CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

157 matches found

Positive Technologies•added 2026/04/25 12:0 a.m.•4 views

PT-2026-35502

Name of the Vulnerable Software and Affected Versions Cilium versions prior to 1.17.15 Cilium versions 1.18.0 through 1.18.8 Cilium versions 1.19.0 through 1.19.2 Description When run against deployments with WireGuard encryption enabled, the output of the cilium-bugtool debugging tool can contai...

7.9CVSS5.8AI score0.00005EPSS

Exploits0References16

OSV•added 2026/03/05 4:23 p.m.•0 views

CVE-2026-27023 Twenty: SSRF protection bypass via HTTP redirect following in secure HTTP client

Twenty is an open source CRM. Prior to version 1.18, the SSRF protection in SecureHttpClientService validated request URLs at the request level but did not validate redirect targets. An authenticated user who could control outbound request URLs e.g., webhook endpoints, image URLs could bypass...

5CVSS5.7AI score0.00042EPSS

Exploits0References4

ATTACKERKB•added 2026/03/05 4:23 p.m.•1 views

CVE-2026-27023

5CVSS5.8AI score0.00042EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/03/05 12:0 a.m.•3 views

PT-2026-23479

5CVSS5.8AI score0.00042EPSS

Exploits0References3

CVE•added 2026/02/05 10:2 p.m.•8 views

CVE-2026-1970

Summary: CVE-2026-1970 affects Edimax BR-6258n up to firmware 1.18, specifically the formStaDrvSetup function in /goform/formStaDrvSetup. The vulnerability arises from manipulating the submit-url argument, enabling an open redirect. The issue can be triggered remotely, and exploits have been publ...

6.1CVSS5.2AI score0.00012EPSS

Exploits1References4Affected Software1

RedhatCVE•added 2026/01/23 9:16 p.m.•2 views

CVE-2025-68866

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in woofer696 Dinatur dinatur allows Stored XSS.This issue affects Dinatur: from n/a through = 1.18...

7.1CVSS5.4AI score0.00019EPSS

Exploits0References1

ATTACKERKB•added 2026/01/22 4:52 p.m.•1 views

CVE-2025-68866

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in woofer696 Dinatur dinatur allows Stored XSS.This issue affects Dinatur: from n/a through = 1.18...

7.1CVSS5.3AI score0.00019EPSS

Exploits0References2

CVE•added 2026/01/22 4:52 p.m.•3 views

CVE-2025-68866

CVE-2025-68866 affects the WordPress plugin Dinatur (versions up to and including 1.18). The issue is an Stored XSS caused by improper neutralization of input during web page generation, exposing site visitors to injected scripts. The vulnerability is rated with a CVSSv3.1 base score of 7.1 (High...

7.1CVSS5.4AI score0.00019EPSS

Exploits0References1

Vulnrichment•added 2026/01/22 4:52 p.m.•1 views

CVE-2025-68866 WordPress Dinatur plugin <= 1.18 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in woofer696 Dinatur dinatur allows Stored XSS.This issue affects Dinatur: from n/a through = 1.18...

7.1CVSS5.9AI score0.00019EPSS

Exploits0References1

Positive Technologies•added 2026/01/22 12:0 a.m.•2 views

PT-2026-4091

Name of the Vulnerable Software and Affected Versions woofer696 Dinatur versions through 1.18 Description The software contains a flaw related to improper input handling during web page generation, specifically a Stored Cross-site Scripting XSS issue. This allows for the injection of malicious...

5.3AI score0.00019EPSS

Exploits0References3

Patchstack•added 2026/01/21 7:33 a.m.•3 views

WordPress Dinatur plugin <= 1.18 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Dinatur versions = 1.18...

7.1CVSS5.3AI score0.00019EPSS

Exploits0Affected Software1

Tenable Nessus•added 2026/01/20 12:0 a.m.•6 views

MiracleLinux 8 : nginx:1.18 (AXSA:2021-2309:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2309:01 advisory. nginx: Off-by-one in ngxresolvercopy when labels are followed by a pointer to a root domain name CVE-2021-23017 Tenable has extracted the preceding descripti...

7.7CVSS8.3AI score0.73544EPSS

Exploits10References2

ATTACKERKB•added 2026/01/12 6:34 p.m.•5 views

CVE-2026-22200

Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficientl...

8.7CVSS6AI score0.74425EPSS

Exploits3References9Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2004-0967

Malware in sbrugna...

2.1CVSS6AI score0.00122EPSS

Exploits0References9

NVD•added 2025/10/06 10:15 a.m.•2 views

CVE-2025-0609

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Logo Software Inc. Logo Cloud allows Cross-Site Scripting XSS.This issue affects Logo Cloud: before 1.18...

4.7CVSS0.00045EPSS

Exploits0References1

EUVD•added 2025/10/06 9:21 a.m.•1 views

EUVD-2025-32525

4.7CVSS5.4AI score0.00045EPSS

Exploits0References2

Positive Technologies•added 2025/10/06 12:0 a.m.•2 views

PT-2025-40885

Name of the Vulnerable Software and Affected Versions Logo Cloud versions prior to 1.18 Description A flaw exists in Logo Cloud that allows for Cross-Site Scripting XSS. This issue is due to improper neutralization of input during web page generation. The vulnerability could potentially allow an...

4.7CVSS5.8AI score0.00045EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-13745

Malicious code in bioql PyPI...

4.3CVSS6.2AI score0.00084EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-1420

Malicious code in bioql PyPI...

9.1CVSS9.1AI score0.01068EPSS

Exploits0References11