CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

RedhatCVE•added 2026/04/29 1:44 a.m.•3 views

CVE-2026-38949

Cross-Site Scripting XSS vulnerability exists in HTMLy version 3.1.1 in the content creation functionality at the /add/content?type=image endpoint. The application fails to properly sanitize user input, allowing injection of arbitrary code...

8.9CVSS5.4AI score0.00016EPSS

Exploits0References1

Vulnrichment•added 2026/04/28 12:0 a.m.•1 views

CVE-2026-38949

5.5AI score0.00016EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-16506

Malware in sbrugna...

6.5CVSS6.5AI score0.01479EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-34674

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00193EPSS

Exploits0References1

RedhatCVE•added 2025/10/03 12:45 a.m.•7 views

CVE-2025-56154

htmly v3.0.8 is vulnerable to Cross Site Scripting XSS in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in the HTML response, allowing attackers to inject arbitrary JavaScript payloads...

6.1CVSS6.1AI score0.00024EPSS

Exploits0References1

Vulnrichment•added 2025/09/21 12:2 a.m.•3 views

CVE-2025-10758 htmly Custom Field post cross site scripting

A security vulnerability has been detected in htmly up to 3.1.0. The impacted element is an unknown function of the file /htmly/admin/field/post of the component Custom Field Handler. Such manipulation of the argument label leads to cross site scripting. The attack can be launched remotely. The...

4.8CVSS5.2AI score0.00036EPSS

Exploits1References4

RedhatCVE•added 2025/05/22 9:12 p.m.•4 views

CVE-2021-36703

The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send an authenticated post HTTP request to admin/config and inject arbitrary web script or HTML through a special website...

6.1CVSS5.6AI score0.00222EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 6:31 p.m.•4 views

CVE-2021-30637

htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php...

5.4CVSS5.5AI score0.00148EPSS

Exploits4References1

RedhatCVE•added 2025/05/22 4:31 p.m.•5 views

CVE-2020-23766

An arbitrary file deletion vulnerability was discovered on htmly v2.7.5 which allows remote attackers to use any absolute path to delete any file in the server should they gain Administrator privileges...

6.5CVSS7.3AI score0.01479EPSS

Exploits1

0day.today•added 2024/04/12 12:0 a.m.•291 views

HTMLy Version v2.9.6 - Stored XSS Vulnerability

Exploit Title: HTMLy Version v2.9.6 - Stored XSS Exploit Author: tmrswrr Vendor Homepage: https://www.htmly.com/ Version 3.10.8.21 Date : 04/08/2024 1 Login admin https://127.0.0.1/HTMLy/admin/config 2 General Setting Blog title " 3 After save it you will be see XSS alert...

7.4AI score

Exploits0

ATTACKERKB•added 2022/03/01 2:15 a.m.•2 views

CVE-2022-25022

A cross-site scripting XSS vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post...

5.4CVSS5.8AI score0.00688EPSS

Exploits1References6

Cvelist•added 2021/08/03 6:2 p.m.•22 views

CVE-2021-36701

In htmly version 2.8.1, is vulnerable to an Arbitrary File Deletion on the local host when delete backup files. The vulnerability may allow a remote attacker to delete arbitrary know files on the host...

9.2AI score0.00872EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by