CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

144 matches found

WordPress Sunshine Photo Cart <2.9.15 - Cross-Site Scripting

WordPress Sunshine Photo Cart plugin before 2.9.15 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affecte...

6.1CVSS6.4AI score0.03859EPSS

Exploits1References5

OSV•added 2026/03/25 1:17 a.m.•1 views

DEBIAN-CVE-2026-20691

An authorization issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A maliciously crafted webpage may be able to fingerprint the user...

4.3CVSS5.2AI score0.00045EPSS

Exploits0References1

OSV•added 2026/02/03 10:16 p.m.•1 views

CVE-2020-37096

Edimax EW-7438RPn 1.13 contains a cross-site request forgery vulnerability in the MAC filtering configuration interface. Attackers can craft malicious web pages to trick users into adding unauthorized MAC addresses to the device's filtering rules without their consent...

4.3CVSS5.7AI score0.00023EPSS

Exploits1References3

EUVD•added 2025/12/25 3:30 p.m.•3 views

EUVD-2025-205378

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd. Co. Titarus allows Cross-Site Scripting XSS.This issue affects Titarus: before 2.144.4...

7.6CVSS5.4AI score0.00012EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2014-6161

Malware in sbrugna...

5.9CVSS5.9AI score0.00326EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-5083

Malware in sbrugna...

6.1CVSS6.3AI score0.00364EPSS

Exploits2References4

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-2787

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00367EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-1621

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00073EPSS

Exploits0References5

Packet Storm News•added 2025/09/14 12:0 a.m.•2 views

Realistic Environmental Injection Attacks on GUI Agents

GUI agents built on LVLMs are increasingly used to interact with websites. However, their exposure to open-world content makes them vulnerable to Environmental Injection Attacks EIAs that hijack agent behavior via webpage elements. Many recent studies assume the attacker to be a regular user who...

7.4AI score

Exploits0

RedHat Linux•added 2025/08/25 4:53 a.m.•5 views

angle: insufficient input validation can cause undefined behavior

A flaw was found in the libANGLE library. An improper input validation can cause undefined behavior when a specially crafted webpage is visited, potentially resulting in code execution...

8.8CVSS7.2AI score0.00253EPSS

Exploits0References8

RedHat Linux•added 2025/08/25 4:52 a.m.•3 views

angle: insufficient input validation can cause undefined behavior

A flaw was found in the libANGLE library. An improper input validation can cause undefined behavior when a specially crafted webpage is visited, potentially resulting in code execution...

8.8CVSS7.2AI score0.00253EPSS

Exploits0References8

RedHat Linux•added 2025/08/13 9:46 a.m.•4 views

angle: insufficient input validation can cause undefined behavior

A flaw was found in the libANGLE library. An improper input validation can cause undefined behavior when a specially crafted webpage is visited, potentially resulting in code execution...

8.8CVSS7.2AI score0.00253EPSS

Exploits0References8

RedHat Linux•added 2025/08/13 9:40 a.m.•4 views

angle: insufficient input validation can cause undefined behavior

A flaw was found in the libANGLE library. An improper input validation can cause undefined behavior when a specially crafted webpage is visited, potentially resulting in code execution...

8.8CVSS7.2AI score0.00253EPSS

Exploits0References8

Packet Storm News•added 2025/04/15 12:0 a.m.•1 views

The Obvious Invisible Threat: LLM-Powered GUI Agents' Vulnerability to Fine-Print Injections

A Large Language Model LLM powered GUI agent is a specialized autonomous system that performs tasks on the user's behalf according to high-level instructions. It does so by perceiving and interpreting the graphical user interfaces GUIs of relevant apps, often visually, inferring necessary sequenc...

6.8AI score

Exploits0

Tenable Nessus•added 2025/03/05 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2024-27838

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The issue was addressed by adding additional logic. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14....

6.5CVSS6.8AI score0.0089EPSS

Exploits0References3

OSV•added 2025/01/27 10:15 p.m.•1 views

UBUNTU-CVE-2025-24143

The issue was addressed with improved access restrictions to the file system. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user...

6.5CVSS6.9AI score0.00157EPSS

Exploits0References4

CNNVD•added 2024/12/18 12:0 a.m.•1 views

Browsershot 安全漏洞

Browsershot is an open source tool from Spatie. It is used to convert web pages into images or pdfs. Browsershot 5.0.1 and earlier versions have a security vulnerability , the vulnerability stems from the vulnerability to directory traversal attacks , the attacker can read any file on the server...

8.7CVSS6.4AI score0.0007EPSS

Exploits0References3