CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25 matches found

Fedora•added 2026/05/24 1:10 a.m.•9 views

[SECURITY] Fedora 42 Update: evince-48.1-2.fc42

Evince is simple multi-page document viewer. It can display and print Portable Document Format PDF, PostScript PS and Encapsulated PostScript EPS files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents...

8.4CVSS7AI score0.00074EPSS

Exploits0

Fedora•added 2026/05/21 12:57 a.m.•8 views

[SECURITY] Fedora 44 Update: evince-48.1-5.fc44

5.8AI score

Exploits0

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-11617

Malware in sbrugna...

4.8CVSS4.9AI score0.00097EPSS

Exploits2References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2017-7399

Malware in sbrugna...

9.8CVSS9.4AI score0.01411EPSS

Exploits5References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-7397

Malware in sbrugna...

9.8CVSS9.3AI score0.01085EPSS

Exploits5References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-47762

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00176EPSS

Exploits0References3

Veracode•added 2025/09/22 7:54 a.m.•5 views

Server-Side Template Injection

solspace/craft-freeform is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper input handling because the submission title field in forms allows arbitrary code injection when edited by users with form editing access...

9.8CVSS8AI score0.00142EPSS

Exploits1References4Affected Software1

CVE•added 2025/08/27 12:0 a.m.•13 views

CVE-2025-52122

Summary : CVE-2025-52122 affects the Freeform CraftCMS plugin. Vulnerable versions : Freeform 5.0.0 up to (but not including) 5.10.16. Root cause : Server-side template injection (SSTI) in Freeform allows arbitrary code execution. Impact : All users with access to editing a form submission title ...

9.8CVSS7.9AI score0.00142EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2024/10/26 12:0 a.m.•3 views

PT-2024-16248 · WordPress · The Forminator Forms

Name of the Vulnerable Software and Affected Versions: The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress versions up to, and including, 1.35.1 Description: The issue arises from a missing capability check on a function, allowing authenticated attackers...

8.8CVSS6.8AI score0.00379EPSS

Exploits0References7

CNNVD•added 2024/09/18 12:0 a.m.•1 views

Mautic 安全漏洞

Mautic is an open source marketing automation software from Mautic Open Source. The software monitors and manages websites, sends emails and manages customer resources. A security vulnerability exists in Mautic version 1.0.0 and prior versions, which stems from the fact that an attacker can explo...

4.8CVSS5.7AI score0.00186EPSS

Exploits0References2

OSV•added 2024/07/31 11:15 a.m.•1 views

CVE-2024-6725

The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ parameter in all versions up to, and including, 6.11.1 due to insufficient input sanitization and output...

5.4CVSS5.9AI score

Exploits0References3

Positive Technologies•added 2024/07/31 12:0 a.m.•2 views

PT-2024-37825 · WordPress · Formidable Forms

Name of the Vulnerable Software and Affected Versions: Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress versions up to, and including, 6.11.1 Description: The issue is related to Stored Cross-Site Scripting via the html...

5.4CVSS6.2AI score0.00176EPSS

Exploits0References7

Fedora•added 2024/02/09 1:52 a.m.•30 views

[SECURITY] Fedora 38 Update: atril-1.26.2-2.fc38

Mate-document-viewer is simple document viewer. It can display and print Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS, DVI, DJVU, epub and XPS files. When supported by the document format, mate-document-viewer allows searching for text, copying text to the clipboard,...

9.6CVSS9.1AI score0.02007EPSS

Exploits2

wpexploit•added 2022/05/09 12:0 a.m.•106 views

User Meta < 2.4.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed An an admin - Create/edit ...

4.8CVSS0.00282EPSS

Exploits2

OSV•added 2021/12/13 11:15 a.m.•1 views

CVE-2021-24705

The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow attackers to make a logged in admin edit arbitrary forms with Cross-Site...

4.8CVSS5.9AI score

Exploits0References1

OSV•added 2017/10/31 7:29 a.m.•1 views

CVE-2017-15982

Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/adminprocess.php for form editing...

9.8CVSS5.8AI score

Exploits0References1