CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2189 matches found

Tenable Nessus•added 2025/08/25 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2015-1554

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kgb-bot 1.33-2 allows remote attackers to cause a denial of service crash. CVE-2015-1554 Note that Nessus relies on the presence of the package as reported by t...

7.5CVSS7.2AI score0.0088EPSS

Exploits0References3

The Hacker News•added 2025/08/24 1:38 p.m.•5 views

Malicious Go Module Poses as SSH Brute-Force Tool, Steals Credentials via Telegram Bot

Cybersecurity researchers have discovered a malicious Go module that presents itself as a brute-force tool for SSH but actually contains functionality to discreetly exfiltrate credentials to its creator. "On the first successful login, the package sends the target IP address, username, and passwo...

7.5AI score

Exploits0

RedhatCVE•added 2025/08/22 8:31 a.m.•5 views

CVE-2025-49892

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Uxper Booking uxper-booking allows PHP Local File Inclusion.This issue affects Uxper Booking: from n/a through = 1.3.3...

8.1CVSS5.9AI score0.00158EPSS

Exploits0References1

NVD•added 2025/08/20 8:15 a.m.•4 views

CVE-2025-49892

8.1CVSS0.00158EPSS

Exploits0References1

Vulnrichment•added 2025/08/20 8:3 a.m.•3 views

CVE-2025-49892 WordPress Pending Order Bot plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in badasswp Pending Order Bot allows Stored XSS. This issue affects Pending Order Bot: from n/a through 1.0.2...

5.9CVSS6.9AI score0.00158EPSS

Exploits0References1

CVE•added 2025/08/20 8:3 a.m.•11 views

CVE-2025-49892

CVE-2025-49892 describes an LFI (Local File Inclusion) in the WordPress plugin Uxper Booking (uxper-booking) up to version 1.3.3. The vulnerability arises from improper control of filename handling in PHP include/require statements, allowing an attacker to include local files via crafted input. I...

8.1CVSS5.9AI score0.00158EPSS

Exploits0References1

Cvelist•added 2025/08/20 8:3 a.m.•9 views

CVE-2025-49892 WordPress Uxper Booking Plugin <= 1.3.3 - Local File Inclusion Vulnerability

8.1CVSS0.00158EPSS

Exploits0References1

CNNVD•added 2025/08/20 12:0 a.m.•1 views

WordPress plugin Pending Order Bot 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.1CVSS6AI score0.00158EPSS

Exploits0References2

Positive Technologies•added 2025/08/20 12:0 a.m.•4 views

PT-2025-33960 · WordPress · Badasswp Pending Order Bot

Name of the Vulnerable Software and Affected Versions: badasswp Pending Order Bot versions through 1.0.2 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, leading to a Stored Cross-site Scripting condition. This allows for the injection of...

5.9CVSS6.2AI score0.00158EPSS

Exploits0References3

Krebs on Security•added 2025/08/19 8:51 p.m.•4 views

Oregon Man Charged in ‘Rapper Bot’ DDoS Service

A 22-year-old Oregon man has been arrested on suspicion of operating "Rapper Bot ," a massive botnet used to power a service for launching distributed denial-of-service DDoS attacks against targets -- including a March 2025 DDoS that knocked Twitter/X offline. The Justice Department asserts the...

7.3AI score

Exploits0