8.7CVSS7.3AI score0.10953EPSS

Exploits3References10

Opera Security Advisories•added 2022/03/30 12:0 a.m.•5 views

Opera’s Free Browser VPN Completes Independent Security Audit by Cure53

News Opera’s Free Browser VPN Completes Independent Security Audit by Cure53 Share March 30th, 2022 Today we’re happy to announce the completion of an independent security audit of Opera’s free built-in browser VPN. Opera’s free, no-log, built-in browser VPN was originally launched as part of the...

8.8CVSS6.9AI score0.23127EPSS

Exploits12References1

Node.js•added 2020/12/18 10:54 p.m.•72 views

Cross-Site Scripting

Overview Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements. Recommendation Upgrade to version 2.0.17 or...

4.3CVSS1.9AI score0.00417EPSS

Exploits1Affected Software1

Github Security Blog•added 2020/12/18 10:51 p.m.•62 views

Cross-site Scripting in dompurify

Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements...

6.1CVSS6.4AI score0.00417EPSS

Exploits1References9Affected Software1

OSV•added 2020/12/18 10:51 p.m.•320 views

GHSA-63Q7-H895-M982 Cross-site Scripting in dompurify

6.1CVSS6.2AI score0.00417EPSS

Exploits1References9