CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

CVE-2026-53929 NocoDB: Stored Cross-Site Scripting via Secure Attachment

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, with NCSECUREATTACHMENTS=true, an authenticated uploader could deliver .html or .svg attachments that the browser rendered inline from the NocoDB origin instead of forcing a download. The signed attachment handler stor...

5.1CVSS0.00288EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2010-2806

Malware in sbrugna...

3.5CVSS6.4AI score0.00905EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-2935

Malicious code in bioql PyPI...

5.3CVSS4.7AI score0.01068EPSS

Exploits0References4

Github Security Blog•added 2022/05/24 5:11 p.m.•16 views

Moodle Email media URL tokens were not checking for user status

A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token...

5.3CVSS7AI score0.01068EPSS

Exploits0References4Affected Software1

OSV•added 2022/05/24 5:11 p.m.•13 views

GHSA-774Q-WFCP-VC2Q Moodle Email media URL tokens were not checking for user status

5.3CVSS5AI score0.01068EPSS

Exploits0References4

OSV•added 2020/03/18 1:15 p.m.•26 views

CVE-2019-14883

5.3CVSS6.6AI score0.01068EPSS

Exploits0References2

UbuntuCve•added 2020/03/18 1:15 p.m.•18 views

CVE-2019-14883

5.3CVSS5.8AI score0.01068EPSS

Exploits0References3

Microsoft KB•added 2019/01/08 8:0 a.m.•62 views

Description of the security update for Outlook 2016: January 8, 2019

Description of the security update for Outlook 2016: January 8, 2019 Summary This security update resolves an information disclosure vulnerability that exists when Microsoft Outlook improperly handles certain types of messages. To learn more about the information disclosure vulnerability, see...

6.5CVSS6.6AI score0.06783EPSS

Exploits0

NVD•added 2015/01/09 6:59 p.m.•19 views

CVE-2014-9271

Cross-site scripting XSS vulnerability in filedownload.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename...

5.4CVSS5.1AI score0.01522EPSS

Exploits1References7

UbuntuCve•added 2015/01/09 6:59 p.m.•23 views

CVE-2014-9271

5.4CVSS6.2AI score0.01522EPSS

Exploits1References5

Prion•added 2015/01/09 6:59 p.m.•17 views

Cross site scripting

4.3CVSS5.6AI score0.01522EPSS

Exploits1References7Affected Software2

Cvelist•added 2015/01/09 6:0 p.m.•27 views

CVE-2014-9271

5.1AI score0.01522EPSS

Exploits1References7

Prion•added 2010/09/07 5:0 p.m.•14 views

Cross site scripting

Cross-site scripting XSS vulnerability in MantisBT before 1.2.2 allows remote authenticated users to inject arbitrary web script or HTML via an HTML document with a .gif filename extension, related to inline attachments...

3.5CVSS5.7AI score0.00905EPSS

Exploits0References5Affected Software1

Cvelist•added 2010/09/07 4:30 p.m.•27 views

CVE-2010-2802

5.8AI score0.00905EPSS

Exploits0References5

OSV•added 2006/03/07 11:2 a.m.•1 views

DEBIAN-CVE-2006-1045

The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP...

2.6CVSS6.5AI score0.0486EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by