CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

60 matches found

Gnuboard 5 - Cross-Site Scripting

Gnuboard 5 contains a cross-site scripting vulnerability via the $GET'LGDOID' parameter. id: CVE-2021-3831 info: name: Gnuboard 5 - Cross-Site Scripting author: arafatansari severity: medium description: | Gnuboard 5 contains a cross-site scripting vulnerability via the $GET'LGDOID' parameter...

7.1CVSS6.6AI score0.01812EPSS

Exploits1References3

Nuclei•added yesterday•49 views

Drawio <18.1.2 - Server-Side Request Forgery

Drawio before 18.1.2 is susceptible to server-side request forgery via the /service endpoint in jgraph/drawio. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-1815 info: nam...

7.5CVSS6.5AI score0.05704EPSS

Exploits1References5

Nuclei•added yesterday•34 views

Microweber <1.2.12 - Stored Cross-Site Scripting

Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability. It allows unrestricted upload of XML files,. id: CVE-2022-0963 info: name: Microweber 1.2.12 - Stored Cross-Site Scripting author: amit-jd severity: medium description: | Microweber prior to 1.2.12 contains a stored...

5.7CVSS6AI score0.01877EPSS

Exploits1References5

Nuclei•added yesterday•35 views

Easy!Appointments <1.4.3 - Broken Access Control

Easy!Appointments prior to 1.4.3 allows exposure of Private Personal Information to an unauthorized actor via the GitHub repository alextselegidis/easyappointments. id: CVE-2022-0482 info: name: Easy!Appointments 1.4.3 - Broken Access Control author: francescocarlucci,opencirt severity: critical...

9.1CVSS7.3AI score0.38133EPSS

Exploits7References5

Nuclei•added yesterday•18 views

Terraboard <2.2.0 - SQL Injection

Terraboard prior to 2.2.0 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-1883 info: name: Terraboard 2.2.0 - SQL Injection author:...

9.6CVSS7.4AI score0.0642EPSS

Exploits1References5

Nuclei•added yesterday•27 views

Microweber <1.2.11 - Cross-Site Scripting

Packagist prior to 1.2.11 contains a cross-site scripting vulnerability via microweber/microweber. User can escape the meta tag because the user doesn't escape the double-quote in the $redirectUrl parameter when logging out. id: CVE-2022-0678 info: name: Microweber 1.2.11 - Cross-Site Scripting...

6.5CVSS6.5AI score0.02273EPSS

Exploits1References5

Nuclei•added yesterday•37 views

Microweber <1.3.2 - Cross-Site Scripting

Code Injection in on search.php?keywords= GitHub repository microweber/microweber prior to 1.3.2. id: CVE-2022-3242 info: name: Microweber 1.3.2 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | Code Injection in on search.php?keywords= GitHub repository microweber/microweber...

6.1CVSS5.9AI score0.01356EPSS

Exploits1References4

Nuclei•added yesterday•47 views

Kavita <0.5.4.1 - Server-Side Request Forgery

Kavita before 0.5.4.1 is susceptible to server-side request forgery in GitHub repository kareadita/kavita. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-2756 info: name:...

7.1CVSS6.8AI score0.02298EPSS

Exploits1References4

Nuclei•added yesterday•32 views

Contao <4.13.3 - Cross-Site Scripting

Contao prior to 4.13.3 contains a cross-site scripting vulnerability. It is possible to inject arbitrary JavaScript code into the canonical tag. id: CVE-2022-24899 info: name: Contao 4.13.3 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Contao prior to 4.13.3 contains...

7.2CVSS6.8AI score0.03715EPSS

Exploits0References5

Nuclei•added yesterday•24 views

Mastodon Prototype Pollution Vulnerability

The GitHub repository mastodon/mastodon prior to 3.5.0 contains a Prototype Pollution vulnerability. id: CVE-2022-0432 info: name: Mastodon Prototype Pollution Vulnerability author: pikpikcu severity: medium description: The GitHub repository mastodon/mastodon prior to 3.5.0 contains a Prototype...

7.4CVSS6.7AI score0.04465EPSS

Exploits1References5

Nuclei•added yesterday•50 views

Microweber < 1.2.11 - CRLF Injection

CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11. id: CVE-2022-0666 info: name: Microweber 1.2.11 - CRLF Injection author: ritikchaddha severity: high description: | CRLF Injection leads to Sta...

7.6CVSS7.1AI score0.44259EPSS

Exploits1References3

Nuclei•added yesterday•19 views

Microweber Cross-Site Scripting

Microweber contains a reflected cross-site scripting in Packagist microweber/microweber prior to 1.2.11. id: CVE-2022-0378 info: name: Microweber Cross-Site Scripting author: pikpikcu severity: medium description: Microweber contains a reflected cross-site scripting in Packagist...

7.1CVSS6.5AI score0.03866EPSS

Exploits1References5

Nuclei•added yesterday•32 views

Rudloff alltube prior to 3.0.1 - Open Redirect

An open redirect vulnerability exists in Rudloff/alltube that could let an attacker construct a URL within the application that causes redirection to an arbitrary external domain via Packagist in versions prior to 3.0.1. id: CVE-2022-0692 info: name: Rudloff alltube prior to 3.0.1 - Open Redirect...

6.1CVSS6AI score0.03378EPSS

Exploits1References5

Nuclei•added yesterday•28 views

WordPress Related Posts <2.1.3 - Stored Cross-Site Scripting

WordPress Related Posts plugin prior to 2.1.3 contains a cross-site scripting vulnerability in the rp4wpheadingtext parameter. User input is not properly sanitized, allowing the insertion of arbitrary code that can allow an attacker to steal cookie-based authentication credentials and launch othe...

5.5CVSS6.2AI score0.01113EPSS

Exploits1References5

Nuclei•added yesterday•33 views

Drawio <18.0.4 - Server-Side Request Forgery

Drawio prior to 18.0.4 is vulnerable to server-side request forgery. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information. id: CVE-2022-1713 info: name: Drawio 18.0.4 - Server-Side Request Forgery author: pikpikcu severity: high...

7.5CVSS7.1AI score0.08667EPSS

Exploits1References4

Nuclei•added yesterday•44 views

Gitea <1.16.5 - Open Redirect

Gitea before 1.16.5 is susceptible to open redirect via GitHub repository go-gitea/gitea. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-1058 info: name: Gitea 1.16.5 - Open Redire...

7.2CVSS6.6AI score0.53177EPSS

Exploits1References3

Nuclei•added yesterday•25 views

RevealJS postMessage <4.3.0 - Cross-Site Scripting

RevealJS postMessage before 4.3.0 contains a cross-site scripting vulnerability via the document object model. id: CVE-2022-0776 info: name: RevealJS postMessage 4.3.0 - Cross-Site Scripting author: LogicalHunter severity: medium description: RevealJS postMessage before 4.3.0 contains a cross-sit...

6.1CVSS6AI score0.03679EPSS

Exploits1References5

Nuclei•added yesterday•35 views

Microweber <1.2.12 - Integer Overflow

Microweber before 1.2.12 is susceptible to integer overflow. The application allows large characters to insert in the input field 'first & last name,' which can allow an attacker to cause a denial of service via a crafted HTTP request. id: CVE-2022-0968 info: name: Microweber 1.2.12 - Integer...

7.2CVSS6.7AI score0.03731EPSS

Exploits1References5

Nuclei•added yesterday•29 views

Openemr < 7.0.0.1 - Cross-Site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1. id: CVE-2022-2733 info: name: Openemr 7.0.0.1 - Cross-Site Scripting author: ctflearner severity: medium description: | Cross-site Scripting XSS - Reflected in GitHub repository openemr/openemr prior to...

9.6CVSS6.8AI score0.95839EPSS

Exploits1References3

Nuclei•added yesterday•30 views

Microweber < 1.2.12 - Stored Cross-Site Scripting

Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability via the Type parameter in the body of POST request, which is triggered by Add/Edit Tax. id: CVE-2022-0928 info: name: Microweber 1.2.12 - Stored Cross-Site Scripting author: amit-jd severity: medium description: |...

6.8CVSS6.5AI score0.02389EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by