CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

CVE-2026-42558

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain consisting of Stored XSS and Iframe Sandbox escape in the Xibo CMS allows users with DataSet permissions to use the Data Connector...

7.6CVSS

Exploits0References1

Cvelist•added yesterday•18 views

CVE-2026-42558 Xibo Vulnerable to Stored XSS and Iframe Sandbox Escape via Data Connector Script in DataSet

7.6CVSS

Exploits0References1

EUVD•added yesterday•6 views

EUVD-2026-36170

7.6CVSS5.3AI score

Exploits0References1

CVE•added yesterday•7 views

CVE-2026-42558

CVE-2026-42558 affects Xibo CMS (prior to 4.4.2). A vulnerability chain combining Stored XSS and an Iframe sandbox escape via the Data Connector Script in DataSet can be exploited by an authorized user who has DataSet permissions and the ability to add DataSets to layouts. The issue requires the ...

7.6CVSS5.3AI score

Exploits0References1

Talos•added 2024/04/03 12:0 a.m.•28 views

Open Automation Software OAS Platform OAS Engine Save Security Configuration file write vulnerability

Talos Vulnerability Report TALOS-2024-1951 Open Automation Software OAS Platform OAS Engine Save Security Configuration file write vulnerability April 3, 2024 CVE Number CVE-2024-22178 SUMMARY A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open...

4.9CVSS5.4AI score0.00157EPSS

Exploits1

MSRC•added 2022/05/09 4:1 p.m.•71 views

Vulnerability mitigated in the third-party Data Connector used in Azure Synapse pipelines and Azure Data Factory (CVE-2022-29972)

Summary Microsoft recently mitigated a vulnerability in Azure Data Factory and Azure Synapse pipelines. The vulnerability was specific to the third-party Open Database Connectivity ODBC driver used to connect to Amazon Redshift in Azure Synapse pipelines and Azure Data Factory Integration Runtime...

7.2CVSS2AI score0.00421EPSS

Exploits0

MSRC•added 2022/05/09 7:0 a.m.•35 views

Vulnerability mitigated in the third-party Data Connector used in Azure Synapse pipelines and Azure Data Factory (CVE-2022-29972)

7.8CVSS7.7AI score0.00421EPSS

Exploits0

Microsoft CVE•added 2022/05/09 7:0 a.m.•77 views

Upcoming improvements to Azure Data Factory and Azure Synapse Pipeline infrastructure in response to CVE-2022-29972

Executive Summary Microsoft recently mitigated and remediated a vulnerability affecting Azure Data Factory and Azure Synapse Pipelines. The vulnerability was found in the third-party ODBC data connector used to connect to Amazon Redshift, in Integration Runtime IR in Azure Synapse Pipelines, and...

7.8CVSS8.2AI score0.00421EPSS

Exploits0

MSRC•added 2022/05/09 7:0 a.m.•32 views

Vulnerability mitigated in the third-party Data Connector used in Azure Synapse pipelines and Azure Data Factory (CVE-2022-29972)

Summary Summary Microsoft recently mitigated a vulnerability in Azure Data Factory and Azure Synapse pipelines. The vulnerability was specific to the third-party Open Database Connectivity ODBC driver used to connect to Amazon Redshift in Azure Synapse pipelines and Azure Data Factory Integration...

2.2AI score0.00421EPSS

Exploits0

Microsoft Secure•added 2022/02/25 5:0 p.m.•24 views

MSTICPy January 2022 hackathon highlights

During the month of January 2022, the Microsoft Threat Intelligence Center MSTIC ran its inaugural hackathon for the open-source Jupyter and Python Security Tools library, MSTICPy. We asked the security community for their contributions to expand and improve MSTICPy’s features and capabilities, a...

7.1AI score

Exploits0

vulnersOsv•added 2021/06/21 5:7 p.m.•0 views

@apollosproject/data-connector-passes (>=0.8.7 <=1.7.1-alpha.8) potentially affected by CVE-2021-32691 via @apollosproject/data-connector-rock (>=0.8.7 <=1.8.0)

@apollosproject/data-connector-rock NPM version =0.8.7, =0.8.7, =1.7.1-alpha.8 Source cves: CVE-2021-32691 Source advisory: OSV:GHSA-R578-PJ6F-R4FF...

9.8CVSS7.2AI score0.00641EPSS

Exploits0

OSV•added 2017/02/01 8:59 p.m.•2 views

CVE-2016-8936

IBM Social Rendering Templates for Digital Data Connector is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

6.1CVSS5.4AI score0.00224EPSS

Exploits0References2

NVD•added 2017/02/01 8:59 p.m.•14 views

CVE-2016-8936

6.1CVSS6AI score0.00224EPSS

Exploits0References2

Prion•added 2017/02/01 8:59 p.m.•13 views

Cross site scripting

4.3CVSS6.5AI score0.00224EPSS

Exploits0References2Affected Software1

Cvelist•added 2017/02/01 8:0 p.m.•21 views

CVE-2016-8936

5.9AI score0.00224EPSS

Exploits0References2

CNVD•added 2016/11/24 12:0 a.m.•1 views

IBM Social Rendering Templates for Digital Data Connector Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in IBM Social Rendering Templates for Digital Data Connector. Due to the program failing to filter user-supplied input. An attacker could exploit this issue to execute arbitrary script code in an unsuspecting user's browser within the context of the...

6.1CVSS6.7AI score0.00224EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by