CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ERPNEXT v15.67.0 was discovered to contain multiple SQL injection vulnerabilities in the /api/method/frappe.desk.reportview.get endpoint via the orderby and groupby parameters...

6.5CVSS0.00288EPSS

Exploits1References2

OSV•added 2025/10/02 2:15 p.m.•4 views

CVE-2025-56381

ERPNEXT v15.67.0 was discovered to contain multiple SQL injection vulnerabilities in the /api/method/frappe.desk.reportview.get endpoint via the orderby and groupby parameters...

6.5CVSS8.5AI score0.00288EPSS

Exploits1References2

Snyk•added 2025/10/02 12:31 p.m.•3 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the /api/user/updateuser endpoint. An attacker can gain unauthorized access by exploiting this endpoint to bypass authentication mechanisms. Remediation Upgrade...

9.3CVSS7.3AI score0.0125EPSS

Exploits0References2

Positive Technologies•added 2025/09/30 12:0 a.m.•3 views

PT-2025-40039

An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/schemaId endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed...

6.9CVSS7AI score0.00299EPSS

Exploits0References6

NVD•added 2025/09/25 7:15 p.m.•3 views

CVE-2025-29156

Cross Site Scripting vulnerability in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via a crafted script to the /api/v3/pet...

6.1CVSS0.0035EPSS

Exploits0References3

OSV•added 2025/09/25 7:15 p.m.•4 views

CVE-2025-29156

Cross Site Scripting vulnerability in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via a crafted script to the /api/v3/pet...

6.1CVSS6.1AI score0.0035EPSS

Exploits0References3

CNNVD•added 2025/09/24 12:0 a.m.•3 views

Flag Forge 信息泄露漏洞

Flag Forge is an easy-to-use CTF platform open-sourced by FlagForge. An information disclosure vulnerability exists in Flag Forge versions 2.1.0 through prior to 2.3.0, which stems from an API endpoint where GET /api/problems/:id returns a challenge prompt in plaintext, which could lead to...

7.5CVSS6AI score0.00323EPSS

Exploits0References2

Veracode•added 2025/09/16 11:34 a.m.•5 views

Improper Authorization

github.com/mattermost/mattermost-server is vulnerable to Improper Authorization. The vulnerability is due to insufficient validation of authorization for team scheme role modifications, which allows an attacker Team Admins to demote Team Members to Guests via the affected API endpoint...

3.8CVSS6.7AI score0.00189EPSS

Exploits0References5Affected Software4

Snyk•added 2025/09/16 12:30 a.m.•4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the externalReferenceCode parameter in the /o/c/ API endpoint. An attacker can execute arbitrary web scripts or inject malicious HTML by supplying crafted input. Details Cross-site scripting or XSS is a code...

6.1CVSS5.5AI score0.00243EPSS

Exploits0References2