CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5839 matches found

CNVD•added 2022/06/30 12:0 a.m.•18 views

Admidio Cross-Site Scripting Vulnerability

Admidio is an open source member management system from the Admidio team. The system supports member lists, event management, guestbooks, photo albums and downloads. A cross-site scripting vulnerability exists in Admidio version 4.1.2, which stems from the program's lack of checksum filtering of...

5.4CVSS5.2AI score0.00533EPSS

Exploits1References1

CNVD•added 2022/06/30 12:0 a.m.•17 views

WordPress Active Products Tables for WooCommerce plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Active Products Tables for WooCommerce plugin version prior to 1.0.5 has a cross-site scripting...

6.1CVSS2.2AI score0.01829EPSS

Exploits1References1

CNVD•added 2022/06/30 12:0 a.m.•23 views

Library Management System跨站脚本漏洞

Library Management System is a library management system with QR code attendance and automatic library card generation. version 1.0 of Library Management System has a cross-site scripting vulnerability that originates in the file /admin/editadmindetails.php?id= The admin's parameter Name lacks a...

5.4CVSS2.9AI score0.00533EPSS

Exploits0References1

CNVD•added 2022/06/30 12:0 a.m.•17 views

Shopware Cross-Site Scripting Vulnerability (CNVD-2022-58390)

Shopware is a German Shopware company's open source e-commerce software. A cross-site scripting vulnerability exists in Shopware versions prior to 5.7.12, which stems from a lack of checksum filtering of user-supplied and output data during login authentication. An attacker can exploit this...

6.5CVSS5.3AI score0.00632EPSS

Exploits0References1

CNVD•added 2022/06/30 12:0 a.m.•18 views

Jorani Cross-Site Scripting Vulnerability (CNVD-2022-58885)

Benjamin BALET Jorani is a leave management system from the French personal developer Benjamin BALET. Designed to provide small organizations with a simple workflow for leave and overtime requests, Benjamin BALET Jorani version 1.0 contains a cross-site scripting vulnerability stemming from a lac...

4.3CVSS3.1AI score0.00545EPSS

Exploits0Affected Software1

OSV•added 2022/06/29 9:28 a.m.•11 views

OPENSUSE-SU-2022:10036-1 Security update for chromium

This update for chromium fixes the following issues: Chromium 103.0.5060.53 boo1200783 CVE-2022-2156: Use after free in Base CVE-2022-2157: Use after free in Interest groups CVE-2022-2158: Type Confusion in V8 CVE-2022-2160: Insufficient policy enforcement in DevTools CVE-2022-2161: Use after fre...

8.8CVSS6.9AI score0.01286EPSS

Exploits1References11

OPENSUSE Linux•added 2022/06/29 12:0 a.m.•46 views

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2022:10035-1 Rating: important References: 1200783 Cross-References: CVE-2022-2156 CVE-2022-2157 CVE-2022-2158 CVE-2022-2160 CVE-2022-2161 CVE-2022-2162 CVE-2022-2163 CVE-2022-2164 CVE-2022-2165 Affected Products:...

8.8CVSS8.3AI score0.01286EPSS

Exploits1References1

CNVD•added 2022/06/28 12:0 a.m.•13 views

Raytion Custom Security Manager Cross-Site Scripting Vulnerability

Raytion, a search connector from the German company Raytion, is vulnerable to a cross-site scripting vulnerability in Raytion version 7.2.0. The vulnerability stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability t...

4.3CVSS3.2AI score0.00506EPSS

Exploits0Affected Software1

CNVD•added 2022/06/28 12:0 a.m.•13 views

IBM Jazz Team Server Cross-Site Scripting Vulnerability (CNVD-2022-51659)

IBM Jazz Team Server is an application server from IBM Corporation in the United States. provides base services that enable a group of tools to work together as a single logical server and includes any number of Jazz Team Server Extensions that provide tool-specific functionality. IBM Jazz Team...

5.4CVSS1.8AI score0.00467EPSS

Exploits0References1

CNVD•added 2022/06/28 12:0 a.m.•20 views

PortlandLabs Concrete CMS Cross-Site Scripting Vulnerability (CNVD-2022-54305)

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. A cross-site scripting vulnerability exists in PortlandLabs Concrete CMS, which originates in /dashboard/blocks/stacks/view details. The vulnerability stems from the lack of data validation...

6.1CVSS2.3AI score0.0095EPSS

Exploits0References1

CNVD•added 2022/06/28 12:0 a.m.•18 views

PortlandLabs Concrete CMS Cross-Site Scripting Vulnerability (CNVD-2022-54306)

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. A cross-site scripting vulnerability exists in PortlandLabs Concrete CMS, which originates from a lack of data validation filtering of user-supplied data and output in...

6.1CVSS1.6AI score0.00847EPSS

Exploits0References1

CNVD•added 2022/06/28 12:0 a.m.•29 views

BigBlueButton Cross-Site Scripting Vulnerability (CNVD-2022-62183)

BigBlueButton is BigBlueButton community of a set of open source Web conferencing system . A cross-site scripting vulnerability exists in BigBlueButton v2.4.7 and earlier versions, which stems from a lack of checksum filtering of user-supplied and output data in the chat feature. An attacker can...

5.4CVSS5.1AI score0.00418EPSS

Exploits0References1

Redos•added 2022/06/28 12:0 a.m.•72 views

ROS-20220628-01

A vulnerability in the Apache HTTP web server is related to insufficient validation of user-entered data during the HTTP requests to the lua script that calls r:parsebody0. Exploitation of the vulnerability could allow an attacker acting remotely to send a very large HTTP request to a vulnerable...

9.8CVSS8.3AI score0.90407EPSS

Exploits2

CNVD•added 2022/06/28 12:0 a.m.•29 views

Wyse Management Suite Cross-Site Scripting Vulnerability (CNVD-2022-62182)

Wyse Management Suite is a scalable solution for managing and optimizing Wyse endpoints from Dell, USA. The product includes centralized management of Wyse endpoints, asset tracking and automated device discovery. A cross-site scripting vulnerability exists in Wyse Management Suite 3.6.1 and prio...

6.1CVSS5.4AI score0.0051EPSS

Exploits0References1

CNVD•added 2022/06/28 12:0 a.m.•34 views

Rails Cross-Site Scripting Vulnerability (CNVD-2022-58235)

Rails is a set of Rails team based on the Ruby language open source web application framework. Rails suffers from a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker can exploit the vulnerability to...

6.1CVSS6.2AI score0.2914EPSS

Exploits1References1

CNNVD•added 2022/06/28 12:0 a.m.•4 views

Omron SYSMAC CS/CJ/CP Series 和 NJ/NX Series 数据伪造问题漏洞

Omron SYSMAC CS/CJ/CP Series and Omron SYSMAC NJ/NX Series are products of Omron Corporation, Japan.Omron SYSMAC CS/CJ/CP Series is a series of programmable controllers.Omron SYSMAC NJ/NX Series is a series of machine automation controllers. Omron SYSMAC NJ/NX Series is a series of machine...

9.8CVSS9AI score0.0082EPSS

Exploits0References6

CNVD•added 2022/06/27 12:0 a.m.•29 views

74cms Cross-Site Scripting Vulnerability (CNVD-2022-58890)

74cms is a PHP and MySQL-based online recruitment system from China Xunyi Technology Company. 74cmsSE version v3.5.1 contains a cross-site scripting vulnerability, which originates from the path /company/service/increment/add/im missing data validation filters for user-supplied data and output. A...

4.3CVSS3.4AI score0.00617EPSS

Exploits1Affected Software1

CNVD•added 2022/06/27 12:0 a.m.•23 views

74cms cross-site scripting vulnerability (CNVD-2022-58889)

74cms is a PHP and MySQL-based online recruitment system from China Xunyi Technology. 74cmsSE version v3.5.1 contains a cross-site scripting vulnerability that originates from the path /company/downresume/total/nature lack of data validation filtering of user-supplied data and output. An attacker...

4.3CVSS3.2AI score0.00617EPSS

Exploits1Affected Software1

CNNVD•added 2022/06/27 12:0 a.m.•2 views

ScratchTools 跨站脚本漏洞

ScratchTools is a web extension to the STForScratch open source. Designed to make interaction with the Scratch programming language community Scratching easier, ScratchTools suffers from a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of...

7.1CVSS5.6AI score0.00833EPSS

Exploits0References4

CNVD•added 2022/06/27 12:0 a.m.•41 views

74cms Cross-Site Scripting Vulnerability (CNVD-2022-58892)

74cms is a PHP and MySQL-based online recruitment system from China Xunyi Technology. 74cms version v3.5.1 suffers from a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied and output data in path/company. An attacker could exploit the...

4.3CVSS3.1AI score0.00617EPSS

Exploits1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by