CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

222110 matches found

Positive Technologies•added 2026/02/03 12:0 a.m.•2 views

PT-2026-5981

Name of the Vulnerable Software and Affected Versions FUXA version 1.2.7 Description FUXA version 1.2.7 contains a Remote Code Execution RCE issue through the project import functionality. The application fails to properly sanitize or sandbox user-supplied scripts within imported project files. A...

9.8CVSS5.7AI score0.00467EPSS

Exploits0References7

Cvelist•added 2026/02/03 12:0 a.m.•22 views

CVE-2025-69983

FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...

0.00467EPSS

Exploits0References1

CVE•added 2026/02/03 12:0 a.m.•6 views

CVE-2025-69983

CVE-2025-69983 (FUXA v1.2.7) is a Remote Code Execution vulnerability exposed via the project import functionality. The issue arises because user-supplied scripts within imported project files are not properly sanitized or sandboxed, enabling an attacker to upload a malicious project that could e...

9.8CVSS5.7AI score0.00467EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/02/03 12:0 a.m.•3 views

Brocade SANnav 安全漏洞

Brocade SANnav is a storage area network management software developed by the American company Brocade. Prior to version 3.0 of Brocade SANnav, there were security vulnerabilities. These vulnerabilities stemmed from issues with migration scripts, which could lead to SQL queries from the database...

7.5CVSS5.9AI score0.0001EPSS

Exploits0References1

EUVD•added 2026/02/03 12:0 a.m.•2 views

EUVD-2025-206715

5.7AI score0.00467EPSS

Exploits0References1

GitLab Advisory Database•added 2026/02/03 12:0 a.m.•3 views

melange pipeline working-directory could allow command injection

An attacker who can provide build input values, but not modify pipeline definitions, could execute arbitrary shell commands if the pipeline uses $vars. or $inputs. substitutions in working-directory. The field is embedded into shell scripts without proper quote escaping...

8.8CVSS5.8AI score0.0001EPSS

Exploits0References5Affected Software1

ATTACKERKB•added 2026/02/03 12:0 a.m.•3 views

CVE-2025-69983

5.7AI score0.00467EPSS

Exploits0References2

Vulnrichment•added 2026/02/03 12:0 a.m.•1 views

CVE-2025-69983

5.8AI score0.00467EPSS

Exploits0References1

Positive Technologies•added 2026/02/03 12:0 a.m.•4 views

PT-2026-6408

Summary FacturaScripts contains a critical SQL Injection vulnerability in the REST API that allows authenticated API users to execute arbitrary SQL queries through the sort parameter. The vulnerability exists in the ModelClass::getOrderBy method where user-supplied sorting parameters are directly...

8.3CVSS6.4AI score0.00025EPSS

Exploits3References5

OSV•added 2026/02/02 11:16 p.m.•3 views

PYSEC-2026-137

A stored cross-site scripting XSS vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

5.4CVSS5.9AI score0.00019EPSS

Exploits1References1

NVD•added 2026/02/02 11:16 p.m.•4 views

CVE-2025-70959

A stored cross-site scripting XSS vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

5.4CVSS0.00019EPSS

Exploits1References1

ATTACKERKB•added 2026/02/02 8:49 p.m.•3 views

CVE-2026-23476

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to 2025.8, there a reflected XSS bug in FacturaScripts. The problem is in how error messages get displayed. Twig's | raw filter is used, which skips HTML escaping. When triggering a database error like passi...

5.4CVSS5.4AI score0.00019EPSS

Exploits1References4Affected Software1

ATTACKERKB•added 2026/02/02 8:19 p.m.•3 views

CVE-2026-23997

FacturaScripts is open-source enterprise resource planning and accounting software. In 2025.71 and earlier, a Stored Cross-Site Scripting XSS vulnerability was discovered in the Observations field. The flaw occurs in the History view, where historical data is rendered without proper HTML entity...

8CVSS5.9AI score0.00025EPSS

Exploits1References2Affected Software1

Exploit DB•added 2026/02/02 12:0 a.m.•144 views

RPi-Jukebox-RFID 2.8.0 - Stored Cross-Site Scripting (XSS)

Exploit Title: RPi-Jukebox-RFID 2.8.0 - Stored XSS CVE-2025-10370 Date: 2025-09-25 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://github.com/MiczFlor/RPi-Jukebox-RFID Software Link: https://github.com/MiczFlor/RPi-Jukebox-RFID/releases/tag/v2.8.0 Version: 2.8.0 Tested on: Raspber...

5.4CVSS4.9AI score0.00425EPSS

Exploits3

Packet Storm News•added 2026/02/02 12:0 a.m.•2 views

IlchCMS 2.1.37 Cross Site Scripting

A cross site scripting vulnerability exists in IlchCMS version 2.1.37. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score

Exploits0

Packet Storm News•added 2026/02/02 12:0 a.m.•2 views

TikiWiki 17.1 Cross Site Scripting

A cross site scripting vulnerability exists in TikiWiki CMS version 17.1. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score

Exploits0

NVD•added 2026/02/01 1:15 p.m.•2 views

CVE-2022-50941

BootCommerce 3.2.1 contains persistent input validation vulnerabilities that allow remote attackers to inject malicious script code through guest order checkout input fields. Attackers can exploit unvalidated input parameters to execute arbitrary scripts, potentially leading to session hijacking,...

6.4CVSS0.00136EPSS

Exploits0References3

OSV•added 2026/02/01 1:15 p.m.•1 views

CVE-2021-47913

PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation...

5.4CVSS5.8AI score

Exploits0References4

ATTACKERKB•added 2026/02/01 12:15 p.m.•3 views

CVE-2021-47919

Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks...

6.4CVSS6.1AI score0.00018EPSS

Exploits1References3Affected Software1

CNNVD•added 2026/02/01 12:0 a.m.•6 views

Simple CMS 跨站脚本漏洞

Simple CMS is an open-source content management system developed using Simple PHPScripts. Version 2.1 of Simple CMS has a cross-site scripting vulnerability. This vulnerability stems from persistent cross-site scripting vulnerabilities in user input parameters, which could allow remote attackers ...

6.4CVSS5.7AI score0.00021EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by