CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

249 matches found

CNNVD•added 2026/05/26 12:0 a.m.•5 views

IBM Cognos Analytics和IBM Cognos Transformer 跨站脚本漏洞

IBM Cognos Analytics and IBM Cognos Transformer are products of American International Business Machines IBM. IBM Cognos Analytics is a business intelligence software suite. This software includes reports, dashboards, and scorecards, and can assist businesses in adjusting their decisions by...

7.6CVSS5.8AI score0.00029EPSS

Exploits0References2

EUVD•added 2026/04/06 2:48 p.m.•0 views

EUVD-2026-19281

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, client hostnames and IP addresses from the FTL database are rendered into the DOM without escaping in network.js Network page and charts.js/index....

3.4CVSS5.9AI score0.00027EPSS

Exploits0References1

Tenable Nessus•added 2026/03/20 12:0 a.m.•1 views

IBM QRadar SIEM 7.5.x < 7.5.0 UP15 Multiple Vulnerabilities

According to its self-reported version, the IBM QRadar SIEM installation on the remote host is 7.5.x prior to 7.5.0 Update Pack 15. It is, therefore, affected by multiple vulnerabilities: - IBM QRadar SIEM could allow an attacker with access to one tenant to access hostname data from another...

6.2CVSS5.6AI score0.00059EPSS

Exploits0References5

ATTACKERKB•added 2026/03/13 7:8 p.m.•0 views

CVE-2025-14504

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.72, 6.2.0.0 through 6.2.0.51, 6.2.1.0 through 6.2.1.11, and 6.2.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering...

5.4CVSS5.5AI score0.00012EPSS

Exploits0References2Affected Software2

Vulnrichment•added 2026/03/06 4:16 a.m.•2 views

CVE-2026-28509 LangBot has a Cross Site Scripting(XSS) Vulnerability

LangBot is a global IM bot platform designed for LLMs. Prior to version 4.8.7, LangBot’s web UI renders user-supplied raw HTML using rehypeRaw, which can lead to a cross-site scripting XSS vulnerability. This issue has been patched in version 4.8.7...

6.3CVSS5.7AI score0.00043EPSS

Exploits1References2

OSV•added 2026/01/20 4:16 p.m.•0 views

CVE-2025-36113

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

5.4CVSS5.4AI score

Exploits0References1

CNNVD•added 2026/01/20 12:0 a.m.•4 views

IBM Application Gateway cross-site scripting vulnerability

IBM Application Gateway is an application gateway offered by the American multinational company International Business Machines IBM. It provides a containerized secure web reverse proxy that is designed to be placed before your applications, seamlessly adding authentication and authorization...

5.4CVSS5.8AI score0.00049EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:27 a.m.•5 views

CVE-2023-45181

IBM Jazz Foundation 7.0.2 and below are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

6.1CVSS6.3AI score0.00071EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:17 a.m.•5 views

CVE-2025-23407

Incorrect privilege assignment vulnerability in the WEB UI the setting page exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote attacker who can log in to the product may alter the settings without appropriate privileges...

4.3CVSS7.1AI score0.00294EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:4 a.m.•3 views

CVE-2024-39728

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessio...

6.4CVSS5.9AI score0.00308EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:17 a.m.•3 views

CVE-2025-1349

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...

5.5CVSS6.4AI score0.00131EPSS

Exploits0References1

EUVD•added 2025/11/04 12:32 a.m.•1 views

EUVD-2025-37552

IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 001, 24.0.1 through 24.0.1 Interim Fix 004, 24.0.0 through 24.0.0 Interim Fix 006, and earlier unsupported releases IBM Business Automation Workflow is vulnerable to stored cross-site scripting. This vulnerability allows an...

6.4CVSS5.8AI score0.00021EPSS

Exploits0References2

RedhatCVE•added 2025/10/16 4:56 p.m.•1 views

CVE-2025-20350

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to a buffer overflow...

7.5CVSS7.2AI score0.00041EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-25952

Malware in sbrugna...

4.8CVSS5.1AI score0.00162EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-12001

Malware in sbrugna...

5.4CVSS5.5AI score0.00151EPSS

Exploits0References4