CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4328 matches found

Positive Technologies•added 2025/10/22 12:0 a.m.•3 views

PT-2025-43582

Name of the Vulnerable Software and Affected Versions Request Tracker versions 5.0.4 through 5.0.8 Request Tracker versions 6.0.0 through 6.0.1 Description The Request Tracker software contains a Stored Cross-Site Scripting XSS issue within the calendar invitation parsing feature. The software...

5.3CVSS5.6AI score0.00404EPSS

Exploits0References18

CNNVD•added 2025/10/22 12:0 a.m.•4 views

WordPress plugin WP-Click-Tracker 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...

7.1CVSS6AI score0.00214EPSS

Exploits0References1

Positive Technologies•added 2025/10/22 12:0 a.m.•3 views

PT-2025-43215

Name of the Vulnerable Software and Affected Versions mithra62 WP-Click-Tracker versions through 0.7.3 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a potential Reflected Cross-site Scripting issue. This could allow an...

7.1CVSS6.2AI score0.00214EPSS

Exploits0References4

Tenable Nessus•added 2025/10/22 12:0 a.m.•5 views

Debian dsa-6031 : request-tracker5 - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6031 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6031-1 [email protected]...

5.3CVSS5.6AI score0.00404EPSS

Exploits0References7

Tenable Nessus•added 2025/10/22 12:0 a.m.•4 views

Debian dsa-6032 : request-tracker4 - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-6032 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6032-1 [email protected] https://www.debian.org/security/...

2.6CVSS5.6AI score0.00193EPSS

Exploits0References4

OSV•added 2025/10/22 12:0 a.m.•4 views

DSA-6032-1 request-tracker4 - security update

Bulletin has no description...

2.6CVSS7AI score0.00193EPSS

Exploits0

OSV•added 2025/10/22 12:0 a.m.•4 views

DSA-6031-1 request-tracker5 - security update

Bulletin has no description...

2.6CVSS7AI score0.00193EPSS

Exploits0

Patchstack•added 2025/10/21 11:11 p.m.•6 views

WordPress Email Tracker plugin <= 5.3.12 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by dutafi in WordPress Plugin Email Tracker versions = 5.3.12...

4.9CVSS8AI score0.00334EPSS

Exploits0References1Affected Software1

OSSF Malicious Packages•added 2025/10/17 12:32 a.m.•4 views

Malicious code in usage-tracker-secured (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f1b7a443b3167fff4524481ab0e2a965023fdb4379674c580d905e30aacc7f70 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

Exploits0References3

EUVD•added 2025/10/17 12:32 a.m.•2 views

EUVD-2025-34841

Malicious code in usage-tracker-secured npm...

6.6AI score

Exploits0References1

OSV•added 2025/10/17 12:32 a.m.•3 views

MAL-2025-48440 Malicious code in usage-tracker-secured (npm)

6.9AI score

Exploits0References3

Circl•added 2025/10/15 3:31 p.m.•4 views

CVE-2025-59778

creationtimestamp| type| source ---|---|--- 2025-10-15 15:31:29+00:00| seen| https://vulnerability.circl.lu/bundle/834a30cc-c06c-49b3-9157-eb77f711c73f 2025-10-16 09:05:24+00:00| seen| https://circl.lu/pub/tr-96/...

7.7CVSS5.8AI score0.00305EPSS

Exploits0References2

Cvelist•added 2025/10/10 8:19 a.m.•9 views

CVE-2025-40640 Stored Cross-Site Scripting (XSS) in Energy CRM by Status Tracker

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createinvoicesubmit.php”, using the “customerName0” parameter. This vulnerability could allow a...

5.1CVSS0.00189EPSS

Exploits0References1

CVE•added 2025/10/10 8:19 a.m.•12 views

CVE-2025-40640

Energy CRM v2025 (Status Tracker Ltd) contains a stored Cross-Site Scripting (XSS) flaw exploitable via a POST to /crm/create_invoice_submit.php using the customerName_0 parameter. Lack of input validation allows a remote attacker to craft a query that could be processed by an authenticated user,...

5.4CVSS4.5AI score0.00189EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2025/10/10 12:0 a.m.•7 views

PT-2025-41534

Name of the Vulnerable Software and Affected Versions Energy CRM version 2025 Description A stored Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. A remote user can potentially send a malicious query to an authenticated user, potentially leading to the...

5.1CVSS5.7AI score0.00189EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-1999-1384

Malware in sbrugna...

7.2CVSS6.4AI score0.00334EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2016-2082

Malware in sbrugna...

8.8CVSS4.9AI score0.00344EPSS

Exploits0References4