CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

471 matches found

phpLDAPadmin <= 1.2.3 - Reflected XSS

phpLDAPadmin = 1.2.3 contains a reflected cross-site scripting caused by unsanitized input in htdocs/entrychooser.php via the form, element, rdn, or container parameter, letting attackers execute malicious scripts in victim browsers, exploit requires sending crafted input. id: CVE-2017-11107 info...

6.1CVSS6.1AI score0.00044EPSS

Exploits1References3

RedhatCVE•added 2 days ago•5 views

CVE-2026-42159

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are comprised...

5.4CVSS5.8AI score0.00037EPSS

Exploits1References1

RedhatCVE•added 2 days ago•3 views

CVE-2026-44352

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Broken Access Control allows reading of sketch logs from any user. This vulnerability is fixed in 1.2.3...

5.3CVSS5.5AI score0.00043EPSS

Exploits0References1

RedhatCVE•added 2 days ago•5 views

CVE-2026-42156

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query and an adversary can execute an arbitrary Cypher...

7.1CVSS5.7AI score0.00183EPSS

Exploits0References1

NVD•added 2026/05/14 4:16 p.m.•5 views

CVE-2026-42159

5.4CVSS0.00037EPSS

Exploits1References1

CVE•added 2026/05/14 3:39 p.m.•8 views

CVE-2026-42159

CVE-2026-42159 affects Flowsint, an open-source OSINT graph exploration tool. A remote attacker can create a node whose description contains arbitrary HTML; when selected, the node renders that HTML and may trigger stored XSS. The issue resides in sketches and their nodes/relationships where desc...

5.4CVSS6AI score0.00037EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2026/05/14 3:39 p.m.•6 views

CVE-2026-42159 Flowsint: Stored XSS in description of node

5.3CVSS6AI score0.00037EPSS

Exploits1References1

Cvelist•added 2026/05/14 3:39 p.m.•34 views

CVE-2026-42159 Flowsint: Stored XSS in description of node

5.3CVSS0.00037EPSS

Exploits1References1

CNNVD•added 2026/05/13 12:0 a.m.•5 views

WordPress plugin WOOD Products Filter for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.5CVSS5.6AI score0.00037EPSS

Exploits0References1

NVD•added 2026/05/12 11:16 p.m.•5 views

CVE-2026-42158

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, an adversary with knowledge of an investigation ID, could update the metadata of an investigation of another user. This vulnerability is fixed in 1.2.3...

2.3CVSS0.00043EPSS

Exploits0References1

Vulnrichment•added 2026/05/12 11:1 p.m.•2 views

CVE-2026-42158 Flowsint: Broken Access Control allows modification of investigation metadata from any user

2.3CVSS5.8AI score0.00043EPSS

Exploits0References1

ATTACKERKB•added 2026/05/12 11:1 p.m.•4 views

CVE-2026-42158

2.3CVSS5.8AI score0.00043EPSS

Exploits0References2Affected Software1

CVE•added 2026/05/12 11:1 p.m.•11 views

CVE-2026-42158

Flowsint prior to 1.2.3 has a broken access control issue that lets an attacker who knows an investigation ID modify metadata of another user’s investigation. Affected product: Flowsint OSINT graph exploration tool. Root cause: unauthorized update of investigation metadata due to inadequate acces...

2.3CVSS5.8AI score0.00043EPSS

Exploits0References1

Cvelist•added 2026/05/12 11:1 p.m.•28 views

CVE-2026-42158 Flowsint: Broken Access Control allows modification of investigation metadata from any user

2.3CVSS0.00043EPSS

Exploits0References1

Vulnrichment•added 2026/05/12 11:0 p.m.•5 views

CVE-2026-42156 Flowsint: Cypher query injection in node type on node creation

7.1CVSS6AI score0.00183EPSS

Exploits0References1

CVE•added 2026/05/12 11:0 p.m.•11 views

CVE-2026-42156

Summary : CVE-2026-42156 affects Flowsint, an open-source OSINT graph exploration tool. Before version 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query, enabling execution of arbitrary Cypher queries. The issue is fixed in 1.2.3. Impact and...

7.1CVSS6AI score0.00183EPSS

Exploits0References1

Cvelist•added 2026/05/12 11:0 p.m.•32 views

CVE-2026-42156 Flowsint: Cypher query injection in node type on node creation

7.1CVSS0.00183EPSS

Exploits0References1

ATTACKERKB•added 2026/05/12 11:0 p.m.•3 views

CVE-2026-42156

7.1CVSS6AI score0.00183EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/12 10:58 p.m.•28 views

CVE-2026-42157 Flowsint: Stored XSS on map node marker in map page

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a map node with a malicious label that contains arbitrary HTML. When the map tab is selected and a map node marker is...

5.1CVSS0.00183EPSS

Exploits0References1

ATTACKERKB•added 2026/05/12 10:55 p.m.•3 views

CVE-2026-44352

5.3CVSS5.8AI score0.00043EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by