CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2024/06/07 2:9 p.m.•45 views

CVE-2024-37160

Formwork CVE-2024-37160 concerns the Formwork flat-file CMS. The vulnerability is an XSS flaw exploitable when an administrator modifies site options via /panel/options/site, allowing injection of scripts that can affect visitors across most pages (dashboard excluded). Affected component is descr...

4.8CVSS5.3AI score0.00463EPSS

Exploits1References3Affected Software1

CNNVD•added 2024/06/07 12:0 a.m.•1 views

Monstra CMS Security Vulnerability

Monstra CMS is a lightweight PHP-based content management system CMS by Sergey Romanenko, an individual developer in Ukraine. A security vulnerability exists in Monstra CMS version v3.0.4. The vulnerability is exploited by attackers to execute arbitrary web script or HTML via a specially crafted...

4.8CVSS6.7AI score0.00366EPSS

Exploits1References2

Cvelist•added 2024/06/06 9:35 p.m.•30 views

CVE-2024-36775

A cross-site scripting XSS vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit Profile page...

0.00333EPSS

OpenVAS•added 2024/06/04 12:0 a.m.•15 views

Mageia: Security Advisory (MGASA-2024-0209)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7AI score0.01008EPSS

Exploits0References4

OSV•added 2024/06/03 6:30 p.m.•8 views

MGASA-2024-0209 Updated libreoffice packages fix security vulnerability

Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted...

6.5CVSS6.7AI score0.01008EPSS

Exploits0References3

Mageia•added 2024/06/03 6:30 p.m.•19 views

Updated libreoffice packages fix security vulnerability

6.5CVSS6.4AI score0.01008EPSS

Tenable Nessus•added 2024/06/03 12:0 a.m.•28 views

RHEL 8 : redis (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - redis: Redis SORTRO may bypass ACL configuration CVE-2023-41053 Note that Nessus has not tested for this issue but...

3.3CVSS6.9AI score0.0034EPSS

CNVD•added 2024/05/31 12:0 a.m.•2 views

JetBrains TeamCity OAuth Connection Setup Cross-Site Scripting Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a cross-site...

5.4CVSS6.2AI score0.00267EPSS

CNVD•added 2024/05/31 12:0 a.m.•2 views

JetBrains TeamCity Subscription Page Cross-Site Scripting Vulnerability

6.1CVSS6.2AI score0.00269EPSS

CNVD•added 2024/05/31 12:0 a.m.•3 views

JetBrains TeamCity Issue Tracker Integrates Cross-Site Scripting Vulnerabilities

5.4CVSS6.2AI score0.00267EPSS

Vulnrichment•added 2024/05/30 3:1 p.m.•13 views

CVE-2024-35504

A cross-site scripting XSS vulnerability in the login page of FineSoft v8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL:errorname parameter after a failed login attempt...

5.8AI score0.00254EPSS

CNVD•added 2024/05/30 12:0 a.m.•7 views

JFinalCMS Cross-Site Scripting Vulnerability (CNVD-2024-26516)

JFinalCMS is a content management system. JFinalCMS 20221020 and previous versions of cross-site scripting vulnerability, the vulnerability stems from the file /admin/content parameter Title of the user-supplied data lack of effective filtering and escaping, an attacker can use this vulnerability...

5.4CVSS6.6AI score0.00364EPSS

CNNVD•added 2024/05/30 12:0 a.m.•3 views

FineSoft 安全漏洞

FineSoft is an application. A security vulnerability exists in FineSoft version v8.0 that stems from the presence of a cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary web script or HTML via a crafted payload...

5.4CVSS5.5AI score0.00254EPSS

Exploits1References3

CNNVD•added 2024/05/29 12:0 a.m.•4 views

JetBrains TeamCity 安全漏洞

5.4CVSS6.1AI score0.00267EPSS

CNNVD•added 2024/05/29 12:0 a.m.•7 views

Mitel MiContact Center Business 跨站脚本漏洞

Mitel MiContact Center Business is an all-media contact center platform from Canadian company Mitel. The platform is used in customer communication, production management and other scenarios. A cross-site scripting vulnerability exists in Mitel MiContact Center Business version 10.0.0.4, which is...

5.4CVSS6.3AI score0.00252EPSS

Exploits0References3

CNNVD•added 2024/05/29 12:0 a.m.•3 views

JetBrains TeamCity 安全漏洞

6.1CVSS6.1AI score0.00282EPSS

CNNVD•added 2024/05/29 12:0 a.m.•3 views

JetBrains TeamCity 安全漏洞

5.4CVSS6.1AI score0.00267EPSS