CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

40 matches found

RedhatCVE•added 2026/06/05 7:51 p.m.•4 views

CVE-2022-23961

In Thruk Monitoring through 2.46.3, the login field of the login form is vulnerable to reflected XSS. This vulnerability can be exploited by unauthenticated remote attackers to target users of the monitoring interface...

6.1CVSS5.5AI score0.00047EPSS

Exploits0References1

NVD•added 2026/05/08 5:16 a.m.•4 views

CVE-2022-23961

6.1CVSS0.00047EPSS

Exploits0References2

ATTACKERKB•added 2026/05/08 12:0 a.m.•5 views

CVE-2022-23961

5.8AI score0.00047EPSS

Exploits0References3

CVE•added 2026/05/08 12:0 a.m.•10 views

CVE-2022-23961

Thruk Monitoring (up to 2.46.3) is affected by a reflected XSS in the login field of the login form. The vulnerability can be exploited by unauthenticated remote attackers to target users of the monitoring interface. The CVSS-3.1 base score is 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). No exploit...

6.1CVSS5.8AI score0.00047EPSS

In wildExploits0References2

NVD•added 2026/04/26 10:17 p.m.•3 views

CVE-2018-25296

P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 2000-byte payload into the password field and click login to trigger an...

6.8CVSS0.00018EPSS

Exploits0References3

CVE•added 2026/02/19 5:56 p.m.•9 views

CVE-2026-23610

GFI MailEssentials AI (versions prior to 22.4) contains a stored XSS in the POP2Exchange config endpoint. An authenticated user can inject HTML/JavaScript into the POP3 login field within the JSON "popServers" payload to /MailEssentials/pages/MailSecurity/POP2Exchange.aspx/Save; the input is stor...

5.4CVSS5.4AI score0.00045EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/02/19 12:0 a.m.•3 views

PT-2026-20890

Name of the Vulnerable Software and Affected Versions GFI MailEssentials AI versions prior to 22.4 Description GFI MailEssentials AI versions before 22.4 have a stored cross-site scripting issue in the POP2Exchange configuration. A logged-in user can inject HTML or JavaScript into the POP3 server...

5.4CVSS5.4AI score0.00045EPSS

Exploits0References6

RedhatCVE•added 2026/01/09 10:49 a.m.•2 views

CVE-2022-37059

Cross Site Scripting XSS in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field...

4.8CVSS6.5AI score0.00257EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2005-3014

Malware in sbrugna...

4.3CVSS6.4AI score0.00335EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2005-2880

Malware in sbrugna...

7.5CVSS6.4AI score0.00768EPSS

Exploits1References6

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2008-6244

Malware in sbrugna...

6.8CVSS6.4AI score0.00493EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2010-1724

Malware in sbrugna...

7.5CVSS6.4AI score0.01606EPSS

Exploits1References7

Vulnrichment•added 2025/10/01 10:20 p.m.•3 views

CVE-2025-61582 Ts3 Manager: Unauthenticated Denial of Service possible through specially crafted Unicode input

TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A Denial of Dervice vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability permits an unauthenticated actor to crash the application through the submission of specially crafted Unicode input,...

7.5CVSS6.8AI score0.00198EPSS

Exploits1References2

CVE•added 2025/10/01 10:20 p.m.•14 views

CVE-2025-61582

TS3 Manager (Teamspeak3 server UI) is affected by CVE-2025-61582: an unauthenticated denial-of-service via specially crafted Unicode input submitted to the Server field on the login page. The root cause is improper handling of Unicode tag characters during ASCII conversion, causing an unhandled e...

7.5CVSS6.8AI score0.00198EPSS

Exploits1References2Affected Software1

Cvelist•added 2025/10/01 10:20 p.m.•17 views

CVE-2025-61582 Ts3 Manager: Unauthenticated Denial of Service possible through specially crafted Unicode input

7.5CVSS0.00198EPSS

Exploits1References2

Positive Technologies•added 2024/09/10 12:0 a.m.•1 views

PT-2024-7377 · Unknown · Edonline Ems

Name of the Vulnerable Software and Affected Versions: EdOnline EMS affected versions not specified Description: The issue is related to the lack of data cleaning and validation in the Login field of the authentication window, which can be exploited by a remote attacker to disclose protected...

9CVSS7.1AI score

Exploits0References1

ATTACKERKB•added 2023/12/29 2:15 a.m.•2 views

CVE-2023-31301

Stored Cross Site Scripting XSS Vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to execute arbitrary code and obtain sensitive information via the Username field of the login form and application log...

6.1CVSS6.8AI score0.00282EPSS

Exploits0References2

CNNVD•added 2022/12/15 12:0 a.m.•3 views

FeehiCMS 跨站脚本漏洞

FeehiCMS is a Php based CMS builder by Liufee Personal Developer. A security vulnerability exists in FeehiCMS version 2.1.1. An attacker can exploit this vulnerability to execute arbitrary code via the username field on the login page...

6.1CVSS6.8AI score0.00331EPSS

Exploits1References2