CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

NVD•added 2026/02/18 10:16 p.m.•3 views

CVE-2019-25326

ipPulse 1.92 contains a denial of service vulnerability that allows local attackers to crash the application by providing an oversized input in the Enter Key field. Attackers can generate a 256-byte buffer of repeated 'A' characters to trigger an application crash when pasting the malicious conte...

6.2CVSS0.00017EPSS

Exploits1References3

CVE•added 2026/02/18 9:54 p.m.•5 views

CVE-2019-25326

ipPulse 1.92 contains a local denial-of-service flaw triggered by an oversized input in the Enter Key field. A crafted 256-byte buffer of repeated 'A' characters can crash the application when pasted. The vulnerability requires local access and user action (paste) to exploit, with the issue descr...

6.2CVSS5.8AI score0.00017EPSS

Exploits1References3Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-5026

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00359EPSS

Exploits0References4

OSV•added 2024/12/04 9:30 p.m.•1 views

GHSA-4FH7-M2WX-6WFM Firepad allows insecure document access

Firepad through 1.5.11 allows remote attackers, who have knowledge of a pad ID, to retrieve both the current text of a document and all content that has previously been pasted into the document. NOTE: in several similar products, this is the intentional behavior for anyone who knows the full...

6.3CVSS5.9AI score0.00165EPSS

Exploits0References5

CNNVD•added 2024/12/04 12:0 a.m.•2 views

Firepad 安全漏洞

Firepad is an open source collaborative code and text editor from FirebaseExtended Open Source. A security vulnerability exists in Firepad 1.5.11 and earlier versions, which stems from a vulnerability that allows a remote attacker who knows the pad ID to retrieve the current text of a document, a...

5.3CVSS6.7AI score0.00165EPSS

Exploits0References3

CVE•added 2024/12/04 12:0 a.m.•57 views

CVE-2024-51210

Firepad 1.5.11 and earlier versions are affected. Remote attackers who know a pad ID can retrieve the current document text and all previously pasted content due to an access-control vulnerability; several listings note this behavior is intentional for known document IDs/URLs. The maintainer-stat...

5.3CVSS7AI score0.00165EPSS

Exploits0References3

SUSE CVE•added 2024/06/24 11:18 p.m.•1 views

SUSE CVE-2024-34341

Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker ...

5.4CVSS6.3AI score0.00551EPSS

Exploits0References4

Veracode•added 2024/05/08 6:28 a.m.•21 views

Cross-Site Scripting (XSS)

trix is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of pasted content, which allows attackers to embed malicious scripts, resulting in Cross-Site Scripting XSS within the application's context...

5.4CVSS6AI score0.00551EPSS

Exploits0References6Affected Software1

Github Security Blog•added 2024/05/07 4:49 p.m.•30 views

Trix Editor Arbitrary Code Execution Vulnerability

The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts...

5.4CVSS6.5AI score0.00551EPSS

Exploits0References15Affected Software2

Snyk•added 2024/05/07 4:49 p.m.•1 views

Cross-site Scripting (XSS)

Overview actiontext is a package to edit and display rich text in Rails applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper sanitization of pasted content from external sources into the editor. An attacker can execute arbitrary JavaScript cod...

5.4CVSS5.4AI score0.00551EPSS

Exploits0References2

OSV•added 2024/05/07 4:49 p.m.•1 views

GHSA-QJQP-XR96-CJ99 Trix Editor Arbitrary Code Execution Vulnerability

5.4CVSS6.7AI score0.00551EPSS

Exploits0References15

NVD•added 2024/05/07 4:15 p.m.•19 views

CVE-2024-34341

5.4CVSS6AI score0.00551EPSS

Exploits0References6

CNNVD•added 2024/05/07 12:0 a.m.•1 views

Trix 安全漏洞

Trix is a Basecamp open source rich text editor for everyday writing. A security vulnerability exists in versions prior to Trix 2.1.1 that stems from improper cleanup of pasted content...

5.4CVSS5.2AI score0.00551EPSS

Exploits0References7

GitLab Advisory Database•added 2024/05/07 12:0 a.m.•18 views

Trix Editor Arbitrary Code Execution Vulnerability

5.4CVSS7.8AI score0.00551EPSS

Exploits0References16Affected Software1

Positive Technologies•added 2022/09/22 12:0 a.m.•1 views

PT-2022-16000 · Unknown · Toast Ui Grid

Name of the Vulnerable Software and Affected Versions: Toast UI Grid versions prior to 4.21.3 Description: The issue concerns cross-site scripting attacks that can occur when pasting specially crafted content into editable cells. This can be exploited by attackers to execute malicious scripts...

6.1CVSS6AI score0.00247EPSS

Exploits1References8

Github Security Blog•added 2022/05/24 5:30 p.m.•9 views

Froala WYSIWYG Editor XSS Vulnerability

Froala Editor before 3.2.2 allows XSS via pasted content...

6.1CVSS6AI score0.00359EPSS

Exploits0References3Affected Software1

OSV•added 2022/05/24 5:30 p.m.•11 views

GHSA-QRHQ-X7XH-2784 Froala WYSIWYG Editor XSS Vulnerability

Froala Editor before 3.2.2 allows XSS via pasted content...

6.1CVSS6AI score0.00359EPSS

Exploits0References3

OSV•added 2021/08/30 7:15 a.m.•0 views

CVE-2021-39111

The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in the handling of supplied content such a...

6.1CVSS6.5AI score

Exploits0References1