CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

119 matches found

RedhatCVE•added 2026/01/16 11:31 p.m.•2 views

CVE-2026-1011

A stored cross-site scripting XSS vulnerability exists in the Altium Support Center AddComment endpoint due to missing server-side input sanitization. Although the client interface applies HTML escaping, the backend accepts and stores arbitrary HTML and JavaScript supplied via modified POST...

6.1CVSS5.7AI score0.0002EPSS

Exploits0References1

OSV•added 2025/12/15 2:15 p.m.•1 views

CVE-2025-65778

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Uploaded attachments can be served with attacker-controlled Content-Type text/html, allowing execution of attacker-supplied HTML/JS in the application's origin and enabling session/token thef...

8.1CVSS7AI score

Exploits0References4

NVD•added 2025/12/15 2:15 p.m.•1 views

CVE-2025-65778

8.1CVSS0.00035EPSS

Exploits0References4

CVE•added 2025/12/15 12:0 a.m.•8 views

CVE-2025-65778

CVE-2025-65778 affects Wekan (The Open Source Kanban Board) up to version 18.15; fixed in 18.16. Vulnerability arises when uploaded attachments are served with attacker-controlled Content-Type (text/html), permitting execution of attacker-supplied HTML/JS within the application's origin and enabl...

8.1CVSS6.7AI score0.00035EPSS

Exploits0References4Affected Software1

Cvelist•added 2025/12/15 12:0 a.m.•23 views

CVE-2025-65778

0.00035EPSS

Exploits0References4

RedhatCVE•added 2025/12/11 5:3 a.m.•1 views

CVE-2025-65229

A stored cross-site scripting XSS vulnerability exists in the web interface of Lyrion Music Server = 9.0.3. An authenticated user with access to Settings Player can save arbitrary HTML/JavaScript in the Player name field. That value is stored by the server and later rendered without proper output...

4.6CVSS5.8AI score0.00024EPSS

Exploits0References1

RedhatCVE•added 2025/11/21 4:38 p.m.•4 views

CVE-2025-62297

SOPlanning is vulnerable to Stored XSS in /projets endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening edited page. This issue was fixed in version 1.55...

5.4CVSS6AI score0.00024EPSS

Exploits0References1

EUVD•added 2025/11/20 6:31 p.m.•1 views

EUVD-2025-198306

SOPlanning is vulnerable to Stored XSS in /status endpoint. Malicious attacker with an account can inject arbitrary HTML and JS into website, which will be rendered/executed when opening multiple pages. This issue was fixed in version 1.55...

5.3CVSS5.6AI score0.00034EPSS

Exploits0References3

OSV•added 2025/11/20 4:16 p.m.•1 views

CVE-2025-62731

SOPlanning is vulnerable to Stored XSS in /feries endpoint. Malicious attacker with access to public holidays feature is able to inject arbitrary HTML and JS into website, which will be rendered/executed when opening multiple pages. By default only administrators and users with special privileges...

4.8CVSS5.9AI score0.00034EPSS

Exploits0References2

NVD•added 2025/11/20 4:15 p.m.•5 views

CVE-2025-62295

SOPlanning is vulnerable to Stored XSS in /groupeform endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55...

5.4CVSS0.00024EPSS

Exploits0References2

CVE•added 2025/11/20 3:43 p.m.•10 views

CVE-2025-62729

CVE-2025-62729 affects SOPlanning with a Stored XSS in the /status endpoint. An authenticated attacker can inject arbitrary HTML/JS that is rendered for multiple pages. Root cause described in connected Red Hat/ENISA/NVD entries; fixed in version 1.55. CVSS metrics indicate MEDIUM severity (3.1: ...

5.4CVSS5.4AI score0.00024EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2025/11/20 3:43 p.m.•2 views

CVE-2025-62297 Stored XSS in SOPlanning

5.1CVSS5.4AI score0.00024EPSS

Exploits0References2

CNNVD•added 2025/11/07 12:0 a.m.•3 views

OctoPrint 安全漏洞

OctoPrint is an open source application from OctoPrint. It provides a fast web interface for controlling consumer 3D printers. A security vulnerability exists in OctoPrint 1.11.3 and prior versions that originated from allowing arbitrary HTML and JavaScript to be injected into Action Command...

4.6CVSS6.4AI score0.00018EPSS

Exploits0References3

Fedora•added 2025/11/06 2:24 a.m.•3 views

[SECURITY] Fedora 42 Update: qt5-qtwebchannel-5.15.18-1.fc42

The Qt WebChannel module provides a library for seamless integration of C++ and QML applications with HTML/JavaScript clients. Any QObject can be published to remote clients, where its public API becomes available...

7AI score

Exploits0

NVD•added 2025/10/16 7:15 p.m.•1 views

CVE-2025-62415

Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the...

6.9CVSS0.00036EPSS

Exploits1References1

Packet Storm•added 2025/10/10 12:0 a.m.•191 views

📄 Perfex CRM Chatbot Cross Site Scripting

Perfex CRM's chatbot feature suffers from a persistent cross site scripting vulnerability. CVE-2025-60374 CVE-2025-60374: Stored Cross-Site Scripting XSS in Perfex CRM Chatbot ⚠️ Security Advisory A critical Stored Cross-Site Scripting vulnerability in Perfex CRM's chatbot feature --- 📋 Overview A...

6.1CVSS6.4AI score0.00017EPSS

Exploits2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-13343

Malware in sbrugna...

9.6CVSS9.1AI score0.00564EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-19128

Malware in sbrugna...

6.1CVSS6.3AI score0.00779EPSS

Exploits1References5