CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

592 matches found

Vulnrichment•added 2023/09/25 3:55 p.m.•10 views

CVE-2023-4892 Teedy v1.11 - Stored cross-site scripting (XSS)

Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp...

5.7CVSS6.8AI score0.00385EPSS

Exploits1References2

OSV•added 2023/09/18 9:36 p.m.•18 views

CVE-2023-42454 SQLpage vulnerable to public exposure of database credentials

SQLpage is a SQL-only webapp builder. Someone using SQLpage versions prior to 0.11.1, whose SQLpage instance is exposed publicly, with a database connection string specified in the sqlpage/sqlpage.json configuration file not in an environment variable, with the webroot is the current working...

10CVSS8.6AI score0.00602EPSS

Exploits1References5

Debian CVE•added 2023/08/01 10:39 p.m.•24 views

CVE-2023-3733

Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS4.9AI score0.00574EPSS

Exploits1

CNVD•added 2023/07/30 12:0 a.m.•30 views

Apache Jackrabbit Code Execution Vulnerability

Apache Jackrabbit is a content repository from Apache USA. A code execution vulnerability exists in Apache Jackrabbit Webapp/Standalone, which stems from the component commons-beanutils failing to properly filter special elements of constructed snippets. An attacker could exploit the vulnerabilit...

9.8CVSS7.8AI score0.02657EPSS

Exploits0References1

CVE•added 2023/07/25 2:2 p.m.•103 views

CVE-2023-37895

Summary: CVE-2023-37895 affects Apache Jackrabbit Webapp/Standalone via an unsafe deserialization in the commons-beanutils component, enabling remote code execution over RMI. Affected RMIs include versions up to 2.20.10 (stable) and 2.21.17 (unstable). Impact: potential remote code execution with...

9.8CVSS10AI score0.02657EPSS

Exploits0References4Affected Software1

NVD•added 2023/05/16 7:15 p.m.•15 views

CVE-2023-2726

Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS8AI score0.00681EPSS

Exploits0References7

Prion•added 2023/05/16 7:15 p.m.•26 views

Design/Logic Flaw

6.8CVSS7.8AI score0.00681EPSS

Exploits0References7Affected Software3

Debian CVE•added 2023/05/16 6:45 p.m.•33 views

CVE-2023-2726

8.8CVSS8.3AI score0.00681EPSS

Exploits0

Cvelist•added 2023/05/16 6:45 p.m.•20 views

CVE-2023-2726

8.2AI score0.00681EPSS

Exploits0References7

Packet Storm•added 2023/03/31 12:0 a.m.•245 views

Textpattern 4.8.8 Remote Code Execution

Exploit Title: Textpattern 4.8.8 - Remote Code Execution RCE Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://textpattern.com/ Version : 4.8.8 Tested on: windows 11 xammp | Kali linux Category: WebApp Google Dork: intext:"Published with Textpattern...

6.8AI score

Exploits0

0day.today•added 2023/03/31 12:0 a.m.•156 views

Textpattern 4.8.8 - Remote Code Execution (Authenticated) Vulnerability

6.8AI score

Exploits0

0day.today•added 2023/03/31 12:0 a.m.•250 views

Bludit 3-14-1 Plugin (UploadPlugin) - Remote Code Execution (Authenticated) Vulnerability

Exploit Title: Bludit 3-14-1 Plugin 'UploadPlugin' - Remote Code Execution RCE Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.bludit.com/ Version : 3-14-1 Tested on: windows 11 wampserver | Kali linux Category: WebApp Google Dork: intext:'2022...

7.1AI score

Exploits0

Exploit DB•added 2023/03/31 12:0 a.m.•198 views

Textpattern 4.8.8 - Remote Code Execution (RCE) (Authenticated)

7AI score

Exploits0

Exploit DB•added 2023/03/31 12:0 a.m.•192 views

Bludit 3-14-1 Plugin 'UploadPlugin' - Remote Code Execution (RCE) (Authenticated)

7.4AI score

Exploits0

OSV•added 2023/03/07 10:15 p.m.•20 views

CVE-2023-1230

Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5AI score

Exploits0References2

NVD•added 2023/03/07 10:15 p.m.•18 views

CVE-2023-1230

4.3CVSS3.9AI score0.00266EPSS

Exploits0References2

Debian CVE•added 2023/03/07 9:42 p.m.•25 views

CVE-2023-1230

4.3CVSS6AI score0.00266EPSS

Exploits0

OSV•added 2023/02/23 3:33 p.m.•13 views

GHSA-MJV2-6JV4-VRG7 OpenNMS Meridian and Horizon vulnerable to Cross-site Scripting

6.1CVSS6.2AI score0.00424EPSS

Exploits0References5

Github Security Blog•added 2023/02/23 3:33 p.m.•26 views

OpenNMS Meridian and Horizon vulnerable to Cross-site Scripting

6.7CVSS6AI score0.00424EPSS

Exploits0References5Affected Software1

Cvelist•added 2023/02/23 2:49 p.m.•22 views

CVE-2023-0867 Multiple stored and reflected Cross-site Scripting in webapp

Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horiz...

6.7CVSS6.5AI score0.00424EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by