CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20991 matches found

Snyk•added 2025/12/17 7:49 p.m.•2 views

Directory Traversal

Overview mcp-server-git is an A Model Context Protocol server providing tools to read, search, and manipulate Git repositories programmatically via LLMs Affected versions of this package are vulnerable to Directory Traversal via the gitinit tool. An attacker can create repositories at arbitrary...

8.8CVSS7.3AI score0.07822EPSS

Exploits0References2

RedhatCVE•added 2025/12/17 6:2 p.m.•8 views

CVE-2023-53902

WebsiteBaker 2.13.3 contains a directory traversal vulnerability that allows authenticated attackers to delete arbitrary files by manipulating directory path parameters. Attackers can send crafted GET requests to /admin/media/delete.php with directory traversal sequences to delete files outside t...

7CVSS6.9AI score0.0085EPSS

Exploits1References1

Snyk•added 2025/12/17 4:42 p.m.•3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of the nginx.org/rewrite-target annotation. An attacker can access or modify unauthorized files or directories by supplying crafted input to the annotation. Details A Directory Traversal attac...

8.7CVSS7.5AI score0.00373EPSS

Exploits0References2

IBM Security Bulletins•added 2025/12/17 4:41 p.m.•42 views

Security Bulletin: Apache uimaj-core.jar security vulnerability CVE-2022-32287 and CVE-2023-39913 in FileNet Content Manager (FNCM) component Content Search Services (CSS) / Enterprise Content Management Text Search (ECMTS)

Summary Apache uimaj-core.jar security vulnerability CVE-2022-32287 and CVE-2023-39913 in FileNet Content Manager FNCM component Content Search Services CSS / Enterprise Content Management Text Search ECMTS Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

8.8CVSS8.8AI score0.01556EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/12/17 1:6 p.m.•6 views

Security Bulletin: Vulnerability in Jinja2 affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-56326, CVE-2024-56201]

Summary The Jinja2 package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-56326, CVE-2024-56201 Vulnerability Details CVEID:CVE-2024-56326 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.5, An oversig...

8.8CVSS7.2AI score0.00496EPSS

Exploits0Affected Software1

RedHat Linux•added 2025/12/17 7:32 a.m.•60 views

libsoup: Heap Use-After-Free in libsoup message queue handling during HTTP/2 read completion

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...

7.5CVSS5.6AI score0.00416EPSS

Exploits0References5

IBM Security Bulletins•added 2025/12/17 7:15 a.m.•9 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data version 5.3 Vulnerability Details CVEID:CVE-2025-41242 DESCRIPTION: Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a...

9.8CVSS7.8AI score0.02169EPSS

Exploits2Affected Software1

Packet Storm News•added 2025/12/17 12:0 a.m.•6 views

WuppieFuzz: Coverage-Guided, Stateful REST API Fuzzing

Many business processes currently depend on web services, often using REST APIs for communication. REST APIs expose web service functionality through endpoints, allowing easy client interaction over the Internet. To reduce the security risk resulting from exposed endpoints, thorough testing is...

7.1AI score

Exploits0

Snyk•added 2025/12/16 6:44 p.m.•2 views

Directory Traversal

Overview @vitejs/plugin-rsc is a React Server Components RSC support for Vite. Affected versions of this package are vulnerable to Directory Traversal via the /viterscfindSourceMapURL endpoint when processing HTTP requests containing a file:// URL in the filename query parameter. An attacker can...

8.7CVSS7.5AI score0.00552EPSS

Exploits0References2

OSV•added 2025/12/16 5:16 p.m.•4 views

CVE-2023-53902

7CVSS5.9AI score

Exploits0References3

NVD•added 2025/12/16 5:16 p.m.•7 views

CVE-2023-53902

7CVSS0.0085EPSS

Exploits1References3

EUVD•added 2025/12/16 5:3 p.m.•3 views

EUVD-2023-60188

7CVSS6.4AI score0.0085EPSS

Exploits1References4

CVE•added 2025/12/16 5:3 p.m.•10 views

CVE-2023-53902

CVE-2023-53902 affects WebsiteBaker 2.13.3 with a directory traversal vulnerability in the /admin/media/delete.php endpoint. An authenticated attacker can delete arbitrary files by manipulating directory path parameters, exploiting traversal sequences to access files outside the intended director...

7CVSS6.5AI score0.0085EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2025/12/16 5:3 p.m.•3 views

CVE-2023-53902 WebsiteBaker 2.13.3 Directory Traversal via Media Delete Endpoint

7CVSS6.5AI score0.0085EPSS

Exploits1References3

Cvelist•added 2025/12/16 5:3 p.m.•28 views

CVE-2023-53902 WebsiteBaker 2.13.3 Directory Traversal via Media Delete Endpoint

7CVSS0.0085EPSS

Exploits1References3

RedhatCVE•added 2025/12/16 2:49 p.m.•5 views

CVE-2025-34181

NetSupport Manager 14.12.0001 contains an arbitrary file write vulnerability in its Connectivity Server/Gateway PUTFILE request handler. An attacker with a valid Gateway Key can supply a crafted filename containing directory traversal sequences to write files to arbitrary locations on the server...

8.7CVSS8.1AI score0.00872EPSS

Exploits0References1

IBM Security Bulletins•added 2025/12/16 11:25 a.m.•8 views

Security Bulletin: Vulnerability in Netty affects IBM Netezza Appliance

Summary The Netty package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-59419 Vulnerability Details CVEID:CVE-2025-59419 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and...

6.9CVSS7.4AI score0.01617EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/12/16 7:0 a.m.•16 views

Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Partner Engagement Manager

Summary Multiple vulnerabilities were addressed in IBM Sterling Partner Engagement Manager versions 6.2.3.5 and 6.2.4.2. Vulnerability Details CVEID:CVE-2025-41234 DESCRIPTION: Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a...

9.8CVSS7.7AI score0.32257EPSS

Exploits8Affected Software1

IBM Security Bulletins•added 2025/12/16 5:55 a.m.•15 views

Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Partner Engagement Manager

9.8CVSS7.8AI score0.32257EPSS

Exploits8Affected Software1

Positive Technologies•added 2025/12/16 12:0 a.m.•5 views

PT-2025-51400

Name of the Vulnerable Software and Affected Versions WordPress Health Check & Troubleshooting versions through 1.7.1 Description The Health Check & Troubleshooting plugin contains a path traversal flaw. The flaw is due to insufficient sanitization of user-supplied input, specifically allowing th...

4.9CVSS6.5AI score0.00419EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by