CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

184 matches found

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в mariadb-10.3

Vulnerability in the MySQL Server product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to...

4.9CVSS6.7AI score0.00287EPSS

Exploits0References2

Patchstack•added 2026/04/15 3:37 a.m.•2 views

WordPress Nexi XPay plugin <= 8.3.0 - Missing Authorization to Unauthenticated Order Status Modification vulnerability

Missing Authorization to Unauthenticated Order Status Modification vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Nexi XPay versions = 8.3.0...

5.3CVSS5.8AI score0.00072EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/04/14 7:23 p.m.•1 views

CVE-2025-63743

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is execut...

5.4CVSS5.9AI score0.0001EPSS

Exploits1References1

NVD•added 2026/04/13 4:16 p.m.•0 views

CVE-2025-63743

5.4CVSS0.0001EPSS

Exploits1References4

Positive Technologies•added 2026/04/13 12:0 a.m.•1 views

PT-2026-32381

5.9AI score0.0001EPSS

Exploits1References5

CNNVD•added 2026/04/13 12:0 a.m.•1 views

Snipe-IT 安全漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT from v8.3.0 to v8.3.1 contain security vulnerabilities. These vulnerabilities stem from insufficient input validation for the Name and Surname fields, which may lead to cross-site...

5.4CVSS5.6AI score0.0001EPSS

Exploits1References5

CVE•added 2026/04/13 12:0 a.m.•1 views

CVE-2025-63743

Snipe-IT web-based asset management system (v8.3.0–v8.3.1) is affected by an authenticated stored XSS: an attacker with login privileges can inject JavaScript via the Name/Surname fields, executed when the Activity Report or a profile is viewed if Display Name is not set. The issue is fixed in v8...

5.4CVSS5.9AI score0.0001EPSS

Exploits1References4

CBLMariner•added 2026/02/09 11:37 p.m.•2 views

CVE-2026-22693 affecting package harfbuzz for versions less than 8.3.0-4

CVE-2026-22693 affecting package harfbuzz for versions less than 8.3.0-4. A patched version of the package is available...

5.3CVSS5.5AI score0.00089EPSS

Exploits1

CNNVD•added 2026/01/07 12:0 a.m.•1 views

Bio-Formats 代码问题漏洞

Bio-Formats is an Open Microscopy Environment open source Java library for reading and writing various microscopy imaging proprietary file formats. A code issue vulnerability exists in Bio-Formats 8.3.0 and prior versions that stems from an XML external entity vulnerability in the Leica...

7.1CVSS6.6AI score0.00034EPSS

Exploits0References3