CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5092 matches found

CNNVD•added 2024/12/27 12:0 a.m.•3 views

LinkAce 安全漏洞

LinkAce is a self-hosted archive of links to your favorite websites by Kevin Woblick Personal Developer. A security vulnerability exists in LinkAce versions prior to 1.15.6 that stems from user input that is not properly cleaned or encoded before being reflected in an HTML response. An attacker...

5.4CVSS6.7AI score0.00282EPSS

Exploits1References2

CNNVD•added 2024/12/27 12:0 a.m.•9 views

WordPress plugin wp-publications 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin wp-publications has a cross-site scripting vulnerability, the vulnerability stems from...

4.8CVSS6.2AI score0.0116EPSS

Exploits3References3

Positive Technologies•added 2024/12/21 12:0 a.m.•6 views

PT-2024-56: Cross-site Scripting (XSS) in SimpleXLSX

The vulnerability was identified in SimpleXLSX versions 1.0.12-1.1.12. The discovered vulnerability allows an attacker to inject an arbitrary JavaScript code. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 21.12.2024 Recommendations: Update to version or higher...

6.8CVSS6.3AI score0.00241EPSS

Exploits0

CVE•added 2024/12/20 3:52 p.m.•65 views

CVE-2024-10385

CVE-2024-10385 affects DirectAdmin Evolution Skin’s ticket management system. It describes a stored XSS vulnerability that allows a low-privileged user to inject and persist malicious JavaScript; if an admin views the ticket, the script may perform privileged actions, including command execution....

8.6CVSS5.9AI score0.00637EPSS

Exploits0References2

CNVD•added 2024/12/13 12:0 a.m.•7 views

IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2024-49170)

IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...

6.4CVSS6AI score0.00222EPSS

Exploits0References1

OSV•added 2024/12/12 9:51 p.m.•7 views

USN-7158-1 smarty3 vulnerabilities

It was discovered that Smarty incorrectly handled query parameters in requests. An attacker could possibly use this issue to inject arbitrary Javascript code, resulting in denial of service or potential execution of arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubun...

7.3CVSS7.6AI score0.01016EPSS

Exploits1References4

CVE•added 2024/12/11 2:59 p.m.•47 views

CVE-2024-50585

CVE-2024-50585 affects the Numerix License Server (Numerix, Inc.). Users who click a malicious link or visit an attacker-controlled site can have arbitrary JavaScript executed in the context of the Numerix License Server Administration System Login (nlslogin.jsp) page. The vulnerability can be tr...

4.7CVSS6.6AI score0.00462EPSS

Exploits0References2

Positive Technologies•added 2024/12/11 12:0 a.m.•13 views

PT-2024-55: Cross-site Scripting (XSS) in SimpleXLSX

The vulnerability was identified in SimpleXLSX, versions 1.0.12-1.1.11. The discovered vulnerability allows an attacker to inject an arbitrary JavaScript code. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 11.12.2024 Recommendations: Update to version 1.1.12 or high...

6.8CVSS6.6AI score0.00444EPSS

Exploits0References1

BDU FSTEC•added 2024/12/11 12:0 a.m.•3 views

The software for managing and publishing geodata on the OSGeo GeoServer platform is vulnerable due to lack of measures taken to protect the website structure. This vulnerability allows attackers to perform cross-site scripting attacks (XSS).

The vulnerability of the software for managing and publishing geodata on the OSGeo GeoServer server exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor, operating remotely, to perform cross-site scripting attacks X...

6.5CVSS5.2AI score

Exploits0Affected Software1

NVD•added 2024/12/10 10:15 p.m.•25 views

CVE-2024-52862

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

5.4CVSS0.00388EPSS

Exploits0References1

NVD•added 2024/12/10 10:15 p.m.•14 views

CVE-2024-52991

5.4CVSS0.00388EPSS

Exploits0References1

NVD•added 2024/12/10 10:15 p.m.•10 views

CVE-2024-52857

5.4CVSS0.00388EPSS

Exploits0References1

NVD•added 2024/12/10 10:15 p.m.•10 views

CVE-2024-52829

5.4CVSS0.00477EPSS

Exploits0References1

NVD•added 2024/12/10 10:15 p.m.•9 views

CVE-2024-52816

5.4CVSS0.00477EPSS

Exploits0References1

NVD•added 2024/12/10 10:15 p.m.•16 views

CVE-2024-43742

5.4CVSS0.00669EPSS

Exploits0References1

NVD•added 2024/12/10 10:15 p.m.•19 views

CVE-2024-43744

5.4CVSS0.00669EPSS

Exploits0References1

CVE•added 2024/12/10 10:4 p.m.•59 views

CVE-2024-52861

CVE-2024-52861 affects Adobe Experience Manager (AEM) 6.5.21 and earlier. The vulnerability is a stored Cross-Site Scripting (XSS) flaw in vulnerable form fields, allowing an attacker to inject and execute malicious JavaScript in a victim’s browser when loading a page containing the compromised f...

5.4CVSS5.5AI score0.00388EPSS

Exploits0References1Affected Software1