CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

97 matches found

CNNVD•added 2026/05/07 12:0 a.m.•5 views

VMware Spring Cloud Config 路径遍历漏洞

VMware Spring Cloud Config is a configuration management solution for distributed systems developed by VMware, Inc. This product provides server and client support for external configurations in distributed systems. VMware Spring Cloud Config has a path traversal vulnerability, which stems from t...

9.1CVSS5.8AI score0.00143EPSS

Exploits0References1

CVE•added 2026/01/06 3:52 p.m.•5 views

CVE-2020-36912

Plexus anblick Digital Signage Management 3.1.13 suffers an open redirect in the PantallaLogin script, exploited by manipulating the pagina GET parameter due to improper input validation. This allows redirection to arbitrary websites; CVE-2020-36912 details network-based impact with high severity...

9.8CVSS6.5AI score0.00061EPSS

Exploits1References5

CNNVD•added 2026/01/06 12:0 a.m.•1 views

Plexus anblick 输入验证错误漏洞

Plexus anblick is a digital signage management software from Plexus USA. An input validation error vulnerability exists in Plexus anblick version 3.1.13, which stems from an open redirection vulnerability in the PantallaLogin script that could result in a user being redirected to an arbitrary...

9.8CVSS6.8AI score0.00061EPSS

Exploits1References5

RedhatCVE•added 2025/12/04 3:36 p.m.•3 views

CVE-2025-13401

The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LCP Image to preload metabox in all versions up to, and including, 3.1.13 due to insufficient input sanitization and output escaping on user-supplied image attributes in the "createimgpreloadtag" function...

6.4CVSS5AI score0.00034EPSS

Exploits0References1

NVD•added 2025/12/03 2:15 p.m.•4 views

CVE-2025-13401

6.4CVSS0.00034EPSS

Exploits0References2

CVE•added 2025/12/03 1:52 p.m.•13 views

CVE-2025-13401

CVE-2025-13401 : Autoptimize for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to 3.1.13 due to insufficient input sanitization and output escaping in create_img_preload_tag. Exploitation requires authenticated access at Contributor level or higher, allowing injection of s...

6.4CVSS4.7AI score0.00034EPSS

Exploits0References2

EUVD•added 2025/12/03 1:52 p.m.•3 views

EUVD-2025-200973

6.4CVSS4.6AI score0.00034EPSS

Exploits0References3

Cvelist•added 2025/12/03 1:52 p.m.•14 views

CVE-2025-13401 Autoptimize <= 3.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS0.00034EPSS

Exploits0References2

Positive Technologies•added 2025/12/03 12:0 a.m.•5 views

PT-2025-48810

6.4CVSS5AI score0.00034EPSS

Exploits0References3

RedhatCVE•added 2025/10/18 12:44 a.m.•2 views

CVE-2025-59303

HAProxy Kubernetes Ingress Controller before 3.1.13, when the config-snippets feature flag is used, accepts config snippets from users with create/update permissions. This can result in obtaining an ingress token secret as a response. The fixed versions of HAProxy Enterprise Kubernetes Ingress...

6.4CVSS6.8AI score0.00002EPSS

Exploits0References1

Snyk•added 2025/10/08 12:0 a.m.•1 views

Incomplete Filtering of Special Elements

Overview Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements in the config-snippets feature flag. An attacker can access sensitive environment variables, including the Kubernetes service account token secret, by injecting arbitrary HAProxy directives. Note...

8.5CVSS6.9AI score0.00002EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-1235