CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1270 matches found

Cvelist•added 2025/10/16 8:17 a.m.•8 views

CVE-2025-54499 Insecure string comparison enables timing attacks

Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets...

3.1CVSS0.00246EPSS

Exploits0References1

Vulnrichment•added 2025/10/14 5:24 a.m.•5 views

CVE-2025-10732 SureForms – Drag and Drop Form Builder for WordPress <= 1.12.1 - Missing Authorization to Authenticated (Contributor+) Information Disclosure

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.12.1. This is due to improper access control implementation on the '/wp-json/sureforms/v1/srfm-global-settings' REST API endpoint...

4.3CVSS4.8AI score0.00232EPSS

Exploits0References4

The Hacker News•added 2025/10/09 11:30 a.m.•3 views

SaaS Breaches Start with Tokens - What Security Teams Must Watch

Token theft is a leading cause of SaaS breaches. Discover why OAuth and API tokens are often overlooked and how security teams can strengthen token hygiene to prevent attacks. Most companies in 2025 rely on a whole range of software-as-a-service SaaS applications to run their operations. However,...

7.4AI score

Exploits0

CNNVD•added 2025/10/09 12:0 a.m.•4 views

BBOT 安全漏洞

BBOT is a recursive Internet scanner open-sourced by Black Lantern Security. BBOT suffers from a security vulnerability that stems from a maliciously formatted git URL that could lead to the disclosure of GitLab API keys to an attacker-controlled server...

4.7CVSS6.3AI score0.00208EPSS

Exploits0References2

CNNVD•added 2025/10/09 12:0 a.m.•3 views

BBOT 安全漏洞

BBOT is a recursive Internet scanner open-sourced by Black Lantern Security. BBOT suffers from a security vulnerability that originates in the gitclone module, where a maliciously formatted git URL could lead to the disclosure of GitHub API keys to an attacker-controlled server...

4.7CVSS6.2AI score0.00208EPSS

Exploits0References2

OSV•added 2025/10/07 8:15 p.m.•1 views

CVE-2025-44823

Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/getusers call. This is GL:NLS475...

8.8CVSS5.8AI score0.15568EPSS

Exploits2References2

NVD•added 2025/10/07 8:15 p.m.•6 views

CVE-2025-44823

Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/getusers call. This is GL:NLS475...

9.9CVSS0.15568EPSS

Exploits2References2