CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

215 matches found

EUVD•added 2026/05/14 5:38 a.m.•7 views

EUVD-2025-209832

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to inject HTML and JavaScript into email notifications sent to other users due to improper input sanitizatio...

5.4CVSS5.8AI score0.0003EPSS

Exploits0References3

Vulnrichment•added 2026/04/07 3:13 p.m.•3 views

CVE-2025-24818 An OS Command Injection vulnerability in Nokia MantaRay NM

Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log Search application...

5.9AI score0.00125EPSS

Exploits0References1

Cvelist•added 2026/03/31 8:19 p.m.•23 views

CVE-2026-3470

A vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to data corruption, allowing a remote authenticated attacker as admin user could exploit this issue by providing crafted input that corrupts application database...

0.00052EPSS

Exploits0References1

Positive Technologies•added 2026/03/31 12:0 a.m.•3 views

PT-2026-29346

Name of the Vulnerable Software and Affected Versions SonicWall Email Security affected versions not specified Description A flaw exists in the SonicWall Email Security appliance related to insufficient input validation. This could result in data corruption, potentially allowing a remote attacker...

3.8CVSS5.9AI score0.00052EPSS

Exploits0References4

NVD•added 2026/03/23 7:16 p.m.•4 views

CVE-2025-15606

A Denial-of-Service DoS vulnerability in the httpd component of TP-Link's TD-W8961N v4.0 due to improper input sanitization, allows crafted requests to trigger a processing error that causes the httpd service to crash. Successful exploitation may allow the attacker to cause service interruption,...

7.5CVSS0.00067EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 10:50 a.m.•6 views

CVE-2022-37063

All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to Cross Site Scripting XSS due to improper input sanitization. An authenticated remote attacker can execute arbitrary JavaScript code in the web management interface. A successful exploit could allow the...

5.4CVSS5.1AI score0.00346EPSS

Exploits3References1

Positive Technologies•added 2026/01/05 12:0 a.m.•1 views

PT-2026-1301

Name of the Vulnerable Software and Affected Versions Waituk Entrada versions through 5.7.7 Description An improper neutralization of special elements used in an SQL command vulnerability exists in Waituk Entrada, allowing for SQL injection. This issue could potentially allow unauthorized databas...

9.3CVSS7.3AI score0.00029EPSS

Exploits0References7

RedhatCVE•added 2025/12/27 12:5 a.m.•4 views

CVE-2025-67349

A cross-site scripting XSS vulnerability was identified in FluentCMS 1.2.3. After logging in as an admin and navigating to the "Add Page" function, the application fails to properly sanitize input in the...

6.1CVSS5.9AI score0.00011EPSS

Exploits1References1

Veracode•added 2025/12/11 6:58 p.m.•3 views

Improper Input Sanitization

mdast-util-to-hast is vulnerable to Improper Input Sanitization. The vulnerability is due to the utility allowing multiple unprefixed classnames to be injected via character references in markdown, which allows an attacker to disguise malicious code elements so they appear as trusted parts of the...

6.9CVSS6.9AI score0.00086EPSS

Exploits0References4Affected Software1

CNNVD•added 2025/12/09 12:0 a.m.•1 views

WordPress plugin REHub Framework 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

6.5CVSS5.9AI score0.00009EPSS

Exploits0References1

Cvelist•added 2025/11/19 5:38 p.m.•9 views

CVE-2025-65095 Lookyloo is vulnerable due to improper user input sanitization

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to version 1.35.1, there is potential cross-site scripting on index and tree page. This issue has been patched in version 1.35.1...

9.4CVSS0.0006EPSS

Exploits0References4

CNNVD•added 2025/11/06 12:0 a.m.•1 views

WordPress plugin Gutenify 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

7.1CVSS5.8AI score0.00031EPSS

Exploits0References1

RedhatCVE•added 2025/10/28 2:38 a.m.•0 views

CVE-2025-62913

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpopal Opal Service opal-service allows Stored XSS.This issue affects Opal Service: from n/a through = 1.9.1...

6.5CVSS6AI score0.0003EPSS

Exploits0References1

Positive Technologies•added 2025/10/22 12:0 a.m.•3 views

PT-2025-43200

Name of the Vulnerable Software and Affected Versions xtemos WoodMart versions prior to 8.3.2 Description The software contains a flaw related to improper input handling during web page generation, specifically a DOM-Based Cross-site Scripting issue. This allows for the execution of malicious...

6.5CVSS6.8AI score0.0003EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-24646

Malware in sbrugna...

9.9CVSS9.2AI score0.00722EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-10763

Malware in sbrugna...

4.9CVSS5.2AI score0.0164EPSS

Exploits2References5