CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2021-30628

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00428EPSS

Exploits1References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-42543

Malicious code in bioql PyPI...

7.3CVSS6.6AI score0.00637EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2021-8640

Malicious code in bioql PyPI...

7.4CVSS6.7AI score0.0027EPSS

Exploits1References4

RedhatCVE•added 2025/05/22 5:51 a.m.•1 views

CVE-2017-1000459

Leanote version = 2.5 is vulnerable to XSS due to not sanitized input in markdown notes...

6.1CVSS6.4AI score0.0024EPSS

Exploits1References1

NVD•added 2025/04/10 2:15 p.m.•11 views

CVE-2025-32391

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.3, a malicious SVG file uploaded to HedgeDoc results in the possibility of XSS when opened in a new tab instead of the editor itself. The XSS is possible by exploiting the JSONP capabilities of GitHub...

6.4CVSS0.00446EPSS

Exploits0References4

CVE•added 2025/04/10 1:11 p.m.•57 views

CVE-2025-32391

HedgeDoc has a vulnerability (CVE-2025-32391) up to version 1.10.2 where uploading a malicious SVG can trigger cross-site scripting when the file is opened in a new tab, via the GitHub Gist JSONP embedding feature. The issue affects instances using the local filesystem upload backend or configura...

6.4CVSS6.1AI score0.00446EPSS

Exploits0References4Affected Software1

CVE•added 2024/10/07 8:45 p.m.•44 views

CVE-2024-47610

The CVE-2024-47610 issue affects InvenTree before 0.16.5, where a registered user can store JavaScript in Markdown notes fields that are rendered for other logged-in users, enabling stored cross-site scripting (XSS). Root cause: lack of input sanitization in the Markdown rendering path and storag...

7.3CVSS7AI score0.00637EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2024/10/07 12:0 a.m.•2 views

PT-2024-32671

Name of the Vulnerable Software and Affected Versions InvenTree versions prior to 0.16.5 Description The issue allows a registered user to store JavaScript in markdown notes fields, which are then displayed to other logged-in users who visit the same page and executed. The estimated number of...

7.3CVSS6.5AI score0.00637EPSS

Exploits0References10

CNNVD•added 2024/10/07 12:0 a.m.•1 views

InvenTree 跨站脚本漏洞

InvenTree is an open source inventory management system from InvenTree Open Source. Provides powerful low-level inventory control and parts tracking. A cross-site scripting vulnerability exists in InvenTree versions prior to 0.16.5, which originated by allowing a registered user to store JavaScri...

7.3CVSS6.2AI score0.00637EPSS

Exploits0References3

CVE•added 2024/07/10 7:50 p.m.•71 views

CVE-2024-38353

CVE-2024-38353 (CodiMD) affects CodiMD prior to 2.5.4, where an unauthenticated attacker can access uploaded image data due to missing authentication and access controls. The underlying issue is insecure filename generation in the Formidable library, enabling an attacker who can guess an image UR...

5.3CVSS5.6AI score0.05317EPSS

Exploits1References1Affected Software1

Kitploit•added 2020/07/24 12:30 p.m.•29 views

Quiver - Tool To Manage All Of Your Tools For Bug Bounty Hunting And Penetration Testing

Quiver is the tool to manage all of your tools. It's an opinionated and curated collection of commands, notes and scripts for bug bounty hunting and penetration testing. Features ZSH / Oh-My-ZSH shell plugin Tab auto-completion Global variables Prefills the command line, doesn't hide commands fro...

7.2AI score

Exploits0References1