CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

59 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2005-1672

Malware in sbrugna...

4.6CVSS6.4AI score0.00903EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-24245

Malware in sbrugna...

8.1CVSS8AI score0.00139EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2021-33476

Malicious code in bioql PyPI...

8.1CVSS8.1AI score0.00144EPSS

Exploits1References1

OSV•added 2025/08/14 6:52 p.m.•1 views

MAL-2025-16300 Malicious code in buffer-xos (npm)

The package buffer-xos was found to contain malicious code...

7.2AI score

Exploits0

OSSF Malicious Packages•added 2025/08/14 6:52 p.m.•3 views

Malicious code in buffer-xos (npm)

The package buffer-xos was found to contain malicious code...

7AI score

Exploits0

RedhatCVE•added 2025/05/23 7:59 a.m.•4 views

CVE-2024-27453

In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface MMI...

8.6CVSS7.1AI score0.00291EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 8:7 p.m.•9 views

CVE-2021-37764

Arbitrary File Deletion vulnerability in XOS-Shop xosshopsystem 1.0.9 via currentmanufacturerimage parameter to /shop/admin/manufacturers.php...

8.1CVSS6.9AI score0.00139EPSS

Exploits0References1

OSV•added 2024/05/03 6:15 p.m.•0 views

CVE-2024-27453

In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface MMI...

8.6CVSS5.8AI score0.00291EPSS

Exploits1References2

NVD•added 2024/05/03 6:15 p.m.•16 views

CVE-2024-27453

In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface MMI...

8.6CVSS6.7AI score0.00291EPSS

Exploits1References2

Vulnrichment•added 2024/05/03 12:0 a.m.•17 views

CVE-2024-27453

In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface MMI...

7.1AI score0.00291EPSS

Exploits1References2

Positive Technologies•added 2024/05/03 12:0 a.m.•2 views

PT-2024-21906 · Extreme · Extremexos

Name of the Vulnerable Software and Affected Versions: Extreme XOS versions 22.6.1.4 and earlier Description: A read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface MMI. Recommendations: For Extreme XOS versions...

8.6CVSS6.5AI score0.00291EPSS

Exploits1References5

Cvelist•added 2024/05/03 12:0 a.m.•13 views

CVE-2024-27453

In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface MMI...

7AI score0.00291EPSS

Exploits1References2

CVE•added 2024/05/03 12:0 a.m.•55 views

CVE-2024-27453

Summary: CVE-2024-27453 affects Extreme XOS up to version 22.6.1.4. A read-only user can escalate to root by sending a crafted HTTP POST to the Machine-to-Machine Interface (MMI) Python method. This is a network-accessible vulnerability with no user interaction required. Affected software/area: E...

8.6CVSS7AI score0.00291EPSS

Exploits1References2Affected Software1

OSV•added 2023/02/21 12:30 a.m.•14 views

GHSA-G9PH-R9HC-34R8 Erxes vulnerable to Cross-site Scripting

Erxes, an experience operating system XOS with a set of plugins, is vulnerable to cross-site scripting in all versions. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches...

6.1CVSS7.4AI score0.84524EPSS

Exploits1References5

Github Security Blog•added 2023/02/21 12:30 a.m.•20 views

Erxes vulnerable to Cross-site Scripting

9.6CVSS8.4AI score0.84524EPSS

Exploits1References5Affected Software1

NVD•added 2023/02/20 11:15 p.m.•17 views

CVE-2021-32853

Erxes, an experience operating system XOS with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches...

9.6CVSS6.8AI score0.84524EPSS

Exploits1References3

Prion•added 2023/02/20 11:15 p.m.•24 views

Cross site scripting

6.8CVSS8.9AI score0.84524EPSS

Exploits1References3Affected Software1

CVE•added 2023/02/20 12:0 a.m.•67 views

CVE-2021-32853

Erxes XOS is affected by a cross-site scripting vulnerability tracked as CVE-2021-32853. Publicly disclosed for versions 0.22.3 and earlier, it enables client-side code execution when a victim follows a malicious link or is redirected from a malicious site. The core issue is improper escaping of ...

9.6CVSS7.5AI score0.84524EPSS

Exploits1References3Affected Software1

Cvelist•added 2023/02/20 12:0 a.m.•22 views

CVE-2021-32853 Erxes vulnerable to Cross-site Scripting

6.1CVSS9.2AI score0.84524EPSS

Exploits1References3

OSV•added 2022/06/16 9:15 p.m.•12 views

CVE-2021-46820

Arbitrary File Deletion vulnerability in XOS-Shop xosshopsystem 1.0.9 via currentmanufacturerimage parameter to /shop/admin/categories.php...

8.1CVSS6.8AI score

Exploits0References1

Rows per page