Vulnerability Lookup
Products
1- 4 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-42620 | Hig | 0.54 | — | 0.00 | Dec 8, 2025 | In affected versions, vulnerability-lookup handled user-controlled content in comments and bundles in an unsafe way, which could lead to stored Cross-Site Scripting (XSS). On the backend, the related_vulnerabilities field of bundles accepted arbitrary strings without… | ||
| CVE-2025-42616 | Hig | 0.46 | — | 0.00 | Dec 8, 2025 | Some endpoints in vulnerability-lookup that modified application state (e.g. changing database entries, user data, configurations, or other privileged actions) may have been accessible via HTTP GET requests without requiring a CSRF token. This flaw leaves the application… | ||
| CVE-2025-60249 | Med | 0.35 | 6.4 | 0.00 | Sep 25, 2025 | vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting (XSS) vulnerability was discovered in the handling of user-supplied input in the… | ||
| CVE-2025-32413 | Med | 0.35 | 6.4 | 0.00 | Apr 8, 2025 | Vulnerability-Lookup before 2.7.1 allows stored XSS via a user bio in website/web/views/user.py. |
- risk 0.54cvss —epss 0.00
In affected versions, vulnerability-lookup handled user-controlled content in comments and bundles in an unsafe way, which could lead to stored Cross-Site Scripting (XSS). On the backend, the related_vulnerabilities field of bundles accepted arbitrary strings without…
- risk 0.46cvss —epss 0.00
Some endpoints in vulnerability-lookup that modified application state (e.g. changing database entries, user data, configurations, or other privileged actions) may have been accessible via HTTP GET requests without requiring a CSRF token. This flaw leaves the application…
- risk 0.35cvss 6.4epss 0.00
vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting (XSS) vulnerability was discovered in the handling of user-supplied input in the…
- risk 0.35cvss 6.4epss 0.00
Vulnerability-Lookup before 2.7.1 allows stored XSS via a user bio in website/web/views/user.py.