CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

Snyk•added 2026/05/06 9:34 p.m.•7 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Flight::jsonp process. An attacker can execute arbitrary JavaScript in the context of the response origin by supplying a crafted jsonp query parameter, which is concatenated directly into the JavaScript...

9.3CVSS5.8AI score0.0002EPSS

Exploits0References2

Vulnrichment•added 2026/01/05 12:0 a.m.•3 views

CVE-2025-65922

PLANKA 2.0.0 lacks X-Frame-Options and CSP frame-ancestors headers, allowing the application to be embedded within malicious iframes. While this does not lead to unintended modification of projects or tasks, it exposes users to Phishing attacks. Attackers can frame the legitimate Planka applicati...

6.2AI score0.00017EPSS

Exploits0References2

SUSE CVE•added 2023/02/15 4:26 a.m.•1 views

SUSE CVE-2018-12402

The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resource...

6.1CVSS8.3AI score0.00293EPSS

Exploits0References4

RedhatCVE•added 2019/04/04 8:20 a.m.•16 views

CVE-2018-12402

6.5CVSS2.4AI score0.00293EPSS

Exploits0References2

Prion•added 2019/02/28 6:29 p.m.•10 views

Design/Logic Flaw

4.3CVSS7.1AI score0.00293EPSS

Exploits0References6Affected Software2

CVE•added 2019/02/28 6:0 p.m.•144 views

CVE-2018-12402

CVE-2018-12402 affects Firefox up to version 62 and concerns the internal WebBrowserPersist code used when saving pages (“Save Page As…”). The vulnerability arises from not using the correct origin context for sub-resources, enabling access to resources that could reveal a visitor’s Windows usern...

6.5CVSS7.1AI score0.00293EPSS

Exploits0References6Affected Software1