CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

Positive Technologies•added 2026/04/10 12:0 a.m.•0 views

PT-2026-31951

Summary Task titles are embedded directly into Markdown link syntax in overdue email notifications without escaping Markdown special characters. When rendered by goldmark and sanitized by bluemonday which allows and tags, injected Markdown constructs produce phishing links and tracking pixels in...

5.4CVSS5.8AI score0.00034EPSS

Exploits1References7

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2005-0108

Malware in sbrugna...

7.5CVSS6.1AI score0.00904EPSS

Exploits0References3

RedhatCVE•added 2025/02/05 8:25 p.m.•8 views

CVE-2022-31127

NextAuth.js is a complete open source authentication solution for Next.js applications. An attacker can pass a compromised input to the e-mail signin endpoint that contains some malicious HTML, tricking the e-mail server to send it to the user, so they can perform a phishing attack. Eg.:...

7.1CVSS6.6AI score0.00591EPSS

Exploits1References1

WPVulnDB•added 2023/06/08 12:0 a.m.•12 views

WP Mail Logging < 1.11.2 - Unauthenticated Stored Cross-Site Scripting

The plugin does not adequately sanitize and escape email contents, enabling the injection of arbitrary web scripts into pages...

7.2CVSS6.7AI score0.01339EPSS

Exploits0References1Affected Software1

exploitpack•added 2015/08/07 12:0 a.m.•19 views

WordPress Plugin Job Manager 0.7.22 - Persistent Cross-Site Scripting

WordPress Plugin Job Manager 0.7.22 - Persistent Cross-Site Scripting Job Manager Persistent XSS Details ======================================================================================== Product: Job Manager Plugin For Wordpress Vendor-URL: www.wp-jobmanager.com CVE-ID: CVE-2015-2321 Credi...

4.3CVSS6.1AI score0.01518EPSS

Exploits6

securityvulns•added 2009/12/15 12:0 a.m.•42 views

WSCreator 1.1 Blind SQL Injection

WSCreator 1.1 Blind SQL Injection Name WSCreator Vendor http://www.wscreator.com Versions Affected 1.1 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2009-12-15 X. INDEX I. ABOUT THE APPLICATION II. DESCRIPTION III...

0.1AI score

Exploits0

0day.today•added 2009/12/14 12:0 a.m.•12 views

WSCreator 1.1 Blind SQL Injection

Exploit for unknown platform in category web applications ================================= WSCreator 1.1 Blind SQL Injection ================================= Name WSCreator Vendor http://www.wscreator.com Versions Affected 1.1 X. INDEX I. ABOUT THE APPLICATION II. DESCRIPTION III. ANALYSIS IV...

7.1AI score

Exploits0

securityvulns•added 2009/05/29 12:0 a.m.•64 views

Novell Groupwise fails to properly sanitize emails.

Affected product ---------------- Novell Groupwise webaccess Affected software: 7.x and 8.0 Vulnerability details --------------------- Groupwise WebAccess implements a security parser designed to prevent embedded scripts in HTML emails from executing in the users's browser. Unfortunately this...

4.3CVSS6.2AI score0.00757EPSS

Exploits1

Tenable Nessus•added 2004/08/30 12:0 a.m.•27 views

GLSA-200406-15 : Usermin: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200406-15 Usermin: Multiple vulnerabilities Usermin contains two security vulnerabilities. One fails to properly sanitize email messages that contain malicious HTML or script code and the other could allow an attacker to lock out ...

6.8CVSS5.9AI score0.01593EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by