CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2024/10/30 12:0 a.m.•10 views

CVE-2024-31972

EnGenius ESR580 A8J-EMR5000 devices allow a remote attacker to conduct stored XSS attacks that could lead to arbitrary JavaScript code execution under the context of the user's session via the Wi-Fi SSID input fields. Web scripts embedded into the vulnerable fields this way are executed immediate...

0.00098EPSS

Cvelist•added 2024/10/30 12:0 a.m.•11 views

CVE-2024-42041

The com.videodownload.browser.videodownloader aka AppTool-Browser-Video All Video Downloader application 20-30.05.24 for Android allows an attacker to execute arbitrary JavaScript code via the acr.browser.lightning.DefaultBrowserActivity component...

0.00307EPSS

RedHat Linux•added 2024/10/28 1:13 a.m.•42 views

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS7.6AI score0.03683EPSS

Exploits8References17

RedHat Linux•added 2024/10/28 12:58 a.m.•38 views

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

9.8CVSS7.6AI score0.03683EPSS

Exploits2References13

Positive Technologies•added 2024/10/09 12:0 a.m.•5 views

PT-2024-32: Stored Cross-Site Scripting (Stored XSS) in Passwork

The vulnerability was identified in Passwork version 6.4.0. The application does not process the data received from the user, which is necessary for safety use during web page formation. Discovered vulnerability allows an attacker to execute arbitrary JavaScript code in victim's browser...

6.8CVSS8AI score

Positive Technologies•added 2024/08/20 12:0 a.m.•1 views

PT-2024-82: Reflected Cross-Site Scripting (XSS) in Netcat CMS (netshop module)

The vulnerability was identified in Netcat CMS netshop module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...

Positive Technologies•added 2024/08/20 12:0 a.m.•2 views

PT-2024-92: Reflected Cross-Site Scripting (XSS) in Netcat CMS (filemanager module)

The vulnerability was identified in Netcat filemanager module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...

Positive Technologies•added 2024/08/20 12:0 a.m.•2 views

PT-2024-85: Reflected Cross-Site Scripting (XSS) in Netcat CMS (netshop module)

Positive Technologies•added 2024/08/20 12:0 a.m.•2 views

PT-2024-80: Reflected Cross-Site Scripting (XSS) in Netcat CMS (comments module)

The vulnerability was identified in Netcat comments module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...

NVD•added 2024/07/22 3:15 p.m.•14 views

CVE-2024-32484

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability...

8.2CVSS0.07183EPSS

Exploits1References2

OSV•added 2024/07/22 3:15 p.m.•14 views

CVE-2024-32484

8.2CVSS6.4AI score

Exploits0References2

CVE•added 2024/07/22 2:20 p.m.•61 views

CVE-2024-32484

Affected product: Ankitects Anki (entries reference Anki up to 25.02). The connected documents indicate CVE-2025-43703 describes an incomplete fix for CVE-2024-32484, resulting in attacker‑controlled access to the internal API via crafted decks/SRC attributes, effectively enabling scripted access...

8.2CVSS7.4AI score0.07183EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2024/07/22 2:20 p.m.•16 views

CVE-2024-32484

7.4CVSS6.6AI score0.07183EPSS

Exploits1References1

Positive Technologies•added 2024/07/22 12:0 a.m.•2 views

PT-2024-24608 · Ankitects +1 · Anki +1

Name of the Vulnerable Software and Affected Versions: Ankitects Anki version 24.04 Description: A reflected XSS issue exists in the handling of invalid paths in the Flask server. This can be triggered by a specially crafted flashcard, leading to JavaScript code execution and potentially resultin...

8.2CVSS8AI score0.07183EPSS

Exploits1References16

CNVD•added 2024/07/02 12:0 a.m.•4 views

IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2024-30630)

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A cross-site scripting vulnerability exists in IBM InfoSphere Information Server that stems from...

5.4CVSS5.8AI score0.00147EPSS

OSV•added 2024/06/19 3:36 a.m.•17 views

SUSE-FU-2024:2078-1 Feature update for rabbitmq-server313, erlang26, elixir115

This update for rabbitmq-server313, erlang26, elixir115 fixes the following issues: rabbitmq-server was implemented with a parallel versioned RPM package at version 3.13.1 jscPED-8414: - Security issues fixed: CVE-2021-22116: Fixed improper input validation that may lead to Denial of Sercice DoS...

7.5CVSS6.3AI score0.01026EPSS

Exploits2References16

Cvelist•added 2024/06/14 5:17 p.m.•21 views

CVE-2024-37888 The Open Link CKEditor plugin has a cross-site scripting (XSS) vulnerability in open link functionality

The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version 1.0.5...

6.1CVSS0.20643EPSS