CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

Snyk•added 2026/03/26 4:56 p.m.•1 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the improper enforcement of access controls in the ReadAll and GetTaskAttachment processes. An attacker can gain unauthorized access to and delete file attachments across all...

9.3CVSS5.9AI score

Exploits0References2

Snyk•added 2026/03/09 7:48 p.m.•0 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of user-controlled share metadata fields in the public/index.html template. An attacker can execute arbitrary JavaScript in the context of the application by injecting malicious payloads into...

8.9CVSS5.7AI score0.00043EPSS

Exploits1References2

Positive Technologies•added 2026/03/09 12:0 a.m.•2 views

PT-2026-24170

Name of the Vulnerable Software and Affected Versions FileBrowser versions prior to 1.3.1-beta FileBrowser versions prior to 1.2.2-stable Description FileBrowser is a free, self-hosted, web-based file manager. A stored cross-site scripting XSS issue exists due to the use of text/template instead ...

9.9CVSS6AI score0.07313EPSS

Exploits68References141

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-19444

Malware in sbrugna...

5.4CVSS5.6AI score0.01758EPSS

Exploits1References4

RedhatCVE•added 2025/05/22 9:18 p.m.•5 views

CVE-2021-32604

Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS."...

5.4CVSS6.9AI score0.01758EPSS

Exploits1References1

NVD•added 2021/05/11 11:15 p.m.•8 views

CVE-2021-32604

Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS."...

5.4CVSS0.01758EPSS

Exploits1References3

Prion•added 2021/05/11 11:15 p.m.•18 views

Cross site scripting

Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS."...

3.5CVSS5.5AI score0.01758EPSS

Exploits1References3Affected Software1

Cvelist•added 2021/05/11 10:16 p.m.•14 views

CVE-2021-32604

Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS."...

5.8AI score0.01758EPSS

Exploits1References3

Prion•added 2019/08/21 12:15 p.m.•6 views

Cross site scripting

The share-on-diaspora plugin before 0.7.2 for WordPress has reflected XSS in share URL parameters...

4.3CVSS6AI score0.0021EPSS

Exploits0References1Affected Software1

Cvelist•added 2019/08/21 11:47 a.m.•13 views

CVE-2017-18534

The share-on-diaspora plugin before 0.7.2 for WordPress has reflected XSS in share URL parameters...

6.1AI score0.0021EPSS

Exploits0References1

Hacker One•added 2019/05/30 7:32 p.m.•34 views

Nextcloud: Non-admin users can trigger writes to memcached by entering a malicious server as a share URL

Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long...

4CVSS3.8AI score0.00255EPSS

Exploits0

Openbugbounty•added 2018/01/13 12:48 a.m.•6 views

investorease.com XSS vulnerability

Open Bug Bounty ID: OBB-516196 Description| Value ---|--- Affected Website:| investorease.com Open Bug Bounty Program:| Not created yet Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N...

6.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by