CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

RedhatCVE•added 2026/01/09 10:0 a.m.•4 views

CVE-2020-7673

node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...

9.8CVSS7.1AI score0.01201EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:58 a.m.•4 views

CVE-2020-7672

mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to properties argument is executed by the eval function, resulting in code execution...

8.6CVSS7.1AI score0.00959EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-1043

Malware in sbrugna...

9.8CVSS9.3AI score0.01201EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-51295

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.00099EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-1996

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00167EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-34627

Malicious code in bioql PyPI...

7.8CVSS7.4AI score0.00213EPSS

Exploits0References1

OSV•added 2025/09/15 7:59 p.m.•3 views

GHSA-3GCM-F6QX-FF7P Flowise has Remote Code Execution vulnerability

Description Cause of the Vulnerability The CustomMCP node allows users to input configuration settings for connecting to an external MCP Model Context Protocol server. This node parses the user-provided mcpServerConfig string to build the MCP server configuration. However, during this process, it...

10CVSS8AI score0.85265EPSS

Exploits21References10

RedhatCVE•added 2025/05/22 9:29 p.m.•4 views

CVE-2021-3988

A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...

6.1CVSS6.2AI score0.00238EPSS

Exploits1

OSV•added 2025/04/09 3:56 p.m.•15 views

CVE-2025-32379 XSS at ctx.redirect() function in Koajs

Koa is expressive middleware for Node.js using ES2017 async functions. In koa 2.16.1 and 3.0.0-alpha.5, passing untrusted user input to ctx.redirect even after sanitizing it, may execute javascript code on the user who use the app. This issue is patched in 2.16.1 and 3.0.0-alpha.5...

5CVSS6.3AI score0.00311EPSS

Exploits0References4

Cvelist•added 2024/12/23 5:23 p.m.•17 views

CVE-2024-56363 APTRS has SSTI vulnerability

APTRS Automated Penetration Testing Reporting System is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. In 1.0, there is a vulnerability in the web application's handling of user-supplied input that is incorporated into a Jinja2...

7.8CVSS0.0009EPSS

Exploits0References2

Positive Technologies•added 2024/12/16 12:0 a.m.•1 views

PT-2024-36640 · Unknown · Ritesh Sanap Advanced

Name of the Vulnerable Software and Affected Versions: Ritesh Sanap Advanced What should we write next about versions 1.0.0 through 1.0.3 Description: The issue is related to an SQL Injection vulnerability, which occurs due to improper neutralization of special elements used in an SQL command. Th...

8.5CVSS8.1AI score0.00414EPSS

Exploits0References5

Positive Technologies•added 2024/08/01 12:0 a.m.•3 views

PT-2024-28580 · Unknown · Registrationmagic

Name of the Vulnerable Software and Affected Versions: RegistrationMagic versions prior to 6.0.0.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. Specifically, it is a Stored XSS vulnerability in the...

6.1CVSS5.7AI score0.00343EPSS

Exploits0References4

Vulnrichment•added 2024/04/08 2:21 a.m.•11 views

CVE-2023-52535

In vsp driver, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges needed...

4.7AI score0.0002EPSS

Exploits0References1

CNVD•added 2020/04/24 12:0 a.m.•3 views

Juplink Intelligent Technologies RX4-1500 Injection Vulnerability

The Juplink Intelligent Technologies RX4-1500 is a wireless router from Juplink Intelligent Technologies. A security vulnerability exists in the Juplink Intelligent Technologies RX4-1500 v1.0.3, which originates from the program failing to clean user input before executing it. A remote attacker...

6.9CVSS6.9AI score0.00668EPSS

Exploits1References1

Kitploit•added 2020/02/24 11:30 a.m.•173 views

Liffy - Local File Inclusion Exploitation Tool

LFI Exploitation tool A little python tool to perform Local file inclusion. Liffy v2.0 is the improved version of liffy which was originally created by rotlogix/liffy. The latter is no longer available and the former hasn't seen any development for a long time. Main feature data:// for code...

7.8AI score

Exploits0References5

NVD•added 2017/05/05 6:29 p.m.•15 views

CVE-2017-8799

Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users potentially anonymous to execute remote shell commands via iRODS virtual pathnames. To exploit this vulnerability, a virtual iRODS pathname that includes a semicolon would be retrieved vi...

9.8CVSS9.7AI score0.0092EPSS

Exploits0References1

OSV•added 2017/05/05 6:29 p.m.•12 views

CVE-2017-8799

9.8CVSS7.5AI score

Exploits0References1

securityvulns•added 2003/10/16 12:0 a.m.•34 views

ColdFusion SQL Error Pages XSS

---------- NOTE ABOUT COLDFUSION XSS ATTACKS Vendor: Macromedia Versions: MX 6.0 tested , older ? PROBLEM: When you access to an error page of sql you can insert xss code to be shown in the error uotput of the sql backend. example: http://target/article.cfm?id=1'scriptalertdocument.cookie;/script...

0.2AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by