CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-34311

Malicious code in bioql PyPI...

7.2CVSS8.7AI score0.00402EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-2455

Malicious code in bioql PyPI...

6.1CVSS6.1AI score0.0034EPSS

Exploits0References3

RedhatCVE•added 2025/02/05 4:28 a.m.•4 views

CVE-2024-9669

The File Manager Pro – Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.8.5 via the 'fmlocale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute...

7.2CVSS9.1AI score0.00175EPSS

Exploits0References1

Vulnrichment•added 2024/12/07 9:27 a.m.•10 views

CVE-2024-11010 FileOrganizer <= 1.1.4 - Authenticated (Administrator+) Local JavaScript File Inclusion

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.1.4 via the 'defaultlang' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, ...

7.2CVSS7.2AI score0.00402EPSS

Exploits0References4

Patchstack•added 2024/12/06 10:21 p.m.•5 views

WordPress FileOrganizer plugin <= 1.1.4 - Authenticated (Administrator+) Local JavaScript File Inclusion vulnerability

Authenticated Administrator+ Local JavaScript File Inclusion vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin FileOrganizer versions = 1.1.4...

7.2CVSS7AI score0.00402EPSS

Exploits0References1Affected Software1

OSV•added 2024/11/28 9:15 a.m.•1 views

CVE-2024-9669

7.2CVSS7.8AI score

Exploits0References5

Github Security Blog•added 2022/05/24 5:2 p.m.•14 views

GitBook allows Cross-site Scripting via a local .md file.

GitBook through 2.6.9 allows Cross-site Scripting via javascript inclusion in a local .md file...

5.4CVSS5.3AI score0.0027EPSS

Exploits1References3Affected Software1

CNVD•added 2020/12/15 12:0 a.m.•4 views

Moodle Cross-Site Scripting Vulnerability (CNVD-2021-28738)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A security vulnerability exists in Moodle that could allow JavaScript to be included in the title of a book chapter without being...

6.1CVSS6.5AI score0.0034EPSS

Exploits0References1

NVD•added 2020/12/08 1:15 a.m.•9 views

CVE-2020-25631

A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 where it was possible to include JavaScript in a book's chapter title, which was not escaped on the "Add new chapter" page. This is fixed in 3.9.2, 3.8.5 and 3.7.8...

6.1CVSS5.9AI score0.0034EPSS

Exploits0References1

CNVD•added 2017/11/24 12:0 a.m.•2 views

Cygnux sysPass Local File Inclusion Vulnerability

Cygnux sysPass is an open source multi-user password manager that features easy installation, a clear interface and multi-user options. A local file inclusion vulnerability exists in the javascript file inclusion feature in Cygnux sysPass 2.1.7 and earlier versions. An attacker can exploit this...

9.8CVSS6.6AI score0.0019EPSS

Exploits0References1