CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/26 9:16 p.m.•15 views

CVE-2026-44451

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals fetch, window, eval, etc. with undefined. A static source validator...

9.3CVSS0.0023EPSS

NVD•added 2026/05/25 3:16 p.m.•11 views

CVE-2018-25363

Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can create hidden forms targeting tweetdel.php with tweet IDs and automatically submit them to delete arbitrary posts from...

5.3CVSS0.00199EPSS

ATTACKERKB•added 2026/05/25 2:15 p.m.•7 views

CVE-2018-25363

Exploits0References3Affected Software1

Vulnrichment•added 2026/05/25 2:15 p.m.•6 views

CVE-2018-25363 Twitter-Clone 1 Cross-Site Request Forgery via tweetdel.php

EUVD•added 2026/05/25 2:15 p.m.•7 views

EUVD-2018-21887

Cvelist•added 2026/05/25 2:15 p.m.•21 views

CVE-2018-25363 Twitter-Clone 1 Cross-Site Request Forgery via tweetdel.php

5.3CVSS0.00199EPSS

CVE•added 2026/05/25 2:15 p.m.•15 views

CVE-2018-25363

CVE-2018-25363 – Twitter-Clone 1 CSRF : The vulnerability allows remote attackers to coerce authenticated users into deleting posts by crafting hidden HTML forms targeting tweetdel.php with tweet IDs and auto-submitting them. The issue arises from a cross-site request forgery that can delete arbi...

Positive Technologies•added 2026/05/25 12:0 a.m.•7 views

PT-2026-43216

CNNVD•added 2026/05/09 12:0 a.m.•6 views

Exploits0References4

Linkwarden 跨站脚本漏洞

Linkwarden is a self-hosted collaborative bookmark manager developed by Linkwarden OpenSource. Versions of Linkwarden 2.14.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the archive upload endpoint accepting HTML files without cleaning JavaScript...

8.8CVSS5.8AI score0.00458EPSS

ATTACKERKB•added 2026/05/08 11:10 p.m.•3 views

CVE-2026-42455

Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In versions 2.14.0 and prior, the archive upload endpoint POST /api/v1/archives/linkId?format=4 accepts HTML files text/html without sanitizing JavaScript content. When the archive i...

8.8CVSS6AI score0.00458EPSS

Exploits0References2Affected Software1

Snyk•added 2026/05/05 1:33 p.m.•5 views

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization in the browser interaction routes process. An attacker can access unauthorized internal or external resources by bypassing policy enforcement through existing...

7.7CVSS5.8AI score0.00253EPSS

Exploits0References2

EUVD•added 2026/04/24 12:31 a.m.•4 views

EUVD-2026-25348

A vulnerability exists in SenseLive X3050’s web management interface due to improper session lifetime enforcement, allowing authenticated sessions to remain active for extended periods without requiring re-authentication. An attacker with access to a previously authenticated session could continu...

6.9CVSS5.8AI score0.00234EPSS

Exploits0References4

CNNVD•added 2026/04/24 12:0 a.m.•5 views

SenseLive X3050 代码问题漏洞

The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a code vulnerability that stems from improper execution of the Web management interface’s session lifecycle. This issue allows authenticated...

6.9CVSS6AI score0.00234EPSS

ATTACKERKB•added 2026/04/23 11:48 p.m.•2 views

CVE-2026-25720

6.9CVSS5.8AI score0.00234EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/04/23 11:48 p.m.•26 views

CVE-2026-25720 SenseLive X3050 Insufficient session expiration

6.9CVSS0.00234EPSS