CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5096 matches found

Snyk•added 2025/11/30 1:14 p.m.•2 views

Malicious Package

Overview chai-pack is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package. Once...

9.8CVSS7.2AI score

Exploits0References3

GithubExploit•added 2025/11/27 2:23 p.m.•179 views

pickle-scan-bypass-poc

CTF Write-up: BrineBreaker Pickle Scan Evasion Este reposit...

7AI score

Exploits0

GithubExploit•added 2025/11/25 6:27 p.m.•162 views

Reporttool

Reporttool A versatile report and attack tool that can carry o...

7.5AI score

Exploits0

GithubExploit•added 2025/11/24 8:1 p.m.•187 views

Exploit for Authentication Bypass by Capture-replay in Microsoft

cve-2025...

10CVSS7.1AI score0.00898EPSS

Exploits2

Tenable Nessus•added 2025/11/24 12:0 a.m.•5 views

Google Chrome < 126.0.6367.182 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 126.0.6367.182. It is, therefore, affected by multiple vulnerabilities as referenced in the 202407stable-channel-update-for-desktop advisory. - Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182...

9.6CVSS7AI score0.00781EPSS

Exploits10References17

GithubExploit•added 2025/11/21 9:19 p.m.•166 views

Exploit for Authentication Bypass by Capture-replay in Microsoft

cve-2025...

10CVSS7AI score0.00898EPSS

Exploits2

EUVD•added 2025/11/19 5:38 p.m.•3 views

EUVD-2025-198237

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to version 1.35.1, there is potential cross-site scripting on index and tree page. This issue has been patched in version 1.35.1...

9.4CVSS5.6AI score0.00327EPSS

Exploits0References4

GithubExploit•added 2025/11/18 10:19 p.m.•159 views

ctf-toolkit

Bug Bounty Recon Tool 🚀 The Ultimate Bug Bounty Recon Tool...

7AI score

Exploits0

CNVD•added 2025/11/18 12:0 a.m.•4 views

WordPress WP Content Pilot plugin missing license vulnerability

WordPress WP Content Pilot plugin is an automated content capture plugin designed for WordPress that supports grabbing content from multiple platforms e.g. Amazon, Pinterest, Instagram, etc. and posting it to the site automatically. A lack of authorization vulnerability exists in the WordPress WP...

5.4CVSS6.8AI score0.00171EPSS

Exploits0References1

RedhatCVE•added 2025/11/15 12:47 a.m.•9 views

CVE-2025-54346

A Reflected Cross Site Scripting XSS vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information...

7.6CVSS5.9AI score0.00222EPSS

Exploits0References1

EUVD•added 2025/11/14 6:31 p.m.•6 views

EUVD-2025-197628

A Stored Cross Site Scripting XSS vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information...

6.5CVSS5.2AI score0.00144EPSS

Exploits0References4

OSV•added 2025/11/14 6:15 p.m.•5 views

CVE-2025-54346

7.6CVSS5.8AI score0.00222EPSS

Exploits0References2

Vulnrichment•added 2025/11/14 12:0 a.m.•2 views

CVE-2025-54348

5.3AI score0.00144EPSS

Exploits0References2

CNVD•added 2025/11/14 12:0 a.m.•2 views

Rockwell Automation Studio 5000 Simulation Interface Server-Side Request Forgery Vulnerability

Rockwell Automation Studio 5000 Simulation Interface is a simulation modeling tool from Rockwell Automation. The Rockwell Automation Studio 5000 Simulation Interface suffers from a server-side request forgery vulnerability that stems from the server not implementing sufficient authentication...

8.9CVSS5.9AI score0.00149EPSS

Exploits0References1

IBM Security Bulletins•added 2025/11/13 9:30 a.m.•6 views

Security Bulletin: Due to use of Redhat Linux, IBM QRadar Network Packet Capture is vulnerable to a buffer overflow

Summary IBM QRadar Network Packet Capture is bundled with Redhat Linux 8.10. A buffer overflow vulnerability has been addressed CVE-2024-52533 Vulnerability Details CVEID:CVE-2024-52533 DESCRIPTION: gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer...

9.8CVSS7.5AI score0.01263EPSS

Exploits1Affected Software1

OSV•added 2025/11/12 6:26 p.m.•5 views

CVE-2024-45301 ZDI-CAN-24744: Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability

Mintty is a terminal emulator for Cygwin, MSYS, and WSL. In versions 2.3.6 through 3.7.4, several escape sequences can cause the mintty process to access a file in a specific path. It is triggered by simply printing them out on bash. An attacker can specify an arbitrary network path, negotiate an...

5.3CVSS7.1AI score0.00247EPSS

Exploits0References3

NVD•added 2025/11/11 2:15 p.m.•6 views

CVE-2025-11696

A local server-side request forgery SSRF security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB requests, enabling the capture of NTLM hashes...

8.9CVSS0.00149EPSS

Exploits0References1