CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

46 matches found

CVE-2025-55449

AstrBotDevs AstrBot 3.5.15 has AdvancedSystemforTextResponseandBotOperationsTool as the hardcoded private key used to sign a JWT...

7.3CVSS5.4AI score0.00012EPSS

Exploits2References1

Cvelist•added 2026/05/08 12:0 a.m.•31 views

CVE-2025-55449

AstrBotDevs AstrBot 3.5.15 has AdvancedSystemforTextResponseandBotOperationsTool as the hardcoded private key used to sign a JWT...

0.00012EPSS

Exploits2References2

ATTACKERKB•added 2026/05/08 12:0 a.m.•4 views

CVE-2025-55449

AstrBotDevs AstrBot 3.5.15 has AdvancedSystemforTextResponseandBotOperationsTool as the hardcoded private key used to sign a JWT...

5.8AI score0.00012EPSS

Exploits2References3

CVE•added 2026/05/08 12:0 a.m.•39 views

CVE-2025-55449

AstrBot 3.5.15 is vulnerable to remote code execution via a hardcoded JWT signing key: Advanced_System_for_Text_Response_and_Bot_Operations_Tool. An attacker can forge a valid admin JWT and upload a malicious plugin through /api/plugin/install-upload, leading to arbitrary command execution (e.g.,...

7.3CVSS5.8AI score0.00012EPSS

Exploits2References2Affected Software1

CNNVD•added 2026/05/08 12:0 a.m.•4 views

AstrBot 安全漏洞

AstrBot is an open-source multi-platform LLM chatbot and development framework created by AstrBot. Version 3.5.15 of AstrBot contains a security vulnerability, which stems from the use of hard-coded private keys for signing JWTs...

7.3CVSS5.8AI score0.00012EPSS

Exploits2References1

Vulnrichment•added 2026/05/08 12:0 a.m.•6 views

CVE-2025-55449

AstrBotDevs AstrBot 3.5.15 has AdvancedSystemforTextResponseandBotOperationsTool as the hardcoded private key used to sign a JWT...

5.8AI score0.00012EPSS

Exploits2References2

RedhatCVE•added 2025/12/17 10:2 a.m.•2 views

CVE-2025-64242

Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through = 3.5.22...

4.3CVSS5.7AI score0.00036EPSS

Exploits0References1

EUVD•added 2025/12/16 9:31 a.m.•1 views

EUVD-2025-203608

4.3CVSS6.5AI score0.00036EPSS

Exploits0References2

NVD•added 2025/12/16 9:15 a.m.•1 views

CVE-2025-64242

4.3CVSS0.00036EPSS

Exploits0References1

Cvelist•added 2025/12/16 8:12 a.m.•26 views

CVE-2025-64242 WordPress Easy Property Listings plugin <= 3.5.22 - Broken Access Control vulnerability

4.3CVSS0.00036EPSS

Exploits0References1

Vulnrichment•added 2025/12/16 8:12 a.m.•1 views

CVE-2025-64242 WordPress Easy Property Listings plugin <= 3.5.22 - Broken Access Control vulnerability

4.3CVSS5.1AI score0.00036EPSS

Exploits0References1

CVE•added 2025/12/16 8:12 a.m.•4 views

CVE-2025-64242

CVE-2025-64242 concerns a Missing Authorization vulnerability in the WordPress plugin Easy Property Listings (versions up to and including 3.5.15). The issue is described as broken access control allowing an attacker with insufficient privileges to access restricted functionality. The CVE's base ...

4.3CVSS5.7AI score0.00036EPSS

Exploits0References1

CNNVD•added 2025/12/16 12:0 a.m.•2 views

WordPress plugin Easy Property Listings 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

4.3CVSS6.4AI score0.00036EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2007-1545

Malware in sbrugna...

4.3CVSS6.4AI score0.00804EPSS

Exploits0References10

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2007-1543

Malware in sbrugna...

6.8CVSS6.4AI score0.00855EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2007-1544

Malware in sbrugna...

7.5CVSS6.4AI score0.01899EPSS

Exploits0References12

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2024-33746

Malicious code in bioql PyPI...

4.3CVSS8.6AI score0.00244EPSS

Exploits0References4

RedhatCVE•added 2025/05/23 9:24 a.m.•3 views

CVE-2024-25637

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interaction...

5.4CVSS6.7AI score0.00821EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 7:53 a.m.•6 views

CVE-2024-24764

October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema october:// allowed external links, therefore allowing an op...

4.8CVSS6.7AI score0.00102EPSS

Exploits0References1

CNNVD•added 2024/11/20 12:0 a.m.•1 views

WordPress plugin PublishPress Revisions 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS8AI score0.00244EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by