CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2026/03/17 5:7 p.m.•5 views

Improper Encoding or Escaping of Output

Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the createAnnotation method, whose color parameter can be injected with script objects. An attacker can inject PDF objects as freetext...

8.1CVSS5.8AI score0.00046EPSS

OSSF Malicious Packages•added 2026/03/17 9:6 a.m.•3 views

Malicious code in robloxapi-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ff27677fd14eddf36fd58fee0bb539ef89fd596e83450c68f8dc0436350abfd6 Installation embeds a malicious PTH file that then during import downloads and executes remote code. During analysis, the remote code was a test starting...

6.1AI score

Exploits0References1

EUVD•added 2026/03/16 9:34 p.m.•4 views

EUVD-2026-12520

ZwickRoell Test Data Management versions prior to 3.0.8 contain a local file inclusion LFI vulnerability in the /server/nodeupgradesrv.js endpoint. An unauthenticated attacker can supply directory traversal sequences via the firmware parameter to access arbitrary files on the server, leading to...

8.7CVSS5.9AI score0.00149EPSS

Exploits0References3

EUVD•added 2026/03/16 9:34 p.m.•2 views

EUVD-2025-208769

The flow/admin/moniteur.php script in Use It Flow administration website before 10.0.0 is vulnerable to Remote Code Execution. When handling GET requests, the script takes user-supplied input from the action URL parameter, performs insufficient validation, and incorporates this input into a strin...

6.2AI score0.00295EPSS

Cvelist•added 2026/03/16 7:7 p.m.•21 views

CVE-2026-29516 Buffalo TeraStation TS5400R Excessive File Permissions Information Disclosure

Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading and executing a PHP file through the webserver. Attackers can exploit world-readable permissions o...

6.9CVSS0.0001EPSS

Vulnrichment•added 2026/03/16 7:7 p.m.•2 views

CVE-2026-29516 Buffalo TeraStation TS5400R Excessive File Permissions Information Disclosure

6.9CVSS5.8AI score0.0001EPSS

Vulnrichment•added 2026/03/16 4:55 p.m.•2 views

CVE-2026-29521 Hereta ETH-IMC408M CSRF via Configuration Setup

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a cross-site request forgery vulnerability that allows attackers to modify device configuration by exploiting missing CSRF protections in setup.cgi. Attackers can host malicious pages that submit forged requests using...

5.1CVSS5.7AI score0.00032EPSS

Snyk•added 2026/03/16 4:22 p.m.•3 views

Improper Encoding or Escaping of Output

Overview vapor/leaf-kit is an an expressive, performant, and extensible templating language built for Swift. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the htmlEscaped process. An attacker can inject and execute arbitrary scripts in the context ...

6.9CVSS6.1AI score0.00017EPSS

6.5CVSS5.5AI score0.00187EPSS

EUVD-2026-12282

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects the function...

Exploits1References9

6.5CVSS5.4AI score0.00123EPSS

EUVD-2026-12264

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This impacts the function...

Exploits1References10

Snyk•added 2026/03/16 3:30 p.m.•2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Chatter Message Handler process. An attacker can inject and execute arbitrary scripts by manipulating the subject or body arguments. Details Cross-site scripting or XSS is a code vulnerability that occurs...

5.1CVSS5.7AI score0.00015EPSS

Github Security Blog•added 2026/03/16 3:30 p.m.•6 views

Vulnogram contains a stored cross-site scripting vulnerability in comment hypertext handling

Vulnogram 1.0.0 contains a stored cross-site scripting vulnerability in comment hypertext handling that allows attackers to inject malicious scripts. Remote attackers can inject XSS payloads through comments to execute arbitrary JavaScript in victims' browsers...

6.4CVSS5.9AI score0.00017EPSS

Exploits0References6Affected Software1

6.4CVSS5.9AI score0.00017EPSS

EUVD-2026-12188

Exploits0References4

8.7CVSS5.9AI score0.00069EPSS

EUVD-2013-7292

Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several administrative scripts where POST parameters are not properly sanitized before being stored and returned to users. Attackers can inject malicious JavaScript code through parameters like 'title', 'name', 'email',...

EUVD•added 2026/03/16 3:30 p.m.•1 views

EUVD-2015-9411

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in admin/tools.php. Attackers can upload files containing JavaScript code that executes in the context of admin/tools.php when accessed by...

7.2CVSS5.9AI score0.00035EPSS