CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

52 matches found

GithubExploit•added 2026/04/26 6:9 p.m.•77 views

Advanced-AI-Recon-and-Exploit-Framework

reNgine: The Ultimate Web Reconnaissance & Vulnerability Scanner...

6.1AI score

Exploits0

ATTACKERKB•added 2026/03/26 7:40 p.m.•1 views

CVE-2026-33531

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.6, a path traversal vulnerability in the report template engine allows a staff-level user to read arbitrary files from the server filesystem via crafted template tags. Affected functions: encodesvgimage, asset, and...

7.1CVSS5.9AI score0.00017EPSS

Exploits0References3Affected Software1

CNNVD•added 2026/03/26 12:0 a.m.•3 views

InvenTree SQL注入漏洞

InvenTree is an open-source inventory management system developed by InvenTree. It provides powerful low-level inventory control and parts tracking capabilities. Versions of InvenTree prior to 1.2.6 contained a SQL injection vulnerability. This vulnerability stemmed from the report template...

7.1CVSS5.9AI score0.00017EPSS

Exploits0References2

RedhatCVE•added 2025/12/19 2:9 p.m.•3 views

CVE-2025-40892

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a...

8.9CVSS5.2AI score0.00032EPSS

Exploits0References1

CVE•added 2025/12/18 1:16 p.m.•6 views

CVE-2025-40892

CVE-2025-40892 is a Stored XSS in Nozomi Guardian/CMC Reports functionality caused by improper validation of an input parameter. An authenticated user with report privileges can craft or import a malicious report template containing JavaScript; when viewed or imported, the payload executes in the...

8.9CVSS4.9AI score0.00032EPSS

Exploits0References2Affected Software2

Positive Technologies•added 2025/12/18 12:0 a.m.•2 views

PT-2025-52220

8.9CVSS5.2AI score0.00032EPSS

Exploits0References1

OSV•added 2025/10/08 12:15 a.m.•2 views

CVE-2025-61996

OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Template. Injected content is executed in the context of other users when they generate an Annual Report. Successful exploitation allows the administrative user to perfo...

4.8CVSS5.8AI score0.00027EPSS

Exploits0References3

NVD•added 2025/10/08 12:15 a.m.•7 views

CVE-2025-61996

4.8CVSS0.00027EPSS

Exploits0References3

CNNVD•added 2025/10/08 12:0 a.m.•3 views

OPEXUS FOIAXpress 安全漏洞

OPEXUS FOIAXpress is an information disclosure management software from OPEXUS Corporation. A security vulnerability exists in OPEXUS FOIAXpress versions prior to 11.13.3.0 that originates from an administrative user being able to inject JavaScript or other content into the annual report template...

4.8CVSS5.6AI score0.00027EPSS

Exploits0References3

Cvelist•added 2025/10/07 11:13 p.m.•7 views

CVE-2025-61996 OPEXUS FOIAXpress stored XSS via annual report template

4.8CVSS0.00027EPSS

Exploits0References3

CVE•added 2025/10/07 11:13 p.m.•8 views

CVE-2025-61996

CVE-2025-61996 affects OPEXUS FOIAXpress prior to 11.13.3.0. An administrative user can inject JavaScript or other content into the Annual Report Template, with injected content executed in other users’ sessions when they generate an Annual Report. This constitutes a stored XSS exposure that coul...

4.8CVSS6.3AI score0.00027EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2025/10/07 11:13 p.m.•1 views

CVE-2025-61996 OPEXUS FOIAXpress stored XSS via annual report template

4.8CVSS6.3AI score0.00027EPSS

Exploits0References3

ICS•added 2025/10/07 10:50 p.m.•3 views

OPEXUS FOIAXpress stored XSS

RISK EVALUATION OPEXUS FOIAXpress before 11.13.3.0 contains multiple stored cross-site-scripting vulnerabilities. These vulnerabilities allow an authenticated administrative user to inject JavaScript or other content into various components of FOIAXpress. Successful exploitation allows the...

4.8CVSS6.5AI score0.00027EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2005-0288

Malware in sbrugna...

5CVSS6.4AI score0.00495EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2005-0642

Malware in sbrugna...

4.3CVSS6.4AI score0.00281EPSS

Exploits0References3

Positive Technologies•added 2025/10/07 12:0 a.m.•2 views

PT-2025-41198

Name of the Vulnerable Software and Affected Versions OPEXUS FOIAXpress versions prior to 11.13.3.0 Description An administrative user can inject JavaScript or other content into the Annual Report Template. This injected content is executed when other users generate an Annual Report. Successful...

4.8CVSS6.5AI score0.00027EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-30688

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.00176EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-22945

Malicious code in bioql PyPI...

6.8CVSS6.6AI score0.00928EPSS

Exploits0References1

Snyk•added 2025/10/02 6:27 a.m.•1 views

Cross-site Scripting (XSS)

Overview behavex is an Agile testing framework on top of Behave BDD. Affected versions of this package are vulnerable to Cross-site Scripting XSS via when rendering step.text in the HTML report template. An attacker can inject arbitrary HTML or JavaScript in the context of a user's browser by...

4.6CVSS5.3AI score

Exploits0References3

RedhatCVE•added 2025/05/23 7:21 a.m.•2 views

CVE-2024-44771

BigId PrivacyPortal v179 is vulnerable to Cross Site Scripting XSS via the "Label" field in the Report template function...

6.1CVSS6AI score0.00268EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by