CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21 matches found

NVD•added 2026/05/09 12:16 a.m.•7 views

CVE-2026-42455

Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In versions 2.14.0 and prior, the archive upload endpoint POST /api/v1/archives/linkId?format=4 accepts HTML files text/html without sanitizing JavaScript content. When the archive i...

8.8CVSS0.00033EPSS

Exploits0References1

RedhatCVE•added 2025/12/23 12:25 a.m.•2 views

CVE-2025-67443

Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting XSS. Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel...

6.1CVSS5.9AI score0.00025EPSS

Exploits0References1

Cvelist•added 2025/12/22 12:0 a.m.•18 views

CVE-2025-67443

0.00025EPSS

Exploits0References2

CNVD•added 2025/10/15 12:0 a.m.•2 views

Client Details System Cross-Site Scripting Vulnerability

Client Details System is a client information system. A cross-site scripting vulnerability exists in Client Details System that stems from malicious JavaScript code not being filtered in the username field, no details of the vulnerability are available at this time...

6.1CVSS6.3AI score0.00034EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-0751

Malware in sbrugna...

5.4CVSS5.7AI score0.00314EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-0741

Malware in sbrugna...

5.4CVSS6.1AI score0.02332EPSS

Exploits0References18

Tenable Nessus•added 2025/08/27 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2018-16468

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. CVE-2018-16468 Note...

5.4CVSS6.1AI score0.00314EPSS

Exploits0References2

Tenable Nessus•added 2025/08/25 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2019-15587

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. CVE-2019-15587 Note th...

5.4CVSS6.2AI score0.02332EPSS

Exploits0References2

Prion•added 2023/12/21 10:15 a.m.•13 views

Cross site scripting

Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG. This Javascript can be executed on the client side of any of the user who looks at the tasks in the...

4.9CVSS6AI score0.00192EPSS

Exploits0References3Affected Software1

SUSE CVE•added 2023/02/15 4:24 a.m.•2 views

SUSE CVE-2018-16468

In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...

6.4CVSS6.9AI score0.00314EPSS

Exploits0References9

NVD•added 2019/10/22 9:15 p.m.•12 views

CVE-2019-15587

In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...

5.4CVSS5.3AI score0.02332EPSS

Exploits0References7

UbuntuCve•added 2019/10/22 9:15 p.m.•18 views

CVE-2019-15587

In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...

5.4CVSS6.6AI score0.02332EPSS

Exploits0References3

Positive Technologies•added 2019/10/22 12:0 a.m.•2 views

PT-2019-5086

Name of the Vulnerable Software and Affected Versions Loofah gem for Ruby versions through 2.3.0 Description The issue is related to the Loofah gem for Ruby, where unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. This could potentially allow a remote...

7.5CVSS6.5AI score0.02332EPSS

Exploits0References45

FreeBSD•added 2019/10/22 12:0 a.m.•27 views

Loofah -- XSS vulnerability

GitHub issue: This issue has been created for public disclosure of an XSS vulnerability that was responsibly reported by https://hackerone.com/vxhex In the Loofah gem, through v2.3.0, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...

5.4CVSS5.8AI score0.02332EPSS

Exploits0References2

RubySec•added 2019/10/22 12:0 a.m.•25 views

Loofah XSS Vulnerability

In the Loofah gem, through v2.3.0, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...

5.4CVSS1AI score0.02332EPSS

Exploits0References1Affected Software1

Snyk•added 2019/01/30 2:46 p.m.•1 views

Cross-site Scripting (XSS)

Overview @toast-ui/editor is a GFM Markdown Wysiwyg Editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS. JavaScript inserted into the editor is not sanitized by the library. PoC " src=x onerror="alert1" alert1" alert1" alert1" Details Cross-site scripting or XSS i...

6.5CVSS5.4AI score

Exploits0References3

Snyk•added 2019/01/30 2:46 p.m.•1 views

Cross-site Scripting (XSS)

Overview tui-editor is a GFM Markdown Wysiwyg Editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS. JavaScript inserted into the editor is not sanitized by the library. PoC " src=x onerror="alert1" alert1" alert1" alert1" Details Cross-site scripting or XSS is a co...

6.5CVSS5.4AI score

Exploits0References3

RedhatCVE•added 2018/11/05 9:49 p.m.•20 views

CVE-2018-16468

In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...

5.4CVSS0.9AI score0.00314EPSS

Exploits0References1