CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

Positive Technologies•added 2026/02/25 12:0 a.m.•3 views

PT-2026-21840

Repostat is a React component to fetch and display GitHub repository info. Prior to version 1.0.1, the RepoCard component is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability occurs because the component uses React's dangerouslySetInnerHTML to render the repository name repo pro...

6.1CVSS5.8AI score0.00052EPSS

Exploits1References3

OSV•added 2025/12/30 1:49 a.m.•2 views

GO-2025-4263 Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

Gitea allows XSS because the search input box for creating tags and branches is v-html instead of v-text in code.gitea.io/gitea...

5.4CVSS6AI score0.00008EPSS

Exploits0References5

EUVD•added 2025/12/26 2:50 a.m.•3 views

EUVD-2025-205413

Gitea before 1.22.2 allows XSS because the search input box for creating tags and branches is v-html instead of v-text...

5.4CVSS5.8AI score0.00008EPSS

Exploits0References5

Snyk•added 2025/11/07 3:25 p.m.•1 views

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS via the replaceCommandWithText function, by allowing user-controlled HTML from a prompt body to be passed to tempDiv.innerHTML without proper sanitization. An attacker can execute...

8.7CVSS6.2AI score0.00011EPSS

Exploits2References2

CNNVD•added 2025/03/20 12:0 a.m.•1 views

LoLLMs 跨站脚本漏洞

LoLLMs is a large language and multimodal system by the individual developer Saifeddine ALOUI. A cross-site scripting vulnerability exists in LoLLMs version 9.8, which stems from improper use of the v-html directive on the Settings page and could lead to a cross-site scripting attack...

5.5CVSS5.2AI score0.00156EPSS

Exploits1References1

ATTACKERKB•added 2025/01/27 2:15 p.m.•2 views

CVE-2022-4975

A flaw was found in the Red Hat Advanced Cluster Security RHACS portal. When rendering a table view in the portal, for example, on any of the /main/configmanagement/ endpoints, the front-end generates a DOM table-element id="pdf-table". This information is then populated with unsanitized data usi...

8.9CVSS7.1AI score0.00227EPSS

Exploits0References3

Positive Technologies•added 2024/05/07 12:0 a.m.•4 views

PT-2024-4374 · Google +5 · Google Chrome +5

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 124.0.6367.155 Microsoft Edge affected versions not specified Description: The issue is related to a heap buffer overflow in the WebAudio component, which can be exploited by a remote attacker to potentially...

10CVSS7.6AI score0.93301EPSS

Exploits132References1137

Positive Technologies•added 2024/04/04 12:0 a.m.•4 views

PT-2024-22797

Name of the Vulnerable Software and Affected Versions: gotortc versions 1.8.5 and prior Description: gotortc is a camera streaming application. The index page index.html shows available streams by fetching the API on the client side, using Object.entries to iterate over the result, and appending...

6.1CVSS5.2AI score0.00149EPSS

Exploits1References9

SUSE CVE•added 2023/02/15 4:59 a.m.•4 views

SUSE CVE-2016-6186

Cross-site scripting XSS vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors...

6.1CVSS6AI score0.16367EPSS

Exploits6References3

OSV•added 2018/12/19 7:29 p.m.•2 views

CVE-2018-19596

Zurmo 3.2.4 allows HTML Injection via an admin's use of HTML in the report section, a related issue to CVE-2018-19506...

4.8CVSS5.8AI score0.00235EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by