CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1080 matches found

EUVD•added 2025/10/21 8:3 p.m.•4 views

EUVD-2025-35261

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 21.0.8 and 25; Oracle GraalVM for JDK: 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15...

3.7CVSS4.8AI score0.00322EPSS

Exploits0References1

CNVD•added 2025/10/21 12:0 a.m.•2 views

WordPress Lisfinity Core plugin elevation of privilege vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in the WordPress Lisfinity Core plugin, which stems from assigning the editor role by default and not restricting API usage, no...

7.3CVSS7.2AI score0.00208EPSS

Exploits0References1

Cvelist•added 2025/10/20 7:55 p.m.•14 views

CVE-2025-8053 Insufficient access control vulnerability has been discovered in Opentext Flipper.

Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges. This issue affects Flipper: 3.1....

1CVSS0.00247EPSS

Exploits0References1

OSV•added 2025/10/17 9:15 p.m.•2 views

CVE-2025-62647

The Restaurant Brands International RBI assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed AWS upload URL, for any store's path...

5.8CVSS5.8AI score0.00343EPSS

Exploits1References5

Cvelist•added 2025/10/17 2:17 a.m.•8 views

CVE-2025-6893

An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in broken access control has been identified in the /api/v1/setting/data endpoint of the affected device. This flaw allows a low-privileged authenticated user to ca...

9.3CVSS0.00623EPSS

Exploits0References1

OSV•added 2025/10/16 6:15 p.m.•3 views

DEBIAN-CVE-2025-61908

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that allows specifying a...

6.5CVSS5.3AI score0.00487EPSS

Exploits0References1

OSV•added 2025/10/16 6:15 p.m.•2 views

UBUNTU-CVE-2025-61908

7.1CVSS5.8AI score0.00487EPSS

Exploits0References9

CVE•added 2025/10/16 5:11 p.m.•22 views

CVE-2025-61907

CVE-2025-61907 affects Icinga 2. Versions 2.4–2.15.0 allow authenticated API users to exploit filter expressions on /v1/objects endpoints to access variables and objects that should be restricted by permissions. The root cause is improper exposure of hidden data through filter evaluation, enablin...

7.1CVSS5.9AI score0.00365EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2025/10/13 5:29 a.m.•3 views

CVE-2025-62292

In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users can query the /api/v2/users-management/users endpoint and obtain user fields intended for administrators only, including the email addresses of other accounts...

4.3CVSS6.7AI score0.00205EPSS

Exploits0References1

EUVD•added 2025/10/09 6:30 p.m.•4 views

EUVD-2025-33367

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the API Access Profiles page that, when visited by another user, enables the attacker to execute commands with the target...

6.1CVSS6.5AI score0.00214EPSS

Exploits0References2

OSV•added 2025/10/09 5:16 p.m.•2 views

CVE-2025-59999

5.1CVSS6AI score0.00214EPSS

Exploits0References1

CVE•added 2025/10/09 4:16 p.m.•16 views

CVE-2025-59999

CVE-2025-59999 affects Juniper Networks Junos Space; the issue is an Improper Neutralization of Input During Web Page Generation (XSS) that allows an attacker to inject script tags into the API Access Profiles page. When other users visit the page, the attacker may execute commands with the targe...

6.1CVSS6.5AI score0.00214EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/10/09 4:16 p.m.•1 views

CVE-2025-59999 Junos Space: API Access Profiles page is vulnerable to reflected cross-site script injection

6.1CVSS6.5AI score0.00214EPSS

Exploits0References1

Positive Technologies•added 2025/10/09 12:0 a.m.•3 views

PT-2025-41435

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos Space versions prior to 24.1R4 Description An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' issue exists in Juniper Networks Junos Space. This allows an attacker to inject script tags...

6.1CVSS6.9AI score0.00214EPSS

Exploits0References4

RedhatCVE•added 2025/10/08 6:18 p.m.•7 views

CVE-2025-27236

A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to...

6.5CVSS6.8AI score0.00342EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-22845

Malware in sbrugna...

8.8CVSS8.6AI score0.01046EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-10283

Malware in sbrugna...

7.8CVSS5.7AI score0.00423EPSS

Exploits0References3