CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

75 matches found

CVE•added 2026/05/05 7:44 p.m.•3 views

CVE-2026-40329

Masa CMS is affected by a SQL injection in the beanFeed.cfc component (getQuery handling of the sortBy parameter) in versions 7.5.2 and earlier. The vulnerability arises from insufficient sanitization/parameterization of sortBy, allowing an unauthenticated remote attacker to execute arbitrary SQL...

9.3CVSS6AI score0.00163EPSS

Exploits0References1

ATTACKERKB•added 2026/03/26 8:4 p.m.•2 views

CVE-2026-33644

Lychee is a free, open-source photo-management tool. Prior to version 7.5.2, the SSRF protection in PhotoUrlRule.php can be bypassed using DNS rebinding. The IP validation check line 86-89 only activates when the hostname is an IP address. When a domain name is used, filtervar$host,...

2.3CVSS5.8AI score0.0004EPSS

Exploits1References3Affected Software1

Positive Technologies•added 2026/03/26 12:0 a.m.•3 views

PT-2026-28504

Name of the Vulnerable Software and Affected Versions Lychee versions prior to 7.5.2 Description Lychee is a free, open-source photo-management tool. Prior to version 7.5.2, the Server-Side Request Forgery SSRF protection in PhotoUrlRule.php could be bypassed using DNS rebinding. The IP validatio...

2.3CVSS5.8AI score0.0004EPSS

Exploits1References4

OSV•added 2026/01/16 10:0 p.m.•5 views

CVE-2026-23745 node-tar Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization

node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...

8.2CVSS6.8AI score0.00011EPSS

Exploits2References4

RedhatCVE•added 2025/11/05 6:54 a.m.•1 views

CVE-2025-64118

node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...

6.1CVSS6.4AI score0.00005EPSS

Exploits0References1

EUVD•added 2025/10/30 5:50 p.m.•2 views

EUVD-2025-37038

6.1CVSS6.1AI score0.00005EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-18053

Malware in sbrugna...

10CVSS9.5AI score0.03579EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-18054

Malware in sbrugna...

7.5CVSS7.6AI score0.003EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-17127

Malicious code in bioql PyPI...

8.5CVSS6.6AI score0.00253EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•6 views

EUVD-2025-11979

Malicious code in bioql PyPI...

8.2CVSS7.4AI score0.00625EPSS

Exploits0References5

OSV•added 2025/09/09 5:15 p.m.•1 views

CVE-2025-47579

Deserialization of Untrusted Data vulnerability in ThemeGoods Photography. This issue affects Photography: from n/a through 7.5.2...

8.1CVSS5.8AI score

Exploits0References1

NVD•added 2025/09/09 5:15 p.m.•1 views

CVE-2025-47579

Deserialization of Untrusted Data vulnerability in ThemeGoods Photography photography allows Object Injection.This issue affects Photography: from n/a through = 7.7.2...

9CVSS0.00101EPSS

Exploits0References1

Positive Technologies•added 2025/09/09 12:0 a.m.•2 views

PT-2025-36764

Name of the Vulnerable Software and Affected Versions: ThemeGoods Photography versions n/a through 7.5.2 Description: The software is susceptible to deserialization of untrusted data. Recommendations: Update ThemeGoods Photography to a version later than 7.5.2...

9CVSS5.4AI score0.00101EPSS

Exploits0References5

RedhatCVE•added 2025/06/08 11:58 a.m.•3 views

CVE-2025-47584

Deserialization of Untrusted Data vulnerability in ThemeGoods Photography.This issue affects Photography: from n/a through 7.5.2...

8.5CVSS7.2AI score0.00253EPSS

Exploits0References1

NVD•added 2025/06/06 12:15 p.m.•6 views

CVE-2025-47584

Deserialization of Untrusted Data vulnerability in ThemeGoods Photography.This issue affects Photography: from n/a through 7.5.2...

8.5CVSS0.00253EPSS

Exploits0References1

CVE•added 2025/06/06 11:45 a.m.•41 views

CVE-2025-47584

WordPress Photography Theme

8.5CVSS7AI score0.00253EPSS

Exploits0References1Affected Software1

CNNVD•added 2025/06/06 12:0 a.m.•1 views

WordPress plugin Photography 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

8.5CVSS7AI score0.00253EPSS

Exploits0References1

CNNVD•added 2025/05/07 12:0 a.m.•2 views

WordPress plugin PeproDev Ultimate Profile Solutions 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An authorization issue vulnerabilit...

8.2CVSS8.4AI score0.00409EPSS

Exploits0References3

CNNVD•added 2025/05/07 12:0 a.m.•1 views

WordPress plugin PeproDev Ultimate Profile Solutions 授权问题漏洞

5.3CVSS6.4AI score0.00297EPSS

Exploits0References5

NVD•added 2025/04/25 1:15 a.m.•10 views

CVE-2025-43865

React Router is a router for React. In versions on the 7.0 branch prior to version 7.5.2, it's possible to modify pre-rendered data by adding a header to the request. This allows to completely spoof its contents and modify all the values of the data object passed to the HTML. This issue has bee...

8.2CVSS0.00625EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by