CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

NVD•added 2025/11/13 3:16 a.m.•7 views

CVE-2025-64711

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, dragging a file whose filename contains HTML is reflected verbatim into the page via the drag-and-drop helper, so any user who drops a crafted file on...

5.4CVSS0.00013EPSS

Exploits1References2

Tenable Nessus•added 2025/11/13 12:0 a.m.•3 views

FreeBSD : privatebin XSS (6e1105d8-bfc2-11f0-bb2b-ecf4bbefc954)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6e1105d8-bfc2-11f0-bb2b-ecf4bbefc954 advisory. privatebin reports: Dragging a file whose filename contains HTML is reflected verbatim into the page vi...

5.8CVSS6AI score0.00028EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-31566

Malicious code in bioql PyPI...

5.1CVSS6.5AI score0.00026EPSS

Exploits0References2

Debian CVE•added 2025/09/29 9:26 a.m.•4 views

CVE-2025-11147

Reflected cross-site scripting XSS in Apt-Cacher-NG v3.2.1. The vulnerability allows malicious scripts XSS to be executed in “/html/.html”...

5.4CVSS4.8AI score0.00026EPSS

Exploits0

Cvelist•added 2025/09/29 9:26 a.m.•4 views

CVE-2025-11147 Reflected Cross-site scripting (XSS) vulnerability in Apt-Cacher-NG

Reflected cross-site scripting XSS in Apt-Cacher-NG v3.2.1. The vulnerability allows malicious scripts XSS to be executed in “/html/.html”...

5.1CVSS0.00026EPSS

Exploits0References1

Tenable Nessus•added 2025/08/08 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2022-45415

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When downloading an HTML file, if the title of the page was formatted as a filename with a malicious extension, Firefox may have saved the file with that...

7.8CVSS7.9AI score0.00113EPSS

Exploits0References2

Prion•added 2020/11/27 1:15 a.m.•11 views

Cross site scripting

jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal signature, as demonstrated by a .jpg.html filename in the signImgFile parameter...

4.3CVSS5.9AI score0.00768EPSS

Exploits0References1Affected Software1

NVD•added 2018/06/01 5:29 p.m.•8 views

CVE-2018-3743

Open redirect in hekto =0.2.3 when target domain name is used as html filename on server...

6.1CVSS6.3AI score0.00163EPSS

Exploits1References1

Cvelist•added 2018/06/01 5:0 p.m.•13 views

CVE-2018-3743

Open redirect in hekto =0.2.3 when target domain name is used as html filename on server...

6.2AI score0.00163EPSS

Exploits1References1

Positive Technologies•added 2018/06/01 12:0 a.m.•2 views

PT-2018-16165 · Hekto · Hekto

Name of the Vulnerable Software and Affected Versions: hekto versions prior to 0.2.4 Description: The issue is related to an open redirect when a domain name is used as part of the .html filename on the server. Recommendations: Update to version 0.2.4 or later...

6.1CVSS6AI score0.00163EPSS

Exploits1References7