CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

730 matches found

CNNVD•added 2025/10/25 12:0 a.m.•4 views

WordPress plugin Real Cookie Banner 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

6.8CVSS6.7AI score0.00358EPSS

Exploits0References8

CNNVD•added 2025/10/25 12:0 a.m.•3 views

WSO2 API Manager 安全漏洞

WSO2 API Manager is a suite of API lifecycle management solutions from US-based WSO2. A security vulnerability exists in WSO2 API Manager that stems from the Try-It feature not properly validating user-supplied URLs, which could lead to server-side request forgery and reflective cross-site...

5.9CVSS6.1AI score0.00583EPSS

Exploits0References2

Snyk•added 2025/10/16 9:30 a.m.•2 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the IsValidWebAuthRedirectURL function. An attacker can obtain sensitive information such as Cloud API keys and OAuth client secrets by analyzing response times during authentication attempts. Remediation Upgrade...

3.7CVSS6.7AI score0.00246EPSS

Exploits0References2

Positive Technologies•added 2025/10/13 12:0 a.m.•6 views

PT-2025-41801

Name of the Vulnerable Software and Affected Versions Mattermost Desktop App versions through 5.13.0 Description The Mattermost Desktop App does not properly validate URLs originating from outside the configured Mattermost servers. This allows a malicious server to cause the application to crash ...

3.5CVSS6.6AI score0.0027EPSS

Exploits0References5

Positive Technologies•added 2025/10/11 12:0 a.m.•6 views

PT-2025-41647

Name of the Vulnerable Software and Affected Versions CM Registration – Tailored tool for seamless login and invitation-based registrations plugin for WordPress versions through 2.5.6 Description The software is susceptible to an Open Redirect issue because of inadequate validation of the redirec...

4.7CVSS6.6AI score0.00193EPSS

Exploits0References6

RedhatCVE•added 2025/10/10 1:31 a.m.•4 views

CVE-2025-0038

In AMD Zynq UltraScale+ devices, the lack of address validation when executing CSU runtime services through the PMU Firmware can allow access to isolated or protected memory spaces resulting in the loss of integrity and confidentiality...

6.6CVSS6.9AI score0.00115EPSS

Exploits0References1