CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

280 matches found

Positive Technologies•added 2025/12/10 12:0 a.m.•2 views

PT-2025-50359

Name of the Vulnerable Software and Affected Versions Jenkins Coverage Plugin versions 2.3054.ve1ff7b a a 123b and earlier Description The Jenkins Coverage Plugin does not properly validate the configured coverage results ID when creating coverage results. Specifically, the validation occurs only...

8CVSS5.7AI score0.00024EPSS

Exploits0References6

EUVD•added 2025/12/09 6:30 p.m.•2 views

EUVD-2025-201879

@tiptap/extension-link vulnerable to Cross-site Scripting XSS...

6.1CVSS5.8AI score0.00038EPSS

Exploits1References5

Positive Technologies•added 2025/12/09 12:0 a.m.•1 views

PT-2025-49800

Name of the Vulnerable Software and Affected Versions @tiptap/extension-link versions prior to 2.10.4 Description The @tiptap/extension-link package is susceptible to Cross-site Scripting XSS because of unsanitized user input when setting or toggling links. An attacker can inject a javascript: UR...

6.1CVSS6.2AI score0.00038EPSS

Exploits1References8

Snyk•added 2025/12/02 1:20 a.m.•7 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via incomplete sanitization of certain SVG and MathML attributes, including xlink:href, math|href, as well as the attributeName attribute of SVG animation elements when it is bound to href or xlink:href. An...

8.7CVSS5.3AI score0.00027EPSS

Exploits1References2

OSV•added 2025/12/02 1:20 a.m.•8 views

GHSA-V4HV-RGFQ-GP49 Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes

A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain...

8.5CVSS7AI score0.00027EPSS

Exploits1References4

Snyk•added 2025/11/14 4:4 a.m.•1 views

Protection Mechanism Failure

Overview chrome-devtools-frontend is a Chrome DevTools UI Affected versions of this package are vulnerable to Protection Mechanism Failure through the openInNewTab function in the InspectorFrontendHostStub class within Chrome's DevTools component. An attacker can perform a sandbox escape by...

9.3CVSS6.7AI score0.00035EPSS

Exploits1References2

OSV•added 2025/10/30 5:8 p.m.•3 views

GHSA-CF57-C578-7JVV Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode

Summary When using subrequest authentication, Anubis did not perform validation of the redirect URL and redirects user to any URL scheme. While most modern browsers do not allow a redirect to javascript: URLs, it could still trigger dangerous behavior in some cases. GET...

5.1CVSS6.9AI score0.00079EPSS

Exploits0References5

RedhatCVE•added 2025/10/18 4:43 p.m.•5 views

CVE-2025-58747

Dify is an LLM application development platform. In Dify versions through 1.9.1, the MCP OAuth component is vulnerable to cross-site scripting when a victim connects to an attacker-controlled remote MCP server. The vulnerability exists in the OAuth flow implementation where the authorizationurl...

6.1CVSS6.6AI score0.00044EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2011-0017

Malware in sbrugna...

2.6CVSS6AI score0.00844EPSS

Exploits1References24

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-1005

Malware in sbrugna...

6.1CVSS6.3AI score0.017EPSS

Exploits0References5