CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

NVD•added 2026/04/27 11:16 p.m.•2 views

CVE-2026-40971

When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14 per vendor advisory...

9.1CVSS0.00062EPSS

Exploits0References1

Vulnrichment•added 2026/04/27 10:45 p.m.•1 views

CVE-2026-40971

5CVSS5.2AI score0.00062EPSS

Exploits0References1

Snyk•added 2026/04/23 12:0 a.m.•7 views

Improper Validation of Certificate with Host Mismatch

Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch when using an SSL bundle. This effectively weakens TLS by allowing connections without verifying the server identity classic MITM risk. Remediation Upgrade...

9.2CVSS5.4AI score0.00062EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 5:58 a.m.•1 views

CVE-2023-31071

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Yannick Lefebvre Modal Dialog plugin = 3.5.14 versions...

7.1CVSS5.8AI score0.00104EPSS

Exploits0References1

RedhatCVE•added 2025/05/02 5:34 p.m.•6 views

CVE-2025-39413

Missing Authorization vulnerability in David Gwyer Simple Sitemap – Create a Responsive HTML Sitemap simple-sitemap.This issue affects Simple Sitemap – Create a Responsive HTML Sitemap: from n/a through = 3.6.0...

8.8CVSS7.2AI score0.00254EPSS

Exploits0References1

OSV•added 2025/04/30 6:15 p.m.•1 views

CVE-2025-39413

Missing Authorization vulnerability in David Gwyer Simple Sitemap – Create a Responsive HTML Sitemap.This issue affects Simple Sitemap – Create a Responsive HTML Sitemap: from n/a through 3.5.14...

8.8CVSS5.8AI score0.00254EPSS

Exploits0References1

CNNVD•added 2024/10/11 12:0 a.m.•1 views

WordPress plugin PublishPress Revisions 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...

6.1CVSS5.8AI score0.01684EPSS

Exploits0References5

Positive Technologies•added 2024/10/11 12:0 a.m.•2 views

PT-2024-39631 · WordPress · Publishpress Revisions

Name of the Vulnerable Software and Affected Versions: PublishPress Revisions plugin versions up to, and including, 3.5.14 Description: The issue is related to Reflected Cross-Site Scripting, which occurs due to the use of add query arg without proper escaping on the URL. This allows...

6.1CVSS7AI score0.01684EPSS

Exploits0References6

Rosalinux•added 2023/10/21 4:53 p.m.•30 views

Advisory ROSA-SA-2023-2259

software: libxpm 3.5.14 OS: ROSA-CHROME packageevrstring: libxpm-3.5.14-2.src.rpm CVE-ID: CVE-2022-44617 BDU-ID: 2023-00389 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the ParsePixels function of the X Pixmap image file library XPM libXpm is related to insufficient input validation. Exploitation...

8.8CVSS9.1AI score0.00184EPSS

Exploits2

OSV•added 2023/08/17 9:15 a.m.•0 views

CVE-2023-31071

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Yannick Lefebvre Modal Dialog plugin = 3.5.14 versions...

6.1CVSS7.3AI score0.00104EPSS

Exploits0References1

Cvelist•added 2023/08/17 8:41 a.m.•16 views

CVE-2023-31071 WordPress Modal Dialog Plugin <= 3.5.14 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Yannick Lefebvre Modal Dialog plugin = 3.5.14 versions...

7.1CVSS6.3AI score0.00104EPSS

Exploits0References1

FreeBSD•added 2023/01/17 12:0 a.m.•29 views

libXpm -- Issues handling XPM files

The X.Org project reports: CVE-2022-46285: Infinite loop on unclosed comments When reading XPM images from a file with libXpm 3.5.14 or older, if a comment in the file is not closed i.e. a C-style comment starts with "/" and is missing the closing "/", the ParseComment function will loop forever...

8.8CVSS8.2AI score0.00184EPSS

Exploits2References1

OSV•added 2020/12/08 1:15 a.m.•1 views

UBUNTU-CVE-2020-25628

The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14...

6.1CVSS6.8AI score0.00249EPSS

Exploits0References4

OSV•added 2020/12/08 1:15 a.m.•0 views

UBUNTU-CVE-2020-25630

A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. This affects versions 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported...

7.5CVSS6.7AI score0.00497EPSS

Exploits0References3

Positive Technologies•added 2020/10/15 12:0 a.m.•5 views

PT-2020-16139 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle versions 3.5 to 3.5.13 Moodle versions 3.7 to 3.7.7 Moodle versions 3.8 to 3.8.4 Moodle versions 3.9 to 3.9.1 Description: A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available...

9.8CVSS5.9AI score0.39399EPSS

Exploits19References102

Positive Technologies•added 2020/10/15 12:0 a.m.•5 views

PT-2020-16138 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle versions 3.5 through 3.5.13 Moodle versions 3.7 through 3.7.7 Moodle versions 3.8 through 3.8.4 Moodle versions 3.9 through 3.9.1 Description: A vulnerability was found in Moodle where users with Log in as capability in a course contex...

9.8CVSS6.1AI score0.39399EPSS

Exploits19References102