Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

14726 matches found

CNNVD
CNNVDadded 2025/11/10 12:0 a.m.4 views

Combodo iTop 跨站脚本漏洞

Combodo iTop is a set of open source web applications developed by Combodo France based on ITIL and used for the daily operation of IT environments. The program provides incident management, configuration management, and problem management. A cross-site scripting vulnerability exists in Combodo...

8.5CVSS5.7AI score0.00153EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/11/07 7:58 p.m.5 views

CVE-2025-34237

Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting XSS vulnerability via StandaloneVpnClientsController.addStandaloneVpnClientAction. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the...

6.3CVSS6AI score0.00172EPSS
Exploits0References1
EUVD
EUVDadded 2025/11/07 6:30 p.m.3 views

EUVD-2025-38263

A DOM-based Cross-Site Scripting XSS vulnerability exists in the text editor feature of the Onlook web application 0.2.32. This vulnerability occurs because user-supplied input is not properly sanitized before being directly injected into the DOM via innerHTML when editing a text element. An...

5.5AI score0.00227EPSS
Exploits1References3
EUVD
EUVDadded 2025/11/07 6:30 p.m.4 views

EUVD-2025-38272

A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...

6.2AI score0.00254EPSS
Exploits1References3
NVD
NVDadded 2025/11/07 5:15 p.m.8 views

CVE-2025-63785

A DOM-based Cross-Site Scripting XSS vulnerability exists in the text editor feature of the Onlook web application 0.2.32. This vulnerability occurs because user-supplied input is not properly sanitized before being directly injected into the DOM via innerHTML when editing a text element. An...

6.1CVSS0.00227EPSS
Exploits1References2
OSV
OSVadded 2025/11/07 4:15 p.m.3 views

CVE-2025-63783

A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...

7.6CVSS5.8AI score0.00254EPSS
Exploits1References2
Cvelist
Cvelistadded 2025/11/07 12:0 a.m.7 views

CVE-2025-63784

An Open Redirect vulnerability exists in the OAuth callback handler in file onlook/apps/web/client/src/app/auth/callback/route.ts in Onlook web application 0.2.32. The vulnerability occurs because the application trusts the X-Forwarded-Host header value without proper validation when constructing...

0.00365EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2025/11/07 12:0 a.m.5 views

PT-2025-45470

Name of the Vulnerable Software and Affected Versions Onlook web application version 0.2.32 Description An Open Redirect issue exists in the OAuth callback handler located in the file onlook/apps/web/client/src/app/auth/callback/route.ts. The application improperly validates the X-Forwarded-Host...

6.4AI score0.00365EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2025/11/07 12:0 a.m.5 views

PT-2025-45466

Name of the Vulnerable Software and Affected Versions Onlook web application version 0.2.32 Description A Broken Object Level Authorization BOLA issue exists in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application. The API does not properly validate if the...

7.6CVSS5.5AI score0.00254EPSS
Exploits1References6
CVE
CVEadded 2025/11/07 12:0 a.m.9 views

CVE-2025-63784

Onlook web application 0.2.32 contains an Open Redirect vulnerability in the OAuth callback handler (file onlook/apps/web/client/src/app/auth/callback/route.ts). The issue arises from trusting the X-Forwarded-Host header without proper validation when constructing the redirect URL, enabling an at...

6.5CVSS6.5AI score0.00365EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2025/11/07 12:0 a.m.10 views

CVE-2025-63783

Onlook web application 0.2.32 contains a Broken Object Level Authorization (BOLA) in tRPC mutation APIs (update, delete, add/remove tag). The API fails to verify the requester’s ownership/membership for the target project ID, enabling an authenticated attacker to modify, delete, or manipulate tag...

7.6CVSS6.4AI score0.00254EPSS
Exploits1References2Affected Software1
GithubExploit
GithubExploitadded 2025/11/06 6:46 a.m.213 views

Exploit for OS Command Injection in Nestjs Devtools-Integration

PoC exploit for CVE-2025-54782, a vulnerability in an unspecifie...

9.4CVSS8.1AI score0.4617EPSS
Exploits4
RedhatCVE
RedhatCVEadded 2025/11/04 12:53 a.m.8 views

CVE-2025-63443

School Management System PHP v1.0 is vulnerable to Cross Site Scripting XSS in /login.php via the password parameter...

5.4CVSS6.5AI score0.00194EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/11/04 12:53 a.m.15 views

CVE-2025-63442

Simple User Management System with PHP-MySQL v1.0 is vulnerable to Cross-Site Scripting XSS via the Profile Section. The system fails to properly sanitize user input, allowing attackers to inject and execute arbitrary JavaScript when the input is displayed in the browser...

4.6CVSS6.4AI score0.00173EPSS
Exploits1References1
EUVD
EUVDadded 2025/11/03 6:31 p.m.2 views

EUVD-2025-37497

Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting XSS in /carlux/booking.php...

5.4CVSS5.7AI score0.00235EPSS
Exploits1References3
EUVD
EUVDadded 2025/11/03 4:32 a.m.4 views

EUVD-2025-37471

A flaw has been found in itsourcecode Billing System 1.0. This affects an unknown function of the file /admin/app/logincrud.php. Executing manipulation of the argument Password can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used...

7.5CVSS6.4AI score0.00389EPSS
Exploits1References6
CVE
CVEadded 2025/11/03 2:32 a.m.13 views

CVE-2025-12612

CVE-2025-12612 affects Campcodes School Fees Payment Management System 1.0. The vulnerability stems from improper handling of the parameter in the /ajax.php?action=delete_course path, where manipulation of the ID enables a SQL injection. The issue is exploitable remotely and, per connected source...

9.8CVSS6.4AI score0.00285EPSS
Exploits1References5Affected Software1
GithubExploit
GithubExploitadded 2025/11/03 12:1 a.m.134 views

xss_test

It is an offensive tool for web application testing. The tool ta...

6.3AI score
Exploits0
Packet Storm
Packet Stormadded 2025/11/03 12:0 a.m.105 views

📄 Casdoor 2.95.0 Cross Site Request Forgery

Casdoor version 2.55.0 suffers from a cross site request forgery vulnerability. Exploit Title: Casdoor 2.95.0 - Cross-Site Request Forgery CSRF Application: Casdoor Version: v2.95.0 2025-10-22 Date: 2025-10-23 Exploit Author: Van Lam Nguyen Vendor Homepage: https://casdoor.org/ Software Link:...

6.5CVSS6.3AI score0.03093EPSS
Exploits10
Vulnrichment
Vulnrichmentadded 2025/11/03 12:0 a.m.4 views

CVE-2025-63453

Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/contact.php...

7.6AI score0.00442EPSS
Exploits1References1
Rows per page
Query Builder