CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting XSS vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information...

0.18191EPSS

Exploits0References3

RedhatCVE•added 2025/05/23 12:8 a.m.•3 views

CVE-2022-25778

Cross-Site Request Forgery CSRF vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session...

8.8CVSS7AI score0.00169EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 7:53 p.m.•3 views

CVE-2021-35214

The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the us...

4.8CVSS7AI score0.00248EPSS

Exploits0References1

Vulnrichment•added 2025/03/21 12:0 a.m.•6 views

CVE-2025-30342

An XSS issue was discovered in OpenSlides before 4.2.5. When submitting descriptions such as Moderator Notes or Agenda Topics, an editor is shown that allows one to format the submitted text. This allows insertion of various HTML elements. When trying to insert a SCRIPT element, it is properly...

5.4CVSS6.1AI score0.00168EPSS

Exploits1References1

Cvelist•added 2025/03/03 3:3 p.m.•15 views

CVE-2025-1801 Aap-gateway: aap-gateway privilege escalation

A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT of a greater privileged user, enabling the...

8.1CVSS0.00106EPSS

Exploits0References3

CVE•added 2025/02/11 10:28 a.m.•45 views

CVE-2024-45386

The CVE-2024-45386 entry concerns Siemens SIMATIC PCS neo (v4.0, v4.1 < Update 2, v5.0 < Update 1), SIMOCODE ES v19 (< Update 1), SIRIUS Safety ES v19 (TIA Portal) (< Update 1), SIRIUS Soft Starter ES (TIA Portal) (< Update 1), and TIA Administrator (

8.8CVSS8.6AI score0.00246EPSS

Exploits0References1

Vulnrichment•added 2022/11/16 12:0 a.m.•7 views

CVE-2022-44007

An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation...

8.6AI score0.00365EPSS

Exploits1References2

NVD•added 2002/04/22 4:0 a.m.•22 views

CVE-2002-0074

Cross-site scripting vulnerability in Help File search facility for Internet Information Server IIS 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session...

7.5CVSS6.3AI score0.6955EPSS

Exploits0References10

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by