CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

CVE•added 2025/10/09 12:0 a.m.•8 views

CVE-2025-56683

CVE-2025-56683 is a documented XSS in Logseq v0.10.9. The vulnerability lies in the /app/marketplace.html component, where an attacker can inject arbitrary Javascript via a crafted README.md file, leading to potential remote code execution. Multiple sources (NVD, Red Hat, OSV) describe the same e...

9.6CVSS6AI score0.00078EPSS

Exploits1References4

Fedora•added 2024/06/02 3:39 a.m.•11 views

[SECURITY] Fedora 39 Update: rust-cargo-readme-3.3.1-3.fc39

A cargo subcommand to generate README.md content from doc comments...

7.2AI score

Exploits0

Fedora•added 2024/05/26 1:28 a.m.•6 views

[SECURITY] Fedora 40 Update: rust-cargo-readme-3.3.1-3.fc40

A cargo subcommand to generate README.md content from doc comments...

7.2AI score

Exploits0

Oracle linux•added 2023/08/10 12:0 a.m.•43 views

nodejs:18 security, bug fix, and enhancement update

nodejs 1:18.16.1-1 - Rebase to 18.16.1 Resolves: rhbz2188290 rhbz2166926 Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 - Replace /usr/etc/npmrc symlink with builtin configuration Resolves: rhbz2222287 nodejs-nodemon nodejs-packaging 2021.06-4 - NPM bundler: also find...

7.5CVSS7.6AI score0.01916EPSS

Exploits1

Prion•added 2018/07/13 4:29 p.m.•10 views

Design/Logic Flaw

DISPUTED An issue has been found in PNGwriter 0.7.0. It is a SEGV in pngwriter::readfromfile in pngwriter.cc. NOTE: there is a "Warning: PNGwriter was never designed for reading untrusted files with it. Do NOT use this in sensitive environments, especially DO NOT read PNGs from unknown sources wi...

4.3CVSS5.5AI score0.00165EPSS

Exploits1References2Affected Software1

Prion•added 2017/10/24 8:29 p.m.•13 views

Design/Logic Flaw

DISPUTED The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression "function" substring, as demonstrated by a "functionconsole.log" call or a simple infinite loop. NOTE: the vendor agree...

5CVSS7.2AI score0.0028EPSS

Exploits1References2Affected Software1

NVD•added 2017/10/24 8:29 p.m.•12 views

CVE-2017-15871

The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression "function" substring, as demonstrated by a "functionconsole.log" call or a simple infinite loop. NOTE: the vendor agrees that...

7.5CVSS7.3AI score0.0028EPSS

Exploits1References2

NVD•added 2017/05/08 6:29 a.m.•18 views

CVE-2017-8833

Zen Cart 1.6.0 has XSS in the mainpage parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor's README.md file offers a link to v160.zip with a description of "Download latest in-development version from github."...

6.1CVSS6AI score0.0024EPSS

Exploits1References1

Prion•added 2017/05/08 6:29 a.m.•11 views

Design/Logic Flaw

4.3CVSS6AI score0.0024EPSS

Exploits1References1Affected Software1