VYPR
Vendor

Vulnerability Lookup

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2025-42620HigDec 8, 2025
    risk 0.54cvss epss 0.00

    In affected versions, vulnerability-lookup handled user-controlled content in comments and bundles in an unsafe way, which could lead to stored Cross-Site Scripting (XSS). On the backend, the related_vulnerabilities field of bundles accepted arbitrary strings without…

  • CVE-2025-42616HigDec 8, 2025
    risk 0.46cvss epss 0.00

    Some endpoints in vulnerability-lookup that modified application state (e.g. changing database entries, user data, configurations, or other privileged actions) may have been accessible via HTTP GET requests without requiring a CSRF token. This flaw leaves the application…

  • CVE-2025-60249MedSep 25, 2025
    risk 0.35cvss 6.4epss 0.00

    vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting (XSS) vulnerability was discovered in the handling of user-supplied input in the…

  • CVE-2025-32413MedApr 8, 2025
    risk 0.35cvss 6.4epss 0.00

    Vulnerability-Lookup before 2.7.1 allows stored XSS via a user bio in website/web/views/user.py.