CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

902 matches found

Dolibarr <7.0.2 - Cross-Site Scripting

Dolibarr before 7.0.2 is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php. id: CVE-2018-10095 info: name: Dolibarr 7.0.2 - Cross-Site Scripting author: pikpikcu severity: medium...

6.1CVSS6.7AI score0.475EPSS

Exploits1References5

Nuclei•added 16 hours ago•29 views

Microweber < 1.2.17 - Cross-Site Scripting

Cross-site Scripting XSS vulnerability in the /demo/editortools/module endpoint via the 'type' parameter. id: CVE-2022-2130 info: name: Microweber 1.2.17 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross-site Scripting XSS vulnerability in the...

6.5CVSS6.5AI score0.43672EPSS

Exploits1References2

Nuclei•added 16 hours ago•23 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS5.9AI score0.02329EPSS

Exploits1References2

Nuclei•added 16 hours ago•23 views

kkFileView 4.1.0 - Cross-Site Scripting

kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the errorMsg parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and...

6.1CVSS6.4AI score0.02352EPSS

Exploits1References5

Nuclei•added 2 days ago•36 views

Webmin < 1.920 - Authenticated Remote Code Execution

rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialisevariable makes an eval call. NOTE: the WebminServersIndex documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must...

8.8CVSS7.3AI score0.92931EPSS

Exploits4References5

SUSE CVE•added 2026/05/15 1:59 a.m.•3 views

SUSE CVE-2026-33376

When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask usually /128 to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here...

7.4CVSS5.8AI score0.00014EPSS

Exploits0References3

Github Security Blog•added 2026/05/14 4:17 p.m.•5 views

n8n Has an Arbitrary File Read via Git Node

Impact An authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise. Patches The issue has been fixed in n8n versions 1.123.43,...

5.9AI score

Exploits0References2Affected Software1

Cvelist•added 2026/05/06 9:53 p.m.•25 views

CVE-2026-3291 Samsung Print Service Plugin – Potential Information Disclosure

Samsung Print Service Plugin for Android is potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities...

6.9CVSS0.00007EPSS

Exploits0References1

OSV•added 2026/03/26 1:36 p.m.•2 views

CVE-2026-33413 etcd: Authorization bypasses in multiple APIs

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted...

8.8CVSS5.9AI score0.00039EPSS

Exploits0References3

Hewlett-Packard•added 2026/02/12 12:0 a.m.•5 views

HP App – Potential Cross-Site Scripting

HP App for Android is potentially vulnerable to cross-site scripting XSS when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities. Update your application...

5.1CVSS5AI score0.00033EPSS

Exploits0Affected Software1

Tenable Nessus•added 2026/01/22 12:0 a.m.•2 views

Azure Linux 3.0 Security Update: bind (CVE-2024-0760)

The version of bind installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-0760 advisory. - A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while...

7.5CVSS5.6AI score0.1669EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 8:42 a.m.•4 views

CVE-2022-31106

Underscore.deep is a collection of Underscore mixins that operate on nested objects. Versions of underscore.deep prior to version 0.5.3 are vulnerable to a prototype pollution vulnerability. An attacker can craft a malicious payload and pass it to deepFromFlat, which would pollute any future...

9.8CVSS6.8AI score0.00363EPSS

Exploits1References1

GithubExploit•added 2025/12/29 3:59 p.m.•425 views

Exploit for CVE-2025-68615

CVE-2025-68615 Net-SNMP snmptrapd Stack Buffer Overflow...

9.8CVSS7.5AI score0.00594EPSS

Exploits2

OSV•added 2025/11/05 7:16 p.m.•6 views

CVE-2025-5770

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary JavaScript payloads into the authentication endpoint, which are reflected back in the response, enabling...

6.1CVSS5.9AI score

Exploits0References1