CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2025-20087

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00229EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-1252

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00265EPSS

Exploits1References4

Snyk•added 2025/07/16 4:57 a.m.•3 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:vue-i18n is an Internationalization plugin for Vue.js Affected versions of this package are vulnerable to Cross-site Scripting XSS when performing translations with escapeParameterHtml set to true. An attacker can execute arbitrary JavaScript code in the context of the...

9.3CVSS5.4AI score0.00586EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 5:31 a.m.•2 views

CVE-2023-29510

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In XWiki, every user can add translations that are only applied to the current user. This also allows overriding existing translations. Such translations are often included in privileged...

9.9CVSS7.5AI score0.30218EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 4:55 a.m.•5 views

CVE-2023-42817

Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The translation value with text including “%s” from “%suggest% is parsed by sprintf even though it’s supposed to be output literally to the user. The translations may be accessible by a user with comparatively lower overall access...

5.4CVSS6.7AI score0.00004EPSS

Exploits0

Drupal•added 2025/02/12 12:0 a.m.•9 views

Open Social - Moderately critical - Access bypass - SA-CONTRIB-2025-014

Open Social is a Drupal distribution for online communities, which ships with a default optional module sociallanguage to make your platform multilingual. Some site administration configuration does not correctly check access when trying to translate allowing unauthorised people to translate thes...

9.1CVSS6.8AI score0.00374EPSS

Exploits0References3

OSV•added 2024/07/22 10:35 a.m.•28 views

SUSE-SU-2024:2577-1 Security update for python-Django

This update for python-Django fixes the following issues: - CVE-2024-38875: Fixed potential denial-of-service attack via certain inputs with a very large number of brackets bsc1227590 - CVE-2024-39329: Fixed username enumeration through timing difference for users with unusable passwords bsc12275...

7.5CVSS6.2AI score0.06838EPSS

Exploits1References9

Cvelist•added 2024/02/13 6:2 p.m.•21 views

CVE-2024-21344 Windows Network Address Translation (NAT) Denial of Service Vulnerability

...

5.9CVSS7.2AI score0.00758EPSS

Exploits0References1

Microsoft CVE•added 2024/02/13 8:0 a.m.•24 views

Windows Network Address Translation (NAT) Denial of Service Vulnerability

...

7.5CVSS7.3AI score0.01145EPSS

Exploits0

OSV•added 2023/03/08 10:55 a.m.•8 views

SUSE-SU-2023:0671-1 Security update for qemu

This update for qemu fixes the following issues: - CVE-2022-4144: Fixed qxlphys2virt unsafe address translation that can lead to out-of-bounds read bsc1205808. - CVE-2022-3165: Fixed integer underflow in vncclientcuttextext bsc1203788. - CVE-2022-1050: Fixed use-after-free issue in pvrdmaexeccmd...

8.8CVSS6.7AI score0.00151EPSS

Exploits0References9

CNNVD•added 2022/11/28 12:0 a.m.•2 views

WordPress theme Download Theme and plugin translation for Polylang 安全漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress theme Download Theme and plugin translation for Polylang...

6.5CVSS5.8AI score0.0054EPSS

Exploits0References3

Positive Technologies•added 2022/11/07 12:0 a.m.•2 views

PT-2022-22441 · WordPress · Complianz Premium +3

Name of the Vulnerable Software and Affected Versions: Complianz WordPress plugin versions prior to 6.3.4 Complianz Premium WordPress plugin versions prior to 6.3.6 Description: The issue allows translators to inject arbitrary SQL through an unsanitized translation. This can be done through an...

8.8CVSS8.6AI score0.00967EPSS

Exploits2References5

Cvelist•added 2019/11/05 11:4 p.m.•17 views

CVE-2019-8129

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting an embedded expression into a translation...

5.3AI score0.00148EPSS

Exploits0References1

CNVD•added 2019/02/12 12:0 a.m.•1 views

elfutils denial of service vulnerability (CNVD-2019-07028)

elfutils is a collection of utilities and libraries for reading, creating, and modifying ELF binaries, finding and manipulating DWARF debug data, symbols, thread states, and stack traces for processes and kernel files on GNU/Linux. A denial of service vulnerability exists in elfcvtnote in...

5.5CVSS9.1AI score0.00171EPSS

Exploits1References1

OSV•added 2018/09/14 7:29 a.m.•3 views

CVE-2018-17046

translate man before 2018-08-21 has XSS via containers/outputBox/outputBox.vue and store/index.js...

6.1CVSS5.8AI score

Exploits0References1

RedHat Linux•added 2010/05/06 7:3 p.m.•3 views

dvipng: Multiple array index errors during DVI-to-PNG translation

Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a malformed DVI file...

4.3CVSS6.2AI score0.0504EPSS

Exploits1References4

CERT•added 2008/05/06 12:0 a.m.•37 views

PHP path translation vulnerability

Overview PHP contains a path translation vulnerability that may allow an attacker to execute arbitrary code. Description PHP is a scripting language that is designed for web-based applications and can be imbedded directly into HTML.PHP versions prior to 5.2.6 contain a path translation...

10CVSS9.4AI score0.3769EPSS

Exploits2References2