CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-26312

Malicious code in bioql PyPI...

8.8CVSS4.9AI score0.00038EPSS

Exploits1References8

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-13924

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00189EPSS

Exploits1References3

OSV•added 2025/08/31 10:15 p.m.•2 views

CVE-2025-9747

A vulnerability has been found in Koillection up to 1.6.18. Affected is an unknown function of the file assets/controllers/csrfprotectioncontroller.js. Such manipulation leads to cross-site request forgery. The attack can be executed remotely. The exploit has been disclosed to the public and may ...

8.8CVSS4.5AI score

Exploits0References8

NVD•added 2025/08/31 10:15 p.m.•2 views

CVE-2025-9747

8.8CVSS0.00038EPSS

Exploits1References8

Vulnrichment•added 2025/08/31 9:32 p.m.•2 views

CVE-2025-9747 Koillection csrf_protection_controller.js cross-site request forgery

5.3CVSS6.2AI score0.00038EPSS

Exploits1References8

CVE•added 2025/08/31 9:32 p.m.•13 views

CVE-2025-9747

Koillection vulnerability CVE-2025-9747 affects versions up to 1.6.18 due to an unknown function in assets/controllers/csrf_protection_controller.js, enabling cross-site request forgery. The issue can be exploited remotely, and the exploit has been disclosed publicly. A fix is available in versio...

8.8CVSS4.6AI score0.00038EPSS

Exploits1References8Affected Software1

Cvelist•added 2025/08/31 9:32 p.m.•7 views

CVE-2025-9747 Koillection csrf_protection_controller.js cross-site request forgery

5.3CVSS0.00038EPSS

Exploits1References8

Positive Technologies•added 2025/08/31 12:0 a.m.•3 views

PT-2025-35428

Name of the Vulnerable Software and Affected Versions: Koillection versions up to 1.6.18 Description: A cross-site request forgery issue exists in Koillection. The issue is related to an unknown function within the assets/controllers/csrf protection controller.js file. This manipulation can be...

8.8CVSS4.4AI score0.00038EPSS

Exploits1References12

CNNVD•added 2025/08/31 12:0 a.m.•3 views

Koillection 安全漏洞

Koillection is a self-hosted service by the individual developer Benjamin Jonard that allows users to manage any type of collection. A security vulnerability exists in Koillection 1.6.18 and earlier versions, which stems from a cross-site request forgery attack due to misuse of the file...

8.8CVSS4.8AI score0.00038EPSS

Exploits1References9

RedhatCVE•added 2025/05/09 12:28 a.m.•8 views

CVE-2025-29746

Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components...

6.1CVSS6.8AI score0.00189EPSS

Exploits1References1

Github Security Blog•added 2025/05/07 9:31 p.m.•9 views

Koillection Cross Site Scripting vulnerability

Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components...

6.1CVSS6.7AI score0.00189EPSS

Exploits1References6Affected Software1

OSV•added 2025/05/07 9:31 p.m.•2 views

GHSA-FXVX-GFMR-5XFJ Koillection Cross Site Scripting vulnerability

Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components...

6.1CVSS6.6AI score0.00189EPSS

Exploits1References6

OSV•added 2025/05/07 7:16 p.m.•1 views

CVE-2025-29746

Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components...

6.1CVSS7AI score

Exploits0References2

NVD•added 2025/05/07 7:16 p.m.•7 views

CVE-2025-29746

Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components...

6.1CVSS0.00189EPSS

Exploits1References2

Vulnrichment•added 2025/05/07 12:0 a.m.•4 views

CVE-2025-29746

Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components...

6.2AI score0.00189EPSS

Exploits1References2

Positive Technologies•added 2025/05/07 12:0 a.m.•2 views

PT-2025-20294 · Unknown · Koillection

Name of the Vulnerable Software and Affected Versions: Koillection version 1.6.10 Description: A Cross Site Scripting issue allows a remote attacker to escalate privileges via the collection, Wishlist, and album components. Recommendations: For Koillection version 1.6.10, consider restricting...

6.1CVSS6.2AI score0.00189EPSS

Exploits1References12

Cvelist•added 2025/05/07 12:0 a.m.•10 views

CVE-2025-29746

Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components...

0.00189EPSS

Exploits1References2

CVE•added 2025/05/07 12:0 a.m.•45 views

CVE-2025-29746

CVE-2025-29746 is a Cross Site Scripting (XSS) vulnerability in Koillection v1.6.10 that enables a remote attacker to escalate privileges through the collection, Wishlist, and album components. The vulnerability is documented across multiple sources (Red Hat, OSV, GitHub advisories, Snyk) with re...

6.1CVSS6.3AI score0.00189EPSS

Exploits1References2Affected Software1

CNNVD•added 2025/05/07 12:0 a.m.•3 views

Koillection 安全漏洞

Koillection is a self-hosted service by Benjamin Jonard Personal Developer that allows users to manage any type of collection. A security vulnerability exists in Koillection version 1.6.10, which stems from cross-site scripting and could lead to elevation of privilege...

6.1CVSS5.8AI score0.00189EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by