CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2164 matches found

GithubExploit•added 2025/10/25 3:34 p.m.•115 views

Exploit for CVE-2025-63307

CVE-2025-63307 – Authenticated Stored Cross-site Scripting XS...

8.1CVSS5.4AI score0.00051EPSS

Exploits2

EUVD•added 2025/10/24 3:31 p.m.•3 views

EUVD-2025-35851

Emoncms 11.7.3 is vulnerable to Cross Site in the input handling mechanism. This vulnerability allows authenticated attackers with API access to inject malicious JavaScript code that executes when administrators view the application logs...

6.1CVSS6.2AI score0.00034EPSS

Exploits1References2

EUVD•added 2025/10/17 9:31 p.m.•2 views

EUVD-2025-34907

ThingsBoard versions 4.2.1 contain a stored cross-site scripting XSS vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload an SVG file containing malicious JavaScript, which may be executed when the file is rendered in the UI. This issue results from insufficient...

5.1CVSS5.3AI score0.00032EPSS

Exploits0References4

CVE•added 2025/10/17 6:33 p.m.•7 views

CVE-2025-34281

ThingsBoard vulnerability CVE-2025-34281 affects pre-4.2.1 releases. An authenticated user can upload malicious SVGs via the Image Gallery, enabling Stored XSS when the image is loaded by a browser (e.g., through public API access or iframe embedding during widget creation/deployment on dashboard...

6.2CVSS5.4AI score0.00032EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2025/10/14 12:0 a.m.•3 views

PT-2025-41836

Name of the Vulnerable Software and Affected Versions SAP Application Server for ABAP affected versions not specified Description An authenticated attacker can store malicious JavaScript payloads. These payloads could be executed in a victim user's browser when accessing the affected functionalit...

5.4CVSS6AI score0.00032EPSS

Exploits0References5

Positive Technologies•added 2025/10/14 12:0 a.m.•2 views

PT-2025-41968

Name of the Vulnerable Software and Affected Versions Home Assistant versions 2025.1.0 through 2025.10.1 Description Home Assistant is home automation software that prioritizes local control and privacy. The energy dashboard is susceptible to stored cross-site scripting. An authenticated user can...

5.3CVSS6.1AI score0.00015EPSS

Exploits0References3

OSV•added 2025/10/10 5:15 p.m.•1 views

CVE-2025-60308

code-projects Simple Online Hotel Reservation System 1.0 has a Cross Site Scripting XSS vulnerability in the Add Room function of the online hotel reservation system. Malicious JavaScript code is entered in the Description field, which can leak the administrator's cookie information when browsing...

4.1CVSS5.8AI score0.00037EPSS

Exploits1References2

RedhatCVE•added 2025/10/10 1:32 a.m.•2 views

CVE-2025-60302

code-projects Client Details System 1.0 is vulnerable to Cross Site Scripting XSS. When adding customer information, the client details system fills in malicious JavaScript code in the username field...

6.1CVSS6.6AI score0.00034EPSS

Exploits1References1

Vulnrichment•added 2025/10/10 12:0 a.m.•2 views

CVE-2025-60880

An authenticated stored XSS vulnerability exists in the Bagisto 2.3.6 admin panel's product creation path, allowing an attacker to upload a crafted SVG file containing malicious JavaScript code. This vulnerability can be exploited by an authenticated admin user to execute arbitrary JavaScript in...

8.3CVSS6.2AI score0.00014EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-20387

Malware in sbrugna...

6.1CVSS6.3AI score0.00285EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-17106

Malware in sbrugna...

5.4CVSS5.6AI score0.00268EPSS

Exploits0References2