CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 5 days ago•5 views

EUVD-2019-20194

8.8CVSS6.4AI score0.0067EPSS

RedhatCVE•added 2026/06/05 7:47 p.m.•6 views

CVE-2026-6593

A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functionality of the file server.py of the component View Endpoint. Performing a manipulation results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made...

5.1CVSS3.9AI score0.00206EPSS

EUVD•added 2026/04/20 3:34 a.m.•3 views

EUVD-2026-23739

Cvelist•added 2026/04/20 1:30 a.m.•29 views

Exploits0References5

CVE-2026-6593 ComfyUI View Endpoint server.py cross site scripting

5.1CVSS0.00206EPSS

Vulnrichment•added 2026/04/20 1:30 a.m.•2 views

CVE-2026-6593 ComfyUI View Endpoint server.py cross site scripting

ATTACKERKB•added 2026/04/20 1:30 a.m.•2 views

CVE-2026-6593

CVE•added 2026/04/20 1:30 a.m.•14 views

CVE-2026-6593

CVE-2026-6593 affects ComfyUI up to 0.13.0. The issue lies in the View Endpoint’s file server.py, where manipulation can trigger cross-site scripting. Exploitation is remote and the exploit has been published. Vendor was contacted but did not respond. Impact details are limited to what the CVEs d...

OSV•added 2026/04/01 8:35 a.m.•5 views

BIT-APPSMITH-2026-34411 Appsmith < 1.98 Unauthenticated Instance Configuration Disclosure via Management APIs

Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256...

6.9CVSS5.9AI score0.00387EPSS

Exploits1References3

ATTACKERKB•added 2026/03/31 7:44 p.m.•3 views

CVE-2026-34365

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Estimate PDF generation module. User-supplied HTML in the estimate Notes field...

7.6CVSS5.8AI score0.00245EPSS

Exploits1References3Affected Software1

SUSE CVE•added 2026/03/28 12:25 a.m.•1 views

SUSE CVE-2026-33205

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitra...

5.5CVSS6AI score0.00173EPSS

Exploits1References3

RedhatCVE•added 2026/03/26 3:8 p.m.•2 views

CVE-2026-20162

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123, a low-privileged user who does not hold the "admin" or "power" Splunk roles could craft a malicious payload when creating a Vie...

6.3CVSS6.1AI score0.00201EPSS

EUVD•added 2026/03/11 6:30 p.m.•2 views

EUVD-2026-11226

6.3CVSS5.9AI score0.00201EPSS

Exploits0References2

Vulnrichment•added 2026/03/11 4:18 p.m.•2 views

CVE-2026-20162 Stored Cross-Site Scripting (XSS) through Path Traversal in Splunk Enterprise

6.3CVSS5.9AI score0.00201EPSS

Vulnrichment•added 2025/12/11 9:41 p.m.•5 views

CVE-2024-58307 CSZCMS 1.3.0 Authenticated SQL Injection via Members View Endpoint

CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks...

9.3CVSS7.7AI score0.00441EPSS

Exploits1References4

RedhatCVE•added 2025/10/19 6:43 a.m.•8 views

CVE-2025-11741

The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.2.5 via the 'woosqquickview' AJAX endpoint due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated...

5.3CVSS6.2AI score0.00306EPSS

Vulnrichment•added 2025/04/29 4:35 a.m.•9 views

CVE-2025-46343 n8n Vulnerable to Stored XSS through Attachments View Endpoint

n8n is a workflow automation platform. Prior to version 1.90.0, n8n is vulnerable to stored cross-site scripting XSS through the attachments view endpoint. n8n workflows can store and serve binary files, which are accessible to authenticated users. However, there is no restriction on the MIME typ...

5CVSS4.7AI score0.00208EPSS

OSV•added 2025/04/29 4:35 a.m.•9 views

CVE-2025-46343 n8n Vulnerable to Stored XSS through Attachments View Endpoint

5CVSS5.3AI score0.00208EPSS

Exploits0References6

Cvelist•added 2025/04/29 4:35 a.m.•22 views

CVE-2025-46343 n8n Vulnerable to Stored XSS through Attachments View Endpoint

5CVSS0.00208EPSS

CNNVD•added 2025/04/29 12:0 a.m.•3 views

n8n 跨站脚本漏洞

n8n is a scalable workflow automation tool from n8n open source. A cross-site scripting vulnerability exists in n8n versions prior to 1.90.0, which stems from the presence of a stored cross-site scripting attack on an attachment view endpoint...

5.4CVSS5.7AI score0.00208EPSS