CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/03/09 6:16 p.m.•3 views

CVE-2025-70033

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4...

NVD•added 2026/03/09 6:16 p.m.•4 views

CVE-2025-70033

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4...

5.4CVSS0.00235EPSS

OSV•added 2026/03/09 4:16 p.m.•4 views

CVE-2025-70060

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0...

5.4CVSS5.8AI score

RedhatCVE•added 2026/03/09 1:59 p.m.•3 views

CVE-2026-3725

A flaw has been found in 1024-lab/lab1024 SmartAdmin up to 3.29. Affected by this issue is the function freemarkerResolverContent of the file sa-base/src/main/java/net/lab1024/sa/base/module/support/mail/MailService.java of the component FreeMarker Template Handler. Executing a manipulation of th...

8.8CVSS5.4AI score0.00398EPSS

Exploits1References1

CVE•added 2026/03/09 12:0 a.m.•8 views

CVE-2025-70060

The CVE-2025-70060 entry concerns YMFE yapi v1.12.0 with a CWE-79 weakness (Improper Neutralization of Input During Web Page Generation). The connected sources consistently identify this as a input handling flaw in the web page generation process for YMFE yapi, without detailing exploited vectors...

5.4CVSS5.8AI score0.00191EPSS

Vulnrichment•added 2026/03/09 12:0 a.m.•3 views

CVE-2025-70039

An issue pertaining to CWE-78: Improper Neutralization of Special Elements used in an OS Command was discovered in linagora Twake v2023.Q1.1223...

5.8AI score0.0038EPSS

Vulnrichment•added 2026/03/09 12:0 a.m.•3 views

CVE-2025-70038

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in linagora Twake v2023.Q1.1223. This allows attackers to execute arbitrary code...

6AI score0.00343EPSS

Positive Technologies•added 2026/03/09 12:0 a.m.•4 views

PT-2026-24080

Name of the Vulnerable Software and Affected Versions YMFE yapi version 1.12.0 Description An issue exists due to improper neutralization of input during web page generation. This allows for potential cross-site scripting XSS attacks. The issue is related to CWE-79. Recommendations At the moment,...

5.4CVSS5.7AI score0.00191EPSS

Exploits0References8

CVE•added 2026/03/09 12:0 a.m.•9 views

CVE-2025-70039

CVE-2025-70039 affects linagora Twake 2023.Q1.1223 with a CWE-78 OS command injection vulnerability. Base CVSS 3.1: 9.8 (_network, no auth, no user interaction, impact high for confidentiality, integrity, and availability). Root cause: improper neutralization of special elements used in an OS com...

9.8CVSS5.8AI score0.0038EPSS

CVE•added 2026/03/09 12:0 a.m.•14 views

CVE-2025-70038

CVE-2025-70038 affects linagora Twake v2023.Q1.1223. The issue is CWE-79 (Improper Neutralization of Input During Web Page Generation) enabling arbitrary code execution. Reported across multiple feeds (Red Hat, NVD, CIRCL, ENISA EUVD) with CVSSv3.1 base score 8.8 ( HIGH; AV:N/AC:L/PR:N/UI:R/S:U/C...

8.8CVSS6AI score0.00343EPSS

Cvelist•added 2026/03/09 12:0 a.m.•31 views

CVE-2025-70060

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0...

0.00191EPSS

Cvelist•added 2026/03/09 12:0 a.m.•26 views

CVE-2025-70039

An issue pertaining to CWE-78: Improper Neutralization of Special Elements used in an OS Command was discovered in linagora Twake v2023.Q1.1223...

0.0038EPSS

Cvelist•added 2026/03/09 12:0 a.m.•28 views

CVE-2025-70038

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in linagora Twake v2023.Q1.1223. This allows attackers to execute arbitrary code...

0.00343EPSS

Vulnrichment•added 2026/03/09 12:0 a.m.•4 views

CVE-2025-70060

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0...

5.8AI score0.00191EPSS

Positive Technologies•added 2026/03/09 12:0 a.m.•5 views

PT-2026-24087

Name of the Vulnerable Software and Affected Versions linagora Twake version 2023.Q1.1223 Description An issue exists due to improper neutralization of input during web page generation, which allows attackers to execute arbitrary code. This is a Cross-Site Scripting XSS issue. Recommendations At...

6AI score0.00343EPSS

Exploits0References7

ATTACKERKB•added 2026/03/09 12:0 a.m.•1 views

CVE-2025-70033

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4...

ATTACKERKB•added 2026/03/09 12:0 a.m.•3 views

Exploits0References4

CVE-2025-70060

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0...

5.4CVSS5.8AI score0.00191EPSS

Exploits0References4

Positive Technologies•added 2026/03/09 12:0 a.m.•6 views

PT-2026-24096

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4...

CVE•added 2026/03/09 12:0 a.m.•7 views

Exploits0References4

CVE-2025-70033

CVE-2025-70033 affects Sunbird-Ed SunbirdEd-portal v1.13.4. The issue is CWE-79: Improper Neutralization of Input During Web Page Generation in Sunbird-Ed’s portal. CVSSv3.1 base: 5.4 (MEDIUM) with Network attack vector, Low confidentiality and integrity impact, no availability impact; user inter...