CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6714 matches found

Positive Technologies•added 2025/10/09 12:0 a.m.•4 views

PT-2025-41476

Name of the Vulnerable Software and Affected Versions Newforma Info Exchange NIX affected versions not specified Description Newforma Info Exchange NIX includes a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files. These SVG files can contain JavaScrip...

5.5CVSS6.4AI score0.00196EPSS

Exploits0References5

Positive Technologies•added 2025/10/09 12:0 a.m.•4 views

PT-2025-41434

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos Space versions prior to 24.1R4 Description An Improper Neutralization of Input During Web Page Generation issue exists in Juniper Networks Junos Space. This allows an attacker to inject script tags in the Archive Log...

6.1CVSS6.3AI score0.00202EPSS

Exploits0References4

Tenable Nessus•added 2025/10/09 12:0 a.m.•5 views

AlmaLinux 10 : git (ALSA-2025:11533)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:11533 advisory. git: Git does not sanitize URLs when asking for credentials interactively CVE-2024-50349 git: Newline confusion in credential helpers can lead to...

8.6CVSS8.4AI score0.02775EPSS

Exploits9References9

CNNVD•added 2025/10/08 12:0 a.m.•2 views

Opencast 跨站脚本漏洞

Opencast is a live video support software for large-scale automated video capture, management and distribution from the Opencast organization. Opencast suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied dat...

5.4CVSS6.1AI score0.00194EPSS

Exploits0References2

RedhatCVE•added 2025/10/07 5:35 p.m.•9 views

CVE-2025-36355

IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to execute malicious scripts from outside of its control sphere...

8.5CVSS6.8AI score0.00152EPSS

Exploits0References1

Snyk•added 2025/10/07 9:41 a.m.•3 views

Cross-site Scripting (XSS)

Overview double-take is an Unified UI and API for processing and training images for facial recognition Affected versions of this package are vulnerable to Cross-site Scripting XSS via the app.use function in the API component when processing the X-Ingress-Path argument. An attacker can inject an...

5.3CVSS5.5AI score0.00314EPSS

Exploits0References2