CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

417 matches found

Huntr•added 2022/06/11 9:14 a.m.•29 views

Unrestricted File Upload in Part Attachment

Description The application inventree allows users to upload any file in part attachment allowing attacker to render files such as HTML in the browser. Proof of Concept Video PoC Link: https://drive.google.com/file/d/1vurBkHegeYCwbXopE5Yhyb702rYgG9FM/view?usp=sharing...

6.5CVSS1.9AI score0.02205EPSS

Exploits2References1

OSV•added 2022/05/24 7:5 p.m.•29 views

GHSA-QF2G-MRRX-RR5P Drupal Core Cross-site scripting vulnerability

Cross-site scripting vulnerability in Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.X versions prior to 8.8.10; 8.9.X versions prior to 8.9.6; 9.0.X versions prior to 9.0.6...

6.1CVSS6AI score0.00662EPSS

Exploits0References3

Github Security Blog•added 2022/05/17 5:19 a.m.•10 views

phpMyAdmin Vulnerable to Cross-Site Scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to 1 libraries/tbllinks.inc.php and...

4.3CVSS5.7AI score0.01268EPSS

Exploits0References8Affected Software1

OSV•added 2022/05/17 5:19 a.m.•4 views

GHSA-4Q58-5X28-53WV phpMyAdmin Vulnerable to Cross-Site Scripting

5.3CVSS6.1AI score0.01268EPSS

Exploits0References8

Prion•added 2022/04/05 6:15 p.m.•15 views

Code injection

In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered...

3.5CVSS5.6AI score0.01297EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/04/05 5:55 p.m.•22 views

CVE-2022-28648

In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered...

5.7CVSS6AI score0.01297EPSS

Exploits0References1

Microsoft KB•added 2022/03/22 12:0 a.m.•3 views

March 22, 2022—KB5011558 (OS Build 20348.617) Preview

March 22, 2022—KB5011558 OS Build 20348.617 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find ou...

6.7AI score

Exploits0

OSV•added 2022/02/12 12:0 a.m.•25 views

GHSA-M6Q5-WV4X-FV6H Cross-site Scripting in Drupal Core

Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6...

6.1CVSS6.5AI score0.00671EPSS

Exploits0References8

Github Security Blog•added 2022/02/12 12:0 a.m.•28 views

Cross-site Scripting in Drupal Core

6.1CVSS3AI score0.00671EPSS

Exploits0References8Affected Software2

OSV•added 2022/02/11 4:15 p.m.•26 views

CVE-2020-13668

6.1CVSS6.1AI score

Exploits0References1

Prion•added 2022/02/11 4:15 p.m.•16 views

Security feature bypass

4.3CVSS6.2AI score0.00671EPSS

Exploits0References1Affected Software1

OSV•added 2022/02/11 4:15 p.m.•3 views

UBUNTU-CVE-2020-13668

6.1CVSS5.8AI score0.00671EPSS

Exploits0References3

OSV•added 2022/01/18 11:15 p.m.•2 views

DEBIAN-CVE-2022-21690

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions The path parameter of the requested URL is not sanitized before being passed to the QT frontend. This path is used in all componen...

5.4CVSS6.5AI score0.00789EPSS

Exploits1References1

PyPA•added 2022/01/18 11:15 p.m.•5 views

PYSEC-2022-41

8.7CVSS6.8AI score0.00789EPSS

Exploits1References2Affected Software1

OSV•added 2022/01/18 11:15 p.m.•0 views

UBUNTU-CVE-2022-21690

8.7CVSS6.7AI score0.00789EPSS

Exploits1References4

Huntr•added 2022/01/03 7:55 a.m.•23 views

Exposure of Sensitive Information to an Unauthorized Actor in hoppscotch/hoppscotch

Description Steal authorization token via xss and hijack attack Proof of Concept Using this attack , attacker can hijack account by stealing authorization header . I see there is team based collaboration exists ,so one user can hack other user account using this bug . STEP -------- First host...

6CVSS0.3AI score0.01199EPSS

Exploits1

NVD•added 2021/12/14 11:15 p.m.•14 views

CVE-2021-43827

discourse-footnote is a library providing footnotes for posts in Discourse. Impact When posting an inline footnote wrapped in tags e.g. ^footnote, the resulting rendered HTML would include a nested , which is stripped by Nokogiri because it is not valid. This then caused a javascript error on top...

4.3CVSS0.00803EPSS

Exploits0References2

NVD•added 2021/11/03 6:15 p.m.•12 views

CVE-2021-41134

nbdime provides tools for diffing and merging of Jupyter Notebooks. In affected versions a stored cross-site scripting XSS issue exists within the Jupyter-owned nbdime project. It appears that when reading the file name and path from disk, the extension does not sanitize the string it constructs...

8.7CVSS0.0068EPSS

Exploits0References2

NVD•added 2021/06/11 3:15 p.m.•23 views

CVE-2020-13688

Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.X versions prior to 8.8.10; 8.9.X versions prior to 8.9.6; 9.0.X versions prior to 9.0....

6.1CVSS0.00662EPSS

Exploits0References1

OSV•added 2021/06/11 3:15 p.m.•23 views

CVE-2020-13688

6.1CVSS6.1AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by