CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

OSV•added 2026/03/18 12:28 p.m.•3 views

MAL-2026-1624 Malicious code in @inter-ikea-gallery/integration (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41711fef02809de5ee632f210cfe1102fe06ee4273743b408ec9ae92d7cb9277 The package @inter-ikea-gallery/integration was found to contain malicious code...

5.8AI score

Exploits0

OSSF Malicious Packages•added 2026/03/18 12:28 p.m.•15 views

Malicious code in @inter-ikea-gallery/integration (npm)

5.8AI score

Exploits0

Snyk•added 2026/02/04 6:2 p.m.•1 views

Regular Expression Denial of Service (ReDoS)

Overview apollo-server is a Production ready GraphQL Server Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the startStandaloneServer function. An attacker can cause the server to become unresponsive by sending specially crafted request bodies wi...

8.7CVSS5.6AI score0.00023EPSS

Exploits0References2

Snyk•added 2026/02/04 6:2 p.m.•2 views

Regular Expression Denial of Service (ReDoS)

Overview @apollo/server is a spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. Successor to apollo-server-core, et al. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the startStandaloneServer...

8.7CVSS5.6AI score0.00023EPSS

Exploits0References2

OSV•added 2025/12/18 11:40 a.m.•2 views

BIT-KIBANA-2025-37732 Kibana Cross-site Scripting via the Integration Package Upload Functionality

Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an authenticated user to render HTML tags within a user’s browser via the integration package upload functionality. This issue is related to ESA-2025-17 CVE-2025-25018 bypassing that fix to achieve HT...

5.4CVSS6.7AI score0.00024EPSS

Exploits0References2

OSV•added 2025/12/18 11:37 a.m.•2 views

BIT-ELK-2025-37732 Kibana Cross-site Scripting via the Integration Package Upload Functionality

5.4CVSS6.7AI score0.00024EPSS

Exploits0References2

Tenable Nessus•added 2025/12/17 12:0 a.m.•2 views

Kibana 7.0.x < 8.19.8 / 9.0.x < 9.1.8 / 9.2.x < 9.2.2 XSS (ESA-2025-28)

The version of Kibana running on the remote host is prior to 7.0 prior to 8.19.8, 9.0 prior to 9.1.8 and 9.2 prior to 9.2.2. It is, therefore, affected by a cross-site scripting vulnerability as referenced in the ESA-2025-28 advisory. - Improper neutralization of input during web page generation...

5.4CVSS7.7AI score0.00024EPSS

Exploits0References2

OSV•added 2025/12/15 11:15 a.m.•3 views

CVE-2025-37732

5.4CVSS6.7AI score

Exploits0References1

NVD•added 2025/12/15 11:15 a.m.•4 views

CVE-2025-37732

5.4CVSS0.00024EPSS

Exploits0References1

EUVD•added 2025/12/15 10:21 a.m.•3 views

EUVD-2025-203357

8.7CVSS6.2AI score0.00028EPSS

Exploits0References2

Vulnrichment•added 2025/12/15 10:21 a.m.•1 views

CVE-2025-37732 Kibana Cross-site Scripting via the Integration Package Upload Functionality

5.4CVSS6.3AI score0.00024EPSS

Exploits0References1

Cvelist•added 2025/12/15 10:21 a.m.•26 views

CVE-2025-37732 Kibana Cross-site Scripting via the Integration Package Upload Functionality

5.4CVSS0.00024EPSS

Exploits0References1

CVE•added 2025/12/15 10:21 a.m.•9 views

CVE-2025-37732

CVE-2025-37732 is a Kibana Cross-site Scripting (XSS) vulnerability via the Integration Package Upload Functionality. The root cause is improper neutralization of input during web page generation (CWE-79). An authenticated user can cause HTML tags to be rendered in a user’s browser, leading to HT...

5.4CVSS8AI score0.00024EPSS

Exploits0References1Affected Software1

Snyk•added 2025/12/15 10:21 a.m.•1 views

Cross-site Scripting (XSS)

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the integration package upload functionality. An attacker can execute arbitrary HTML or script code i...

5.4CVSS5.5AI score0.00024EPSS

Exploits0References2

Elastic•added 2025/12/15 10:15 a.m.•9 views

Kibana 8.19.8, 9.1.8, and 9.2.2 Security Update (ESA-2025-28)

Kibana Cross-site Scripting via the Integration Package Upload Functionality ESA-2025-28 Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an authenticated user to render an HTML page within a user’s browser via the integration package upload...

8.7CVSS6.5AI score0.00028EPSS

Exploits0

NVD•added 2019/10/30 10:15 p.m.•6 views

CVE-2019-18632

European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because an attacker can sign a manipulated SAML response with a forged certificate...

9.8CVSS9.4AI score0.00196EPSS

Exploits1References1

OSV•added 2019/10/30 10:15 p.m.•10 views

CVE-2019-18632

European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because an attacker can sign a manipulated SAML response with a forged certificate...

9.8CVSS6.8AI score

Exploits0References1

NVD•added 2019/10/30 10:15 p.m.•6 views

CVE-2019-18633

European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate Validation because a certain ExplicitKeyTrustEvaluator return value is not checked. NOTE: only 2.1 is confirmed to be affected...

9.8CVSS9.4AI score0.00196EPSS

Exploits1References1

OSV•added 2019/10/30 10:15 p.m.•9 views

CVE-2019-18633

9.8CVSS6.8AI score

Exploits0References1

Prion•added 2019/10/30 10:15 p.m.•4 views

Code injection

European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because an attacker can sign a manipulated SAML response with a forged certificate...

7.5CVSS9.3AI score0.00196EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by