CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/02/04 11:37 p.m.•7 views

CVE-2024-40626

Outline is an open source, collaborative document editor. A type confusion issue was found in ProseMirror’s rendering process that leads to a Stored Cross-Site Scripting XSS vulnerability in Outline. An authenticated user can create a document containing a malicious JavaScript payload. When other...

7.3CVSS5.5AI score0.00486EPSS

Exploits1

NVD•added 2025/01/28 10:15 p.m.•20 views

CVE-2025-22917

A reflected cross-site scripting XSS vulnerability in Audemium ERP =0.9.0 allows remote attackers to execute an arbitrary JavaScript payload in the web browser of a user by including a malicious payload into the 'type' parameter of list.php...

5.4CVSS0.0024EPSS

Vulnrichment•added 2025/01/28 12:0 a.m.•4 views

CVE-2025-22917

5.4AI score0.0024EPSS

CNNVD•added 2024/12/27 12:0 a.m.•3 views

LinkAce 安全漏洞

LinkAce is a self-hosted archive of links to your favorite websites by Kevin Woblick Personal Developer. A security vulnerability exists in LinkAce versions prior to 1.15.6. An attacker exploiting this vulnerability could upload a malicious HTML file containing a JavaScript payload...

7.6CVSS6.4AI score0.00409EPSS

Exploits1References2

CVE•added 2024/12/12 12:46 p.m.•46 views

CVE-2024-36498

Image Access Scan2Net (Image Access Germany) is affected by a stored XSS vulnerability in the configuration menu’s Edit Disclaimer Text function due to missing input sanitization. The stored JavaScript payload executes in users’ browsers (including kiosk mode) when the ScanWizard loads. A fix was...

4.7CVSS6.3AI score0.00529EPSS

Exploits0References3

The Hacker News•added 2024/12/03 5:23 a.m.•7 views

Horns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript Payloads

A newly discovered malware campaign has been found to target private users, retailers, and service businesses mainly located in Russia to deliver NetSupport RAT and BurnsRAT. The campaign, dubbed Horns &Hooves by Kaspersky, has hit more than 1,000 victims since it began around March 2023. The end...

7.8AI score

The Hacker News•added 2024/11/11 11:55 a.m.•5 views

New GootLoader Campaign Targets Users Searching for Bengal Cat Laws in Australia

In an unusually specific campaign, users searching about the legality of Bengal Cats in Australia are being targeted with the GootLoader malware. "In this case, we found the GootLoader actors using search results for information about a particular cat and a particular geography being used to...

6.8AI score

0day.today•added 2024/10/22 12:0 a.m.•248 views

SofaWiki 3.9.2 Cross Site Scripting Vulnerability

Exploit Title: SofaWiki 3.9.2 - Stored XSS Authenticated Exploit Author: Chokri Hammedi Vendor Homepage: https://www.sofawiki.com Software Link: https://www.sofawiki.com/site/files/snapshot.zip Version: 3.9.2 Tested on: Windows XP Summary: A stored XSS exists in SofaWiki's Open Ticket feature. An...

7.4AI score

Packet Storm•added 2024/10/17 12:0 a.m.•335 views

SofaWiki 3.9.2 Cross Site Scripting

Exploit Title: SofaWiki 3.9.2 - Stored XSS Authenticated Date: 10/17/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.sofawiki.com Software Link: https://www.sofawiki.com/site/files/snapshot.zip Version: 3.9.2 Tested on: Windows XP Summary: A stored XSS exists in SofaWiki's Open...

7.4AI score

Cvelist•added 2024/09/26 12:0 a.m.•14 views

CVE-2024-45986

A stored Cross-Site Scripting XSS vulnerability was identified in Projectworld Online Voting System 1.0 that occurs when an account is registered with a malicious javascript payload. The payload is stored and subsequently executed in the voter.php and profile.php pages whenever the account...

0.00261EPSS

Vulnrichment•added 2024/09/26 12:0 a.m.•10 views

CVE-2024-45986

5.5AI score0.00261EPSS

CVE•added 2024/09/26 12:0 a.m.•48 views

CVE-2024-45986

Projectworld Online Voting System 1.0 contains a stored Cross-Site Scripting (XSS) vulnerability. The flaw occurs when an account is registered with a malicious JavaScript payload, which is stored and later executed in voter.php and profile.php whenever account information is accessed. Affected d...

5.4CVSS5.5AI score0.00261EPSS

Exploits1References1Affected Software1

NVD•added 2024/09/25 1:15 a.m.•19 views

CVE-2024-9141

Cross-Site Scripting XSS vulnerability in the Oct8ne system. This flaw could allow an attacker to embed harmful JavaScript code into the body of a chat message. This manipulation occurs when the chat content is intercepted and altered, leading to the execution of the JavaScript payload...

5.4CVSS0.00286EPSS

Cvelist•added 2024/09/24 10:50 a.m.•19 views

CVE-2024-9141 Cross-Site Scripting (XSS) vulnerability in Oct8ne

5.4CVSS0.00286EPSS

CVE•added 2024/09/24 10:50 a.m.•54 views

CVE-2024-9141

CVE-2024-9141 describes a Cross-Site Scripting (XSS) vulnerability in Oct8ne, where attacker-controlled chat content could be manipulated (intercepted/altered) to execute JavaScript in chat messages. Affected product: Oct8ne chat system. Underlying cause and exact vulnerable component are not exp...

5.4CVSS5.3AI score0.00286EPSS

Github Security Blog•added 2024/09/12 3:33 p.m.•13 views

MindsDB Cross-site Scripting vulnerability

9CVSS5.9AI score0.00467EPSS

Exploits1References3Affected Software1

OSV•added 2024/09/12 1:15 p.m.•2 views

CVE-2024-45856

5.4CVSS5.9AI score0.00467EPSS

Cvelist•added 2024/09/12 1:5 p.m.•21 views

CVE-2024-45856

9CVSS0.00467EPSS

NVD•added 2024/09/04 11:15 a.m.•13 views

CVE-2024-8413

Cross Site Scripting XSS vulnerability through the action parameter in index.php. Affected product codebase https://github.com/Bioshox/Raspcontrol and forks such as https://github.com/harmon25/raspcontrol . An attacker could exploit this vulnerability by sending a specially crafted JavaScript...

6.1CVSS0.00239EPSS