CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

315 matches found

CNNVD•added 2026/04/20 12:0 a.m.•2 views

Copilot API Proxy 安全漏洞

Copilot API Proxy is a reverse proxy service for the GitHub Copilot API developed by Erick Christian. Versions of Copilot API Proxy prior to 0.7.0 contain security vulnerabilities. These vulnerabilities stem from a flaw in the cors function within the file/src/server.ts file of the component’s...

7.5CVSS7.1AI score0.00025EPSS

Exploits0References1

EUVD•added 2026/04/14 8:38 a.m.•0 views

EUVD-2026-22239

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. This can occur due to sslverify in openid-connect plugin configuration being set to false by default. This issue affects Apache APISIX: from 0.7 through 3.15.0. Users are recommended to upgrade to version 3.16.0, whic...

7.5CVSS5.8AI score0.00045EPSS

Exploits0References1

Positive Technologies•added 2026/04/14 12:0 a.m.•0 views

PT-2026-32602

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. This can occur due to ssl verify in openid-connect plugin configuration being set to false by default. This issue affects Apache APISIX: from 0.7 through 3.15.0. Users are recommended to upgrade to version 3.16.0, whi...

7.5CVSS5.8AI score0.00045EPSS

Exploits0References5

ATTACKERKB•added 2026/03/24 2:50 a.m.•0 views

CVE-2026-4732

Out-of-bounds Read vulnerability in tildearrow furnace ‎extern/libsndfile-modified/src modules. This vulnerability is associated with program files flac.C‎. This issue affects furnace: before 0.7...

9.3CVSS5.8AI score0.00021EPSS

Exploits0References2

CVE•added 2026/03/24 2:50 a.m.•9 views

CVE-2026-4732

CVE-2026-4732 is an out-of-bounds read in furnace (extern/libsndfile-modified/src modules) associated with the flac.C file, affecting furnace versions before 0.7. Red Hat notes a local-denial-of-service risk with potential information disclosure or arbitrary code execution. Circl and EUVD entries...

9.3CVSS5.8AI score0.00021EPSS

Exploits0References1

Cvelist•added 2026/03/24 2:50 a.m.•22 views

CVE-2026-4732 Out-of-bounds Read Overflow in tildearrow/furnace

9.3CVSS0.00021EPSS

Exploits0References1

Patchstack•added 2026/02/06 12:35 a.m.•4 views

WordPress Orange Confort+ accessibility toolbar for WordPress plugin <= 0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Orange Comfort+ accessibility toolbar for WordPress versions = 0.7...

6.4CVSS5.3AI score0.00015EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/02/06 12:0 a.m.•2 views

WordPress plugin Orange Confort+ 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.00015EPSS

Exploits0References4

CVE•added 2026/01/29 2:28 p.m.•5 views

CVE-2020-37007

CVE-2020-37007 concerns Liman 0.7 and describes a cross-site request forgery (CSRF) vulnerability that lets an attacker manipulate user account settings by tricking an authenticated user into submitting unauthorized requests. The underlying issue is improper request validation in the change-passw...

5.3CVSS5.8AI score0.00032EPSS

Exploits1References3Affected Software1

CNNVD•added 2026/01/29 12:0 a.m.•2 views

Liman security vulnerabilities

Liman is an open-source application developed by Liman MYS. It allows for the remote and secure management of all servers, clients, and network devices within an organization. Version 0.7 of Liman contains a security vulnerability caused by insufficient request validation, which may lead to...

5.3CVSS5.7AI score0.00032EPSS

Exploits1References4

Positive Technologies•added 2026/01/29 12:0 a.m.•3 views

PT-2026-5282

Name of the Vulnerable Software and Affected Versions Liman version 0.7 Description The software contains a cross-site request forgery issue that allows attackers to manipulate user account settings without proper request validation. Attackers can create malicious HTML forms to change user...

5.3CVSS5.2AI score0.00032EPSS

Exploits1References5

OpenVAS•added 2026/01/23 12:0 a.m.•5 views

Fedora: Security Advisory (FEDORA-2026-35d1dee2ab)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5AI score

Exploits0References3

RedhatCVE•added 2026/01/09 8:48 a.m.•3 views

CVE-2025-23960

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in basteln3rk Save & Import Image from URL save-import-image-from-url allows Reflected XSS.This issue affects Save & Import Image from URL: from n/a through = 0.7...

7.1CVSS7.2AI score0.00178EPSS

Exploits0References1