CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

204 matches found

GithubExploit•added 2026/06/14 9:6 p.m.•84 views

Exploit for CVE-2022-30190

Explotación de Follina CVE-2022-30190 Follina CVE-2022-3...

9.3CVSS8AI score0.99374EPSS

Exploits62

NVD•added 2026/06/10 6:17 p.m.•11 views

CVE-2026-46642

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary JavaScript in the editor's origin when the file is opened. The vulnerability is not in the label sanitizer which works correctly on the rendering path but in...

6.1CVSS0.00221EPSS

Exploits1References2

EUVD•added 2026/06/10 5:42 p.m.•9 views

EUVD-2026-36077

6.1CVSS5.9AI score0.00221EPSS

Exploits1References2

CVE•added 2026/06/10 5:42 p.m.•25 views

CVE-2026-46642

CVE-2026-46642 affects draw.io prior to 29.7.12. A crafted .drawio file can execute arbitrary JavaScript in the editor’s origin when opened. The root cause is a feature-detection routine in the Text Format panel that reads the raw cell label and assigns it to a detached element’s innerHTML withou...

6.1CVSS5.9AI score0.00221EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/06/10 5:42 p.m.•6 views

CVE-2026-46642 draw.io: XSS via crafted cell label when opening a .drawio file

6.1CVSS5.9AI score0.00221EPSS

Exploits1References2

Positive Technologies•added 2026/06/10 12:0 a.m.•13 views

PT-2026-48502

Name of the Vulnerable Software and Affected Versions draw.io versions prior to 29.7.12 Description A crafted .drawio file can execute arbitrary JavaScript in the editor's origin when opened. The issue exists in a feature-detection routine within the Text Format panel that reads the raw cell labe...

6.1CVSS5.8AI score0.00221EPSS

Exploits1References5

CNNVD•added 2026/06/10 12:0 a.m.•7 views

draw.io 跨站脚本漏洞

Draw.IO is an open-source configurable charting and whiteboard application. Versions of Draw.IO prior to 29.7.12 had a cross-site scripting vulnerability. This vulnerability occurred because the feature detection routine in the Text Format panel did not clean up the original cell labels, allowing...

6.1CVSS5.4AI score0.00221EPSS

Exploits1References1

OSV•added 2026/04/08 4:9 p.m.•8 views

DRUPAL-CONTRIB-2026-032

The IframeConsent element writes HTML attributes without escaping their value. This module has a XSS vulnerability. If an attacker is able to write an tag, they may be able to insert arbitrary JavaScript. This vulnerability is mitigated by the fact that a text format that allows iframe-consent HT...

6.1CVSS5.9AI score0.00196EPSS

Exploits0References1

Snyk•added 2026/02/24 1:29 a.m.•4 views

Integer Overflow or Wraparound

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.6CVSS6AI score0.00319EPSS

Exploits0References2

Snyk•added 2026/02/24 1:29 a.m.•4 views

Integer Overflow or Wraparound

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.6CVSS6AI score0.00319EPSS

Exploits0References2

OSV•added 2026/02/23 2:46 p.m.•4 views

CLSA-2026-1771857969 Fix CVE(s): CVE-2025-14087, CVE-2025-14512

SECURITY UPDATE: Buffer underflow in GVariant parser leads to heap corruption - debian/patches/CVE-2025-1408714512.patch: Fix integer overflows in GVariant text format parser when processing input longer than INTMAX - CVE-2025-14087 SECURITY UPDATE: Integer overflow in escapebytestring leads to...

9.8CVSS6.6AI score0.00754EPSS

Exploits0References1

OSV•added 2026/02/23 2:35 p.m.•5 views

CLSA-2026-1771857296 Fix CVE(s): CVE-2025-14087

SECURITY UPDATE: Buffer underflow in GVariant parser leads to heap corruption - debian/patches/CVE-2025-14087.patch: Fix integer overflows in GVariant text format parser when processing input longer than INTMAX, and fix integer overflow in escapebytestring for byte strings with many invalid...

9.8CVSS6.2AI score0.00754EPSS

Exploits0References1

GithubExploit•added 2026/01/22 4:44 p.m.•136 views

XSS-cheat-sheet-txt-dictionary-by-PortSwigger

XSS cheat sheet dictionary by PortSwigger PortSwigger diction...

5.4AI score

Exploits0

OSV•added 2026/01/09 2:5 p.m.•4 views

OESA-2026-1012 unrtf security update

UnRTF is a command-line program written in C which converts documents in Rich Text Format .rtf to HTML, LaTeX, troff macros, and RTF itself. Converting to HTML, it supports a number of features of Rich Text Format: Changes in the text's font, size, weight bold, and slant italic Underlines and...

6.2CVSS6.8AI score0.00197EPSS

Exploits2References2

EUVD•added 2025/10/07 12:30 a.m.•6 views

EUVD-2009-0769

Malware in sbrugna...

4.3CVSS6.4AI score0.02425EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2001-0240

Malware in sbrugna...

4.6CVSS6.4AI score0.01432EPSS

Exploits0References4