CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

57 matches found

Vulnrichment•added 2026/06/09 1:23 p.m.•6 views

CVE-2026-9279 Shell command injection in Logseq

Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name e.g. git, pandoc, grep, the argument string is concatenated with the command and passed to childprocess.spawn with the shell: true option, allowing shell...

8.7CVSS6.7AI score0.0027EPSS

Exploits0References2

NVD•added 2026/04/29 8:16 p.m.•2 views

CVE-2018-25309

MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can create threads with script tags in the subject parameter to execute arbitrary JavaScript in the browser...

7.2CVSS0.00261EPSS

Exploits1References3

Snyk•added 2026/03/30 6:8 p.m.•11 views

Cross-site Scripting (XSS)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Scripting XSS via the plugin parameter in plugin/YPTWallet/plugins/YPTWalletStripe/confirmButton.php. An attacker can execute arbitrary JavaScript in a...

9.3CVSS5.8AI score0.00296EPSS

Exploits1References2

Vulnrichment•added 2025/10/27 12:0 a.m.•2 views

CVE-2025-54965

An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is able to social engineer a user into clicking a malicious link may be able to execute arbitrary...

6.4AI score0.00164EPSS

Exploits0References2

Cvelist•added 2025/10/17 3:48 p.m.•9 views

CVE-2025-58747 Dify MCP OAuth Flow Vulnerable to XSS

Dify is an LLM application development platform. In Dify versions through 1.9.1, the MCP OAuth component is vulnerable to cross-site scripting when a victim connects to an attacker-controlled remote MCP server. The vulnerability exists in the OAuth flow implementation where the authorizationurl...

5.1CVSS0.05233EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2021-14196

Malware in sbrugna...

9.4CVSS6.3AI score0.00817EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2015-1408

Malware in sbrugna...

5CVSS9.3AI score0.01489EPSS

Exploits0References18

EUVD•added 2025/10/07 12:30 a.m.•7 views

EUVD-2017-1492

Malware in sbrugna...

5.4CVSS5.5AI score0.00498EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2006-4452

Malware in sbrugna...

5CVSS6.4AI score0.02845EPSS

Exploits1References6

EUVD•added 2025/10/07 12:30 a.m.•6 views

EUVD-2014-3208

Malware in sbrugna...

7.5CVSS9.3AI score0.01403EPSS

Exploits0References10

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-6190

Malware in sbrugna...

8.8CVSS8.8AI score0.02773EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•8 views

EUVD-2019-9115

Malware in sbrugna...

10CVSS9.2AI score0.04287EPSS

Exploits1References4

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-43485