CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1183 matches found

EUVD•added 2025/11/05 12:0 a.m.•4 views

EUVD-2025-37926

exclusively-hosted-service A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the context of other users' sessions. This can be exploited to access administrativ...

9.1CVSS5.3AI score0.00319EPSS

Exploits1References3

CVE•added 2025/10/30 4:26 a.m.•18 views

CVE-2025-12475

The CVE-2025-12475 entry refers to the WordPress Blocksy Companion plugin. A stored Cross-Site Scripting vulnerability exists in all versions up to and including 2.1.14 via the blocksy_newsletter_subscribe shortcode, caused by insufficient input sanitization and output escaping on user-supplied a...

6.4CVSS4.7AI score0.00167EPSS

Exploits0References2

NVD•added 2025/10/28 4:15 p.m.•7 views

CVE-2025-56399

alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution RCE through a crafted file upload. A file with a '.png extension containing PHP code can be uploaded via the file manager interface. Although the upload appears to fail client-side...

8.8CVSS0.00502EPSS

Exploits1References2

Cvelist•added 2025/10/28 2:58 p.m.•4 views

CVE-2025-36085 Multiple Vulnerabilities in IBM Concert Software.

IBM Concert 1.0.0 through 2.0.0 Software is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

5.4CVSS0.00146EPSS

Exploits0References1

Vulnrichment•added 2025/10/25 6:49 a.m.•3 views

CVE-2025-11893 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.8.4 - Authenticated (Subscriber+) SQL Injection

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to SQL Injection via the donationids parameter in all versions up to, and including, 1.8.8.4 due to insufficient escaping on the user supplied parameter and lack of...

8.8CVSS6.1AI score0.00345EPSS

Exploits0References3

Cvelist•added 2025/10/18 6:42 a.m.•8 views

CVE-2025-11510 FileBird <= 6.4.9 - Improper Authorization to Authenticated (Author+) Settings Reset

The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /filebird/v1/fb-wipe-clear-all-data function in all versions up to, and including, 6.4.9. This makes it possible for...

4.3CVSS0.00234EPSS

Exploits0References2

Vulnrichment•added 2025/10/15 8:26 a.m.•4 views

CVE-2025-10056 Task Scheduler <= 1.6.3 - Authenticated (Admin+) Blind Server-Side Request Forgery

The Task Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.3 via the “Check Website” task. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations...

4.4CVSS5.4AI score0.00217EPSS

Exploits0References2

Tenable Nessus•added 2025/10/15 12:0 a.m.•3 views

F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K000156801)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.8 / 16.1.6.1 / 17.1.3 / 17.5.1.3. It is, therefore, affected by a vulnerability as referenced in the K000156801 advisory. A directory traversal vulnerability exists in the BIG-IP Configuration utility that allows a...

6.9CVSS5.6AI score0.01085EPSS

Exploits0References2

Positive Technologies•added 2025/10/14 12:0 a.m.•2 views

PT-2025-42175

Name of the Vulnerable Software and Affected Versions Flowise versions 3.0.1 through 3.0.7 Flowise versions 3.0.8 and later with 'ALLOW BUILTIN DEP' enabled Description The software contains an authenticated remote code execution issue and a node VM sandbox escape. This is due to insecure use of...

8.4CVSS7.8AI score0.05993EPSS

Exploits1References6

Tenable Nessus•added 2025/10/14 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2025-39664

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient escaping in the report scheduler within Checkmk 2.4.0p13, 2.3.0p38, 2.2.0p46 and 2.1.0 EOL allows authenticated attackers to define the storage...

7.1CVSS5.5AI score0.00632EPSS

Exploits1References2

NVD•added 2025/10/08 5:15 a.m.•3 views

CVE-2025-11204

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 6.0.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.2CVSS0.00374EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2019-6255

Malware in sbrugna...

8CVSS7.9AI score0.00578EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2017-17421

Malware in sbrugna...

5CVSS6.7AI score0.03591EPSS

Exploits3References6