CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

884 matches found

Cvelist•added 2025/10/30 12:0 a.m.•7 views

CVE-2025-52180

Cross-site scripting XSS vulnerability in Zucchetti Ad Hoc Infinity 4.2 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahi/jsp/gsfrfeditorHTML.jsp?pHtmlSource endpoint...

0.00209EPSS

Exploits0References2

Vulnrichment•added 2025/10/30 12:0 a.m.•3 views

CVE-2025-52180

6AI score0.00209EPSS

Exploits0References2

CVE•added 2025/10/30 12:0 a.m.•12 views

CVE-2025-52180

Summary: CVE-2025-52180 is a cross-site scripting (XSS) flaw in Zucchetti Ad Hoc Infinity 4.2 and earlier. The issue arises from an unvalidated pHtmlSource parameter at the endpoint /ahi/jsp/gsfr_feditorHTML.jsp?pHtmlSource, enabling remote, unauthenticated attackers to inject arbitrary JavaScrip...

6.1CVSS6AI score0.00209EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2025/10/17 3:52 p.m.•9 views

CVE-2025-9559

Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to read data...

6.5CVSS6.8AI score0.00367EPSS

Exploits1References1

Cvelist•added 2025/10/16 3:28 p.m.•24 views

CVE-2025-9559 Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to read data

Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to read data...

6.5CVSS0.00367EPSS

Exploits1References1