CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Frappe Learning is a learning system that helps users structure their content. In versions 2.33.0 and below, the image upload functionality did not adequately sanitize uploaded SVG files. This allowed users to upload SVG files containing embedded JavaScript or other potentially malicious content...

4.3CVSS4.6AI score0.00136EPSS

Exploits1References3

CVE•added 2025/07/25 12:0 a.m.•21 views

CVE-2025-45893

OpenCart 4.1.0.4 is affected by CVE-2025-45893: Stored XSS via unsanitized SVG uploads in the media manager (blog posts). Attackers can embed JavaScript in SVGs uploaded for posts; this can execute in a user’s browser when viewed. Root cause: insufficient sanitization of uploaded SVG files. CVSSv...

6.1CVSS5.7AI score0.00132EPSS

Exploits1References2Affected Software1

RedhatCVE•added 2025/05/23 8:43 a.m.•1 views

CVE-2024-33007

PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. If a PDF document contains embedded JavaScript or any harmful client-side script, the PDFViewer will execute the JavaScript embedded in the PDF which can cause a potential securi...

3.5CVSS7.1AI score0.00137EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 9:30 p.m.•4 views

CVE-2021-21422

mongo-express is a web-based MongoDB admin interface, written with Node.js and express. 1: As mentioned in this issue: https://github.com/mongo-express/mongo-express/issues/577, when the content of a cell grows larger than supported size, clicking on a row will show full document unescaped, howev...

8.1CVSS6.5AI score0.01294EPSS

Exploits1References1

CNNVD•added 2025/03/26 12:0 a.m.•3 views

Icinga Web 2 跨站脚本漏洞

Icinga Web 2 is an open source monitoring and metrics solution from Icinga Open Source. A cross-site scripting vulnerability exists in Icinga Web 2 versions prior to 2.11.5 and prior to 2.12.13, which stems from embeddable arbitrary Javascript that could lead to user identity impersonation...

5.4CVSS5.8AI score0.00363EPSS

Exploits0References3

CNNVD•added 2025/03/26 12:0 a.m.•3 views

Icinga Web 2 跨站脚本漏洞

7.6CVSS5.8AI score0.00107EPSS

Exploits0References3

Tenable Nessus•added 2025/03/05 12:0 a.m.•12 views

Linux Distros Unpatched Vulnerability : CVE-2022-29078

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is...

9.8CVSS7AI score0.93462EPSS

Exploits5References3

OSV•added 2024/10/24 6:0 p.m.•13 views

GHSA-79JV-5226-783F OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand

Summary The export-rows command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to a malicious page that submits a form POST that contains embedded JavaScript code. This code would then ...

8.6CVSS7.4AI score0.00195EPSS

Exploits1References4

CNNVD•added 2024/06/26 12:0 a.m.•1 views

DSpace Security Vulnerabilities

DSpace is an open source turnkey repository application for the DuraSpace community. A security vulnerability exists in DSpace versions 7.0 through 7.6.1, which stems from the possibility that a user's browser may execute any embedded JavaScript when an HTML, XML, or JavaScript Bitstream is...

2.6CVSS6.9AI score0.00112EPSS

Exploits0References5

CNVD•added 2024/06/14 12:0 a.m.•7 views

Unspecified Vulnerability in SAP PDFViewer (CNVD-2024-27892)

SAP PDFViewer is the United States SAP SAP a PDF viewer. A security vulnerability exists in SAP PDFViewer that stems from the fact that if a PDF document contains embedded JavaScript, PDFViewer will execute the embedded JavaScript in the PDF, which could lead to a potential security threat. No...

3.5CVSS6.9AI score0.00137EPSS

Exploits0References1

Positive Technologies•added 2024/05/23 12:0 a.m.•3 views

PT-2024-4810 · Ibm · Ibm Security Guardium

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium versions 11.4 through 12.0 Description: The issue exists due to insufficient protection of the web page structure, allowing a remote attacker to exploit it and potentially disclose credentials within a trusted session...

5.5CVSS7.1AI score0.0011EPSS

Exploits0References5

CVE•added 2024/05/14 3:44 a.m.•37 views

CVE-2024-33007

CVE-2024-33007 affects SAPUI5 PDFViewer, a control that renders PDF content embedded by default. The underlying issue is execution of embedded JavaScript in PDFs by PDFViewer, which can trigger security threats. Affected component/file: PDFViewer within SAPUI5; root cause is server/client-side sc...

3.5CVSS7AI score0.00137EPSS

Exploits0References2

CNNVD•added 2024/05/14 12:0 a.m.•1 views

SAP PDFViewer 安全漏洞

3.5CVSS6.7AI score0.00137EPSS

Exploits0References4

Positive Technologies•added 2024/05/14 12:0 a.m.•1 views

PT-2024-25052 · Sap · Sapui5

Name of the Vulnerable Software and Affected Versions: SAPUI5 affected versions not specified Description: The issue concerns the execution of embedded JavaScript in PDF documents by the PDFViewer control in SAPUI5. If a PDF contains harmful client-side scripts, including JavaScript, the PDFViewe...

3.5CVSS7.2AI score0.00137EPSS

Exploits0References3

CNNVD•added 2024/05/14 12:0 a.m.•1 views

QuickJS Security Vulnerability

QuickJS is a small and embeddable Javascript engine. A security vulnerability exists in QuickJS that stems from an assertion failure...

4CVSS6.8AI score0.00029EPSS

Exploits1References3