CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-1990

Malicious code in bioql PyPI...

4.8CVSS6.6AI score0.00206EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-32592

Malicious code in bioql PyPI...

4.6CVSS6.6AI score0.00289EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 10:17 a.m.•3 views

CVE-2024-4026

Cross-Site Scripting XSS vulnerability in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within all editable parameters within the 'General' and 'Team ID' functionalities, which could result in a session takeover...

4.6CVSS5.8AI score0.00289EPSS

Exploits0

RedhatCVE•added 2025/02/08 2:25 p.m.•4 views

CVE-2025-1076

A Stored Cross-Site Scripting Stored XSS vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable ‘name’ and ‘icon’ parameters of the Activities functionality...

4.8CVSS5.9AI score0.00206EPSS

Exploits0References3

NVD•added 2025/02/06 2:15 p.m.•14 views

CVE-2025-1076

4.8CVSS0.00206EPSS

Exploits0References1

Cvelist•added 2025/02/06 1:33 p.m.•13 views

CVE-2025-1076 Stored Cross-Site Scripting vulnerability in Holded

4.8CVSS0.00206EPSS

Exploits0References1

Vulnrichment•added 2025/02/06 1:33 p.m.•5 views

CVE-2025-1076 Stored Cross-Site Scripting vulnerability in Holded

4.8CVSS6AI score0.00206EPSS

Exploits0References1

CVE•added 2025/02/06 1:33 p.m.•57 views

CVE-2025-1076

CVE-2025-1076 describes a Stored XSS vulnerability in Holded’s application, affecting the editable name and icon fields within the Activities feature. The root cause is storing a JavaScript payload in those parameters, enabling an attacker to inject script via standard input fields. The issue is ...

4.8CVSS4.9AI score0.00206EPSS

Exploits0References1

NVD•added 2024/04/22 12:15 p.m.•11 views

CVE-2024-4026

4.6CVSS4.5AI score0.00289EPSS

Exploits0References1

CVE•added 2024/04/22 11:51 a.m.•59 views

CVE-2024-4026

CVE-2024-4026 is an XSS vulnerability in Holded. The cited sources indicate that an attacker could store a JavaScript payload in all editable parameters within the General and Team ID functions, enabling session takeover. The issue affects Holded versions prior to 4.20.0 (per CNNVD). Root cause d...

4.6CVSS5.7AI score0.00289EPSS

Exploits0References1

Cvelist•added 2024/04/22 11:51 a.m.•16 views

CVE-2024-4026 Cross-Site Scripting in the Holded application

4.6CVSS4.7AI score0.00289EPSS

Exploits0References1

Vulnrichment•added 2024/04/22 11:51 a.m.•15 views

CVE-2024-4026 Cross-Site Scripting in the Holded application

4.6CVSS5.7AI score0.00289EPSS

Exploits0References1

CNNVD•added 2024/04/22 12:0 a.m.•3 views

Holded 跨站脚本漏洞

Holded is a business management software from Holded. A cross-site scripting vulnerability exists in Holded versions prior to 4.20.0 that stems from allowing an attacker to store a JavaScript payload in all editable parameters in the Genera, Team ID functions, which could lead to a session takeov...

4.6CVSS6AI score0.00289EPSS

Exploits0References2

Patchstack•added 2022/02/28 12:0 a.m.•8 views

WordPress Import Holded for WooCommerce or Easy Digital Downloads plugin <= 1.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Import Holded for WooCommerce or Easy Digital Downloads plugin versions = 1.4. Solution Update the WordPress Import Holded for WooCommerce or Easy Digital Downloads plugin to the latest available versi...

3.8AI score

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by