CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

131 matches found

Github Security Blog•added 2026/05/04 10:11 p.m.•2 views

livewire-markdown-editor has arbitrary file upload that allows stored XSS via attachment handler

Impact All versions of mckenziearts/livewire-markdown-editor prior to v1.3 contain a critical arbitrary file upload vulnerability in the MarkdownEditor::updatedAttachments Livewire handler. The handler calls $file-store with no server-side validation of MIME type, extension, or file content. Any...

6AI score

Exploits0References4Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-7270

Malware in sbrugna...

6.5CVSS6.5AI score0.00117EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-43550

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00234EPSS

Exploits1References2

RedhatCVE•added 2025/05/23 6:43 a.m.•8 views

CVE-2024-33209

FlatPress v1.3 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript code into the "Add New Entry" section, which allows them to execute arbitrary code in the context of a victim's web browser...

5.4CVSS7AI score0.06236EPSS

Exploits2References1

RedhatCVE•added 2025/05/22 4:27 p.m.•3 views

CVE-2020-18646

Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.php"...

7.5CVSS6.3AI score0.00316EPSS

Exploits1

OSV•added 2024/10/02 4:15 p.m.•13 views

CVE-2024-33209

5.4CVSS7AI score0.06236EPSS

Exploits2References1

Cvelist•added 2024/10/02 12:0 a.m.•12 views

CVE-2024-33209

0.06236EPSS

Exploits2References1

NVD•added 2024/09/27 6:15 p.m.•16 views

CVE-2024-25411

A cross-site scripting XSS vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php...

6.1CVSS0.19678EPSS

Exploits1References3

NVD•added 2024/09/27 6:15 p.m.•11 views

CVE-2024-25412

A cross-site scripting XSS vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field...

6.1CVSS0.32531EPSS

Exploits1References2

OSV•added 2024/09/27 6:15 p.m.•9 views

CVE-2024-25412

A cross-site scripting XSS vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field...

6.1CVSS5.7AI score0.32531EPSS

Exploits1References2

Vulnrichment•added 2024/09/27 12:0 a.m.•14 views

CVE-2024-25412

A cross-site scripting XSS vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field...

5.8AI score0.32531EPSS

Exploits1References2

Vulnrichment•added 2024/09/27 12:0 a.m.•13 views

CVE-2024-25411

A cross-site scripting XSS vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php...

5.9AI score0.19678EPSS

Exploits1References3

Cvelist•added 2024/09/27 12:0 a.m.•12 views

CVE-2024-25411

A cross-site scripting XSS vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php...

0.19678EPSS

Exploits1References3

Cvelist•added 2024/09/27 12:0 a.m.•11 views

CVE-2024-25412

A cross-site scripting XSS vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field...

0.32531EPSS

Exploits1References2

NVD•added 2024/03/08 8:15 p.m.•9 views

CVE-2024-2338

PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that allows a user who owns a table to elevate to superuser when dynamic masking is enabled. PostgreSQL Anonymizer enables users to set security labels on tables to mask specified columns. There is a flaw that allows complex...

8CVSS8.2AI score0.00047EPSS

Exploits0References1

Prion•added 2024/03/08 8:15 p.m.•11 views

Input validation

PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a user who owns a table to elevate to superuser. A user can define a masking function for a column and place malicious code in that function. When a privileged user applies the masking rules using the static masking or the anonymous...

4.3CVSS7.2AI score0.00051EPSS

Exploits0References1

NVD•added 2023/08/15 10:15 p.m.•9 views

CVE-2023-39850

Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php...

9.8CVSS10AI score0.00234EPSS

Exploits1References2

Prion•added 2023/08/15 10:15 p.m.•6 views

Sql injection

Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php...

7.5CVSS10AI score0.00234EPSS

Exploits1References2Affected Software1

CVE•added 2023/08/15 12:0 a.m.•105 views

CVE-2023-39850

CVE-2023-39850 : Schoolmate v1.3 contains multiple SQL injection vulnerabilities in DeleteFunctions.php, exploitable via the parameters $courseid and $teacherid. The NVD entry rates the impact as CRITICAL (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating potential high confidentiality, ...

9.8CVSS9.9AI score0.00234EPSS

Exploits1References2Affected Software1

Cvelist•added 2023/08/15 12:0 a.m.•9 views

CVE-2023-39850

Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php...

10AI score0.00234EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by