CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

Vulnrichment•added 2026/05/19 6:4 a.m.•7 views

CVE-2026-8830 Keycloak: org.keycloak/keycloak-services: keycloak: policy bypass during webauthn credential registration via client-side javascript manipulation

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction fails to validate that the newly created credential's parameters, such as public key...

4.3CVSS5.8AI score0.00017EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-6167

Malware in sbrugna...

8.8CVSS8.8AI score0.0025EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2014-3168

Malware in sbrugna...

9CVSS8.8AI score0.00621EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-2588

Malware in sbrugna...

5.3CVSS5.4AI score0.00318EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-26235

Malware in sbrugna...

9.8CVSS7.7AI score0.00615EPSS

Exploits0References2

RedhatCVE•added 2025/05/22 5:52 p.m.•8 views

CVE-2020-7643

paypal-adaptive through 0.4.2 manipulation of JavaScript objects resulting in Prototype Pollution. The PayPal function could be tricked into adding or modifying properties of Object.prototype using a proto payload...

5.3CVSS6.9AI score0.00318EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 10:1 a.m.•2 views

CVE-2019-8346

In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting XSS vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user's AD self-service passwor...

6.1CVSS6.3AI score0.03163EPSS

Exploits0References1

UbuntuCve•added 2023/10/16 9:15 a.m.•18 views

CVE-2023-5421

An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was...

5.5CVSS6AI score0.00304EPSS

Exploits0References2

Prion•added 2020/12/21 6:15 p.m.•9 views

Design/Logic Flaw

Loopback 8.0.0 contains a vulnerability that could allow an attacker to manipulate or pollute Javascript values and cause a denial of service or possibly execute code. IBM X-Force ID: 192706...

7.5CVSS8.8AI score0.00615EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2020/04/07 11:2 p.m.•27 views

CVE-2019-9816

A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all...

7.5CVSS1.3AI score0.11045EPSS

Exploits1References3

NVD•added 2020/02/24 6:15 p.m.•8 views

CVE-2019-10798

rdf-graph-array through 0.3.0-rc6 manipulation of JavaScript objects resutling in Prototype Pollution. The rdf.Graph.prototype.add method could be tricked into adding or modifying properties of Object.prototype...

5.3CVSS5.4AI score0.00344EPSS

Exploits1References2

Veracode•added 2019/07/01 12:15 a.m.•30 views

Denial Of Service (DoS)

firefox/thunderbird is vulnerable to denial of service. A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw...

8.8CVSS9AI score0.84291EPSS

Exploits7References8Affected Software4

Tenable Nessus•added 2019/06/18 12:0 a.m.•29 views

Mozilla Firefox ESR < 60.7.1

The version of Firefox ESR installed on the remote Windows host is prior to 60.7.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2019-18 advisory. - A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow f...

8.8CVSS8.1AI score0.84291EPSS

Exploits7References2

Cvelist•added 2019/05/21 11:9 p.m.•18 views

CVE-2019-10067

An issue was discovered in Open Ticket Request System OTRS 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the contex...

6.5AI score0.00378EPSS

Exploits0References4

NVD•added 2019/04/22 4:29 p.m.•14 views

CVE-2019-11454

Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...

6.1CVSS6.3AI score0.01111EPSS

Exploits1References8

NVD•added 2018/02/27 5:29 a.m.•12 views

CVE-2018-4900

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of...

6.5CVSS6.3AI score0.07498EPSS

Exploits0References3

myhack58•added 2005/11/04 12:0 a.m.•33 views

The most simple to bypass the Microsoft genuine authentication method[bypass WGA]-vulnerability warning-the black bar safety net

| IE open Window update in the event of selecting"Express install"or"custom install"page, in the address bar, enter the following command: Javascript:voidwindow. gsDisableWGACheck='all' Then press the ENTER key on! Then go back to the page for normal update, and through the authentication of the...

1.5AI score

Exploits0