CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

59040 matches found

RedhatCVE•added 2025/12/20 7:11 a.m.•9 views

CVE-2025-66495

A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially...

7.8CVSS7.5AI score0.00255EPSS

Exploits0References1

RedhatCVE•added 2025/12/20 7:11 a.m.•7 views

CVE-2025-66493

A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025.2.1,14.0.1 and 13.2.1 on Windows . When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced,...

7.8CVSS7.5AI score0.00255EPSS

Exploits0References1

RedhatCVE•added 2025/12/20 12:12 a.m.•20 views

CVE-2025-67843

A Server-Side Template Injection SSTI vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file...

9.8CVSS8.1AI score0.01055EPSS

Exploits1References1

EUVD•added 2025/12/19 9:30 p.m.•9 views

EUVD-2025-204598

WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating web pages. Attackers can craft malicious payloads in page titles that execute arbitrary JavaScript when the page is viewed by other users...

6.4CVSS5.8AI score0.00201EPSS

Exploits1References4

Cvelist•added 2025/12/19 9:7 p.m.•27 views

CVE-2023-53953 WebsiteBaker 2.13.3 Stored Cross-Site Scripting via Page Creation

5.4CVSS0.00201EPSS

Exploits1References3

RedhatCVE•added 2025/12/19 8:18 p.m.•3 views

CVE-2023-53939

TinyWebGallery v2.5 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the folder name parameter. Attackers can edit album folder names with script tags to execute arbitrary JavaScript when other users view the affected...

5.4CVSS6.3AI score0.00201EPSS

Exploits1References1

EUVD•added 2025/12/19 7:17 p.m.•5 views

EUVD-2025-204585

Orejime has executable code in HTML attributes...

6.3CVSS6.5AI score0.00183EPSS

Exploits0References4

OSV•added 2025/12/19 7:17 p.m.•2 views

GHSA-72MH-HGPM-6384 Orejime has executable code in HTML attributes

Impact On HTML elements handled by Orejime, one could run malicious code by embedding javascript: code within data attributes. When consenting to the related purpose, Orejime would turn data attributes into unprefixed ones i.e. data-href into href, thus executing the code. This shouldn't have any...

6.1CVSS6.9AI score0.00183EPSS

Exploits0References5

NVD•added 2025/12/19 5:15 p.m.•4 views

CVE-2025-66580

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. A critical Stored Cross-Site Scripting XSS vulnerability exists in versions prior to 0.11.1 in the Mermaid diagram rendering component. The application allows the execution of arbitrary...

9.6CVSS0.00478EPSS

Exploits1References1

NVD•added 2025/12/19 5:15 p.m.•3 views

CVE-2025-68457

Orejime is a consent manager that focuses on accessibility. On HTML elements handled by Orejime prior to version 2.3.2, one could run malicious code by embedding javascript: code within data attributes. When consenting to the related purpose, Orejime would turn data attributes into unprefixed one...

6.1CVSS0.00183EPSS

Exploits0References3

Vulnrichment•added 2025/12/19 4:40 p.m.•2 views

CVE-2025-68457 Orejime has executable code in HTML attributes

2.3CVSS6.6AI score0.00183EPSS

Exploits0References3

CVE•added 2025/12/19 4:40 p.m.•9 views

CVE-2025-68457

CVE-2025-68457 affects Orejime prior to version 2.3.2. The issue arises when HTML elements managed by Orejime contain embedded javascript: code within data attributes. During consent related processing, Orejime converts data attributes (e.g., data-href) into unprefixed attributes (e.g., href), al...

6.1CVSS6.6AI score0.00183EPSS

Exploits0References3Affected Software1

Cvelist•added 2025/12/19 4:40 p.m.•24 views

CVE-2025-68457 Orejime has executable code in HTML attributes

2.3CVSS0.00183EPSS

Exploits0References3

OSV•added 2025/12/19 4:40 p.m.•3 views

CVE-2025-68457 Orejime has executable code in HTML attributes

2.3CVSS6.8AI score0.00183EPSS

Exploits0References5

Cvelist•added 2025/12/19 4:37 p.m.•24 views

CVE-2025-66580 Dive has Cross-Site Scripting vulnerability that can escalate to Remote Code Execution

9.6CVSS0.00478EPSS

Exploits1References1

OSV•added 2025/12/19 4:37 p.m.•5 views

CVE-2025-66580 Dive has Cross-Site Scripting vulnerability that can escalate to Remote Code Execution

9.6CVSS6AI score0.00478EPSS

Exploits1References3

EUVD•added 2025/12/19 4:37 p.m.•5 views

EUVD-2025-204564

9.6CVSS5.5AI score0.00478EPSS

Exploits1References1

RedhatCVE•added 2025/12/19 2:9 p.m.•5 views

CVE-2025-40892

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a...

8.9CVSS5.2AI score0.0021EPSS

Exploits0References1

OSV•added 2025/12/19 8:15 a.m.•2 views

CVE-2025-66500

A stored cross-site scripting XSS vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received...

5.4CVSS5.9AI score0.00173EPSS

Exploits0References1

NVD•added 2025/12/19 8:15 a.m.•4 views

CVE-2025-66500

6.3CVSS0.00173EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by