CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

142 matches found

Haraj 3.7 - Cross-Site Scripting

Haraj 3.7 contains a cross-site scripting vulnerability in the User Upgrade Form. An attacker can inject malicious script and thus steal authentication credentials and launch other attacks. id: CVE-2022-31299 info: name: Haraj 3.7 - Cross-Site Scripting author: edoardottt severity: medium...

6.1CVSS6.1AI score0.33993EPSS

Exploits2References5

RedhatCVE•added 2026/01/09 12:41 p.m.•3 views

CVE-2023-25169

discourse-yearly-review is a discourse plugin which publishes an automated Year in Review topic. In affected versions a user present in a yearly review topic that is then anonymised will still have some data linked to its original account. This issue has been patched in commit b3ab33bbf7 which is...

5.3CVSS6.7AI score0.0025EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:53 a.m.•4 views

CVE-2022-23223

On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later...

7.5CVSS6.8AI score0.04553EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:47 a.m.•5 views

CVE-2022-31299

Haraj v3.7 was discovered to contain a reflected cross-site scripting XSS vulnerability in the User Upgrade Form...

6.1CVSS6.1AI score0.33993EPSS

Exploits2References1

RedhatCVE•added 2026/01/09 9:31 a.m.•3 views

CVE-2023-25167

Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There a...

6.5CVSS6.5AI score0.00748EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:13 a.m.•4 views

CVE-2022-31038

Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 DisplayName does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes DisplayName...

5.4CVSS5.9AI score0.00263EPSS

Exploits0References1