CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1207 matches found

CVE•added 2025/12/20 8:22 a.m.•11 views

CVE-2025-14298

CVE-2025-14298 (FiboSearch – Ajax Search for WooCommerce) stores cross-site scripting via thegem_te_search shortcode in all versions up to 1.32.0. Exploitation requires TheGem Theme (premium) with Header Builder mode and FiboSearch’s "Replace search bars" option enabled for TheGem integration. Th...

5.4CVSS4.7AI score0.00031EPSS

Exploits0References5

RedHat Linux•added 2025/12/18 1:35 a.m.•5 views

cpython: python: CPython DecodeError Handling Vulnerability

A vulnerability has been identified in CPython's bytes.decode function when used with the "unicodeescape" encoding and the "ignore" or "replace" error handling modes. This flaw can result in the incorrect decoding of byte strings. While this may not directly lead to traditional security breaches...

5.9CVSS5.7AI score0.00209EPSS

Exploits0References9

RedhatCVE•added 2025/12/17 10:3 a.m.•2 views

CVE-2025-54045

Missing Authorization vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM On Demand Search And Replace: from n/a through = 1.5.5...

4.3CVSS5.9AI score0.00036EPSS

Exploits0References1

EUVD•added 2025/12/16 9:31 a.m.•1 views

EUVD-2025-203617

4.3CVSS6.5AI score0.00036EPSS

Exploits0References2

NVD•added 2025/12/16 9:15 a.m.•1 views

CVE-2025-54045

4.3CVSS0.00036EPSS

Exploits0References1

CVE•added 2025/12/16 8:12 a.m.•3 views

CVE-2025-54045

CVE-2025-54045 affects the WordPress plugin CM On Demand Search And Replace by CreativeMindsSolutions. The issue is a broken/misconfigured access control that allows an authorization bypass, as described across multiple sources. Affected versions include CM On Demand Search And Replace up to 1.5....

4.3CVSS5.9AI score0.00036EPSS

Exploits0References1

Cvelist•added 2025/12/16 8:12 a.m.•29 views

CVE-2025-54045 WordPress CM On Demand Search And Replace plugin <= 1.5.5 - Broken Access Control vulnerability

4.3CVSS0.00036EPSS

Exploits0References1

Positive Technologies•added 2025/12/16 12:0 a.m.•2 views

PT-2025-51381

Name of the Vulnerable Software and Affected Versions CreativeMindsSolutions CM On Demand Search And Replace versions through 1.5.4 Description An authorization issue exists in CreativeMindsSolutions CM On Demand Search And Replace, allowing exploitation due to incorrectly configured access contr...

4.3CVSS6.6AI score0.00036EPSS

Exploits0References3

CNNVD•added 2025/12/16 12:0 a.m.•1 views

WordPress plugin CM On Demand Search And Replace 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

4.3CVSS6.8AI score0.00036EPSS

Exploits0References1

RedhatCVE•added 2025/12/10 6:26 a.m.•1 views

CVE-2023-53819

In the Linux kernel, the following vulnerability has been resolved: amdgpu: validate offsetinbo of drmamdgpugemva This is motivated by OOB access in amdgpuvmupdaterange when offsetinbo+mapsize overflows. v2: keep the validations in amdgpuvmbomap v3: add the validations to...

7.5CVSS5.2AI score0.0004EPSS

Exploits0References4

OSV•added 2025/12/09 4:17 p.m.•2 views

DEBIAN-CVE-2022-50678

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix invalid address access when enabling SCAN log level The variable i is changed when setting random MAC address and causes invalid address access when printing the value of pi-reqsi-reqid. We replace reqs index...

5.3AI score0.0004EPSS

Exploits0References1

EUVD•added 2025/12/09 3:31 a.m.•1 views

EUVD-2023-60106

In the Linux kernel, the following vulnerability has been resolved: ubi: Fix use-after-free when volume resizing failed There is an use-after-free problem reported by KASAN: ================================================================== BUG: KASAN: use-after-free in ubiebacopytable+0x11f/0x1c...

6AI score0.0004EPSS

Exploits0References9

EUVD•added 2025/12/09 3:31 a.m.•1 views

EUVD-2023-60087

6AI score0.0004EPSS

Exploits0References9

OSV•added 2025/12/09 1:29 a.m.•2 views

CVE-2022-50678 wifi: brcmfmac: fix invalid address access when enabling SCAN log level

6.4AI score0.0004EPSS

Exploits0References11

OSV•added 2025/12/09 1:16 a.m.•1 views

DEBIAN-CVE-2023-53819

5.3AI score0.0004EPSS

Exploits0References1

Debian CVE•added 2025/12/09 12:1 a.m.•3 views

CVE-2023-53819

5.3AI score0.0004EPSS

Exploits0

Positive Technologies•added 2025/12/02 12:0 a.m.•3 views

PT-2025-48774

ASUS warns of a critical flaw in AiCloud routers CVE-2025-593656. Attackers can remotely run OS commands no login needed. • Update firmware • Disable AiCloud/Samba/WAN access if no patch • Replace end-of-life devices • Strengthen passwords https://t.co/Dt2oT0g298...

7.2AI score

Exploits0References1

Positive Technologies•added 2025/11/26 12:0 a.m.•1 views

PT-2025-48119

CMService.exe creates the C:usr directory and subdirectories with insecure permissions, granting write access to all authenticated users. This allows attackers to replace configuration files such as snmp.conf or hijack DLLs to escalate privileges...

6.9CVSS7.1AI score0.00017EPSS

Exploits0References2

RedhatCVE•added 2025/11/14 4:6 a.m.•4 views

CVE-2025-12366

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.5 via the pagelayerreplacepage function due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS5.5AI score0.00034EPSS

Exploits0References1

NVD•added 2025/11/13 4:15 a.m.•4 views

CVE-2025-12366

4.3CVSS0.00034EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by