CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

Github Security Blog•added 2026/05/07 12:8 a.m.•8 views

OpenSearch vulnerable to improper authorization for Rollover Requests

Description A flaw was identified in the OpenSearch Security plugin's handling of index rollover requests. When a rollover request included an explicit target index name, the security plugin did not properly evaluate access control permissions against the target index. This could allow a user wit...

5.8AI score

Exploits0References2Affected Software1

RedhatCVE•added 2025/10/09 12:14 a.m.•6 views

CVE-2025-60298

Novel-Plus up to 5.2.4 was discovered to contain a Stored Cross-Site Scripting XSS vulnerability via the /author/updateIndexName endpoint. This vulnerability allows authenticated attackers to inject malicious JavaScript code through the indexName parameter, which gets stored in the database and...

5.4CVSS5.6AI score0.00026EPSS

Exploits1References1

NVD•added 2025/10/08 1:15 p.m.•3 views

CVE-2025-60298

5.4CVSS0.00026EPSS

Exploits1References3

OSV•added 2025/10/08 1:15 p.m.•4 views

CVE-2025-60298

5.4CVSS5.7AI score

Exploits0References3

EUVD•added 2025/10/08 12:0 a.m.•3 views

EUVD-2025-33176

5.4CVSS5.2AI score0.00026EPSS

Exploits1References4

CNNVD•added 2025/10/08 12:0 a.m.•3 views

Novel-Plus 安全漏洞

Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. A security vulnerability exists in Novel-Plus versions 5.2.4 and earlier, which stems from unvalidated input of the indexName parameter and could lead to a stored cross-site scripting attack...

5.4CVSS5.9AI score0.00026EPSS

Exploits1References4

Cvelist•added 2025/10/08 12:0 a.m.•6 views

CVE-2025-60298

0.00026EPSS

Exploits1References2

Vulnrichment•added 2025/10/08 12:0 a.m.•3 views

CVE-2025-60298

5.3AI score0.00026EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2011-3148

Malware in sbrugna...

4.3CVSS6AI score0.00604EPSS

Exploits1References12

ATTACKERKB•added 2023/10/20 4:15 a.m.•2 views

CVE-2023-45471

The QAD Search Server is vulnerable to Stored Cross-Site Scripting XSS in versions up to, and including, 1.0.0.315 due to insufficient checks on indexes. This makes it possible for unauthenticated attackers to create a new index and inject a malicious web script into its name, that will execute...

5.4CVSS6.1AI score0.00308EPSS

Exploits2References2

GithubExploit•added 2023/10/14 3:20 p.m.•13 views

Exploit for Cross-site Scripting in Qad Search_Server

CVE ID: CVE-2023-45471 Vulnerability Type: Cross-Site S...

5.4CVSS5.9AI score0.00308EPSS

Exploits2

NVD•added 2020/03/19 2:15 p.m.•8 views

CVE-2019-20523

ilchCMS 2.1.23 allows XSS via the index.php/partner/index Name parameter...

6.1CVSS6AI score0.00328EPSS

Exploits1References1

RedHat Linux•added 2020/03/18 2:51 p.m.•2 views

elasticsearch: Improper permission issue when attaching a new name to an index

A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the aliases, shrink, or split endpoints are used . If the elasticsearch.yml file has xpack.security.dlsfls.enabled set to false, certain permission...

8.1CVSS5.8AI score0.01013EPSS

Exploits0References4

OSV•added 2019/01/29 12:29 a.m.•1 views

UBUNTU-CVE-2019-7152

A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::processFunctions in wasm/wasm-binary.cpp when calling wasm::WasmBinaryBuilder::getFunctionIndexName in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-op...

6.5CVSS6AI score0.00308EPSS

Exploits1References5

OSV•added 2011/08/29 5:55 p.m.•2 views

DEBIAN-CVE-2011-3181

Multiple cross-site scripting XSS vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML via a 1 table name, 2 column name, or 3 index name...

4.3CVSS5.7AI score0.00604EPSS

Exploits1References1