CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

798 matches found

CVE•added 2025/10/29 6:45 a.m.•11 views

CVE-2023-7320

The CVE affects the WordPress WooCommerce plugin; versions up to 7.8.2 expose store API REST endpoints due to improper CORS handling, enabling unauthenticated access to sensitive user data (PII) from any origin. This vulnerability is caused by misconfigured Cross-Origin Resource Sharing on the St...

5.3CVSS5.7AI score0.00277EPSS

Exploits0References3

Tenable Nessus•added 2025/10/28 12:0 a.m.•4 views

Siemens Industrial Edge Devices Weak Authentication (CVE-2024-54092)

Affected devices do not properly enforce user authentication on specific API endpoints when identity federation is used. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that identity federati...

9.8CVSS6.1AI score0.00675EPSS

Exploits0References5

CVE•added 2025/10/27 7:46 p.m.•22 views

CVE-2025-62516

CVE-2025-62516 entry rejected; not an active vulnerability.

6.3AI score

Exploits0

EUVD•added 2025/10/27 12:30 a.m.•4 views

EUVD-2025-35952

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.7 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to create a denial of service condition by uploading large files to specific API endpoints...

6.5CVSS6.4AI score0.00321EPSS

Exploits0References4

OSV•added 2025/10/27 12:5 a.m.•3 views

CVE-2025-11974 Allocation of Resources Without Limits or Throttling in GitLab

6.5CVSS6.5AI score0.00321EPSS

Exploits0References5

CVE•added 2025/10/27 12:5 a.m.•18 views

CVE-2025-11974

GitLab CVE-2025-11974 affects GitLab CE/EE versions 11.7 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1. The issue allows an unauthenticated attacker to cause a denial-of-service by uploading large files to specific API endpoints. Affected releases have been remediated via patches: Git...

6.5CVSS6.5AI score0.00321EPSS

Exploits0References2Affected Software1

Cvelist•added 2025/10/27 12:5 a.m.•10 views

CVE-2025-11974 Allocation of Resources Without Limits or Throttling in GitLab

6.5CVSS0.00321EPSS

Exploits0References2

Debian CVE•added 2025/10/27 12:5 a.m.•5 views

CVE-2025-11974

Removed by vendor...

6.5CVSS5.8AI score0.00321EPSS

Exploits0

Snyk•added 2025/10/24 3:27 p.m.•2 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the /api/v1/secret, and /api/v1/service endpoints. An attacker can retrieve sensitive cluster information by sending unauthenticated requests directly to exposed API paths. Workaround Thi...

8.7CVSS6.8AI score0.00607EPSS

Exploits0References3

Positive Technologies•added 2025/10/22 12:0 a.m.•3 views

PT-2025-43139

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 11.7 through 18.3.5 GitLab CE/EE versions 18.4 through 18.4.3 GitLab CE/EE versions 18.5 through 18.5.1 Description An unauthenticated attacker could create a denial of service condition by uploading large files to specif...

6.8CVSS6.7AI score0.00321EPSS

Exploits0References10