CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

EUVD•added 2026/04/10 6:51 p.m.•1 views

EUVD-2026-21559

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify their own status field via the updateuserfromusername endpoint. A student status=5 can change their status to Teacher/CourseManager status=1, gaining course creation and management...

7.1CVSS5.8AI score0.00034EPSS

Exploits0References2

RedhatCVE•added 2026/01/07 9:31 a.m.•4 views

CVE-2019-16999

CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI...

9.8CVSS8.1AI score0.00264EPSS

Exploits1References1

Tenable Nessus•added 2025/08/20 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2017-18635

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages...

6.1CVSS6AI score0.06495EPSS

Exploits1References2

NVD•added 2023/10/30 3:15 a.m.•12 views

CVE-2021-25736

Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port “spec.ports.port” as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress.ip” field. Clusters where the LoadBalancer controller sets the...

6.3CVSS6.1AI score0.00091EPSS

Exploits0References3

RedHat Linux•added 2020/08/04 2:2 p.m.•3 views

novnc: XSS vulnerability via the messages propagated to the status field

An XSS vulnerability was discovered in noVNC in which arbitrary HTML could be injected into the noVNC web page. An attacker having access to a VNC server could use target host values in a crafted URL to gain access to secure information such as VM tokens...

6.1CVSS5.9AI score0.06495EPSS

Exploits1References5

RedHat Linux•added 2020/03/10 11:19 a.m.•1 views

novnc: XSS vulnerability via the messages propagated to the status field

6.1CVSS5.9AI score0.06495EPSS

Exploits1References5

OSV•added 2019/09/30 1:15 p.m.•1 views

CVE-2019-16999

CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI...

9.8CVSS7.4AI score0.00264EPSS

Exploits1References1

Cvelist•added 2019/09/30 12:35 p.m.•6 views

CVE-2019-16999

CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI...

9.7AI score0.00264EPSS

Exploits1References1

OSV•added 2019/09/25 11:15 p.m.•1 views

DEBIAN-CVE-2017-18635

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name...

6.1CVSS5.9AI score0.06495EPSS

Exploits1References1

OSV•added 2019/04/11 8:29 p.m.•13 views

CVE-2019-6796

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS issue 2 of 2. The user status field contains a lack of input validation and output encoding that results in a persistent XSS...

6.1CVSS5.6AI score

Exploits0References4

Exploit DB•added 2010/02/11 12:0 a.m.•25 views

vBulletin 3.0.0 - Cross-Site Scripting

Title: vBulletin 3.0.0 XSS Author: Discovered by ROOTEGY Version: vBulletin Version 3.0.0 =============================================== WWW.sec-war.com =============================================== 3.0.0 - Introduction XSS scripts in the script search.php. In fact, a hole through a browser...

7AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by