CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

318 matches found

EUVD-2026-33548

An improper neutralization of active SVG content in OTRS or OTRS Community Edition ticket article rendering allows attackers to inject specially crafted SVG payloads via email content, leading to browser-side resource exhaustion and denial of service when affected tickets are opened by an agent o...

6.5CVSS5.9AI score0.00042EPSS

Exploits0References1

Positive Technologies•added 2026/05/04 12:0 a.m.•3 views

PT-2026-36806

Name of the Vulnerable Software and Affected Versions Ansible Automation Platform Gateway versions 2.6 and later Description A flaw in the AAP gateway involves the user auto-link strategy, which automatically links an external Identity Provider IDP identity to an existing user account based on...

8.3CVSS5.8AI score0.00041EPSS

Exploits0References9

Microsoft Secure•added 2026/04/02 4:0 p.m.•6 views

Threat actor abuse of AI accelerates from tool to cyberattack surface

For the last year, one word has represented the conversation living at the intersection of AI and cybersecurity: speed. Speed matters, but it’s not the most important shift we are observing across the threat landscape today. Now, threat actors from nation states to cybercrime groups are embedding...

6.1AI score

Exploits0

RedhatCVE•added 2026/01/07 9:29 a.m.•5 views

CVE-2019-12248

An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.7, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. An attacker could send a malicious email to an OTRS system. If a logged-in agent user quotes it, the email could cause the browser to...

4.3CVSS6.6AI score0.00701EPSS

Exploits0References1

NVD•added 2026/01/01 6:15 a.m.•2 views

CVE-2025-13820

The Comments WordPress plugin before 7.6.40 does not properly validate user's identity when using the disqus.com provider, allowing an attacker to log in to any user when knowing their email address when such user does not have an account on disqus.com yet...

5.3CVSS0.00035EPSS

Exploits0References1

RedhatCVE•added 2025/11/01 2:20 p.m.•3 views

CVE-2025-12460

An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img HTML tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...

5.3CVSS6.3AI score0.0029EPSS

Exploits0References1

Cvelist•added 2025/10/16 5:26 p.m.•7 views

CVE-2025-61922 PrestaShop Checkout allows customer account takeover via email

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express Checkout feature allows silent login, enabling account takeover via email. The vulnerability is fixed in...

9.1CVSS0.00019EPSS

Exploits1References1

CNNVD•added 2025/10/16 12:0 a.m.•4 views

PrestaShop Checkout 授权问题漏洞

PrestaShop Checkout is an open source checkout payment module from PrestaShopCorp. An authorization issue vulnerability exists in PrestaShop Checkout versions prior to 4.4.1 and prior to 5.0.5, which stems from a lack of authentication in the Express Checkout feature that could lead to an account...

9.1CVSS6.7AI score0.00019EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2002-2321

Malware in sbrugna...

4.3CVSS6.4AI score0.00564EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-8902

Malware in sbrugna...

8.7CVSS8.3AI score0.006EPSS

Exploits0References2