CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

302 matches found

CVE-2026-35212 OpenCTI has XSS in the rendering of email-message observable body data

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Versions prior to 7.260227.0 are vulnerable to XSS in the rendering of email-message observable body data. The content of the body field isn't appropriately sanitized when being rendered. Does...

5.3CVSS0.00047EPSS

Exploits0References1

Positive Technologies•added 3 days ago•9 views

PT-2026-45867

Name of the Vulnerable Software and Affected Versions OpenCTI versions prior to 7.260227.0 Description An issue exists in the rendering of email-message observable body data where the content of the body field is not appropriately sanitized. This allows for Cross-Site Scripting XSS, a technique...

5.3CVSS5.8AI score0.00047EPSS

Exploits0References3

SUSE CVE•added 2026/05/09 3:24 a.m.•3 views

SUSE CVE-2011-2663

Array index error in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted yearly RRULE variable in a VCALENDAR attachment in an e-mail message...

10CVSS6.2AI score0.03768EPSS

Exploits0References4

OSV•added 2026/04/03 6:31 a.m.•2 views

GHSA-J2G6-8RVG-7MF6 Roundcube Webmail: Bypass of remote image blocking via SVG content (with animate attributes) in an e-mail message

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content with animate attributes in an e-mail message. This may lead to information disclosure or access-control bypass...

5.3CVSS5.9AI score0.00015EPSS

Exploits0References9

Positive Technologies•added 2026/04/03 12:0 a.m.•0 views

PT-2026-29981

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. This may lead to information disclosure or access-control bypass...

5.3CVSS5.9AI score0.00015EPSS

Exploits0References8

CNNVD•added 2026/02/04 12:0 a.m.•3 views

Unstructured 安全漏洞

Unstructured is an open-source preprocessing tool for unstructured data developed by Unstructured. Versions of Unstructured prior to 0.18.18 contained a security vulnerability due to a path traversal vulnerability in the partitionmsg function. This vulnerability could allow arbitrary files to be...

9.8CVSS7.5AI score0.0013EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 10:55 a.m.•5 views

CVE-2022-23101

OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message...

6.1CVSS5.8AI score0.00399EPSS

Exploits1References1

Snyk•added 2025/12/02 6:50 a.m.•4 views

Directory Traversal

Overview unstructured is an A library that prepares raw documents for downstream ML tasks. Affected versions of this package are vulnerable to Directory Traversal via the partitionmsg function’s handling of attachment filenames in email MSG files. An attacker can exploit this vulnerability by...

9.8CVSS7.5AI score0.0013EPSS

Exploits0References3