CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5096 matches found

NVD•added 2025/09/24 9:15 p.m.•19 views

CVE-2025-59833

Flag Forge is a Capture The Flag CTF platform. In versions from 2.1.0 to before 2.3.0, the API endpoint GET /api/problems/:id returns challenge hints in plaintext within the question object, regardless of whether the user has unlocked them via point deduction. Users can view all hints for free,...

7.5CVSS0.00323EPSS

Exploits0References1

CVE•added 2025/09/24 8:25 p.m.•14 views

CVE-2025-59833

Flag Forge CTI platform vulnerable versions 2.1.0–2.2.9 expose hints in plaintext within the GET /api/problems/:id response, revealing unreleased hints regardless of deduction. This information disclosure undermines business logic and challenge integrity. The issue is patched in version 2.3.0. Re...

7.5CVSS6.4AI score0.00323EPSS

Exploits0References1Affected Software1

OSV•added 2025/09/24 8:25 p.m.•10 views

CVE-2025-59833 FlagForgeCTF Hint Exposure via API

7.5CVSS6.7AI score0.00323EPSS

Exploits0References3

CVE•added 2025/09/24 8:23 p.m.•16 views

CVE-2025-59827

Flag Forge CT F Platform, version 2.1.0, exposes a privilege escalation risk via /api/admin/assign-badge due to missing access control, allowing any authenticated user to self-assign high-privilege badges (e.g., Staff) and impersonate admins. The issue is mitigated by upgrading to version 2.2.0, ...

9.8CVSS6.5AI score0.00342EPSS

Exploits0References1Affected Software1

NVD•added 2025/09/23 9:15 p.m.•4 views

CVE-2025-59826

Flag Forge is a Capture The Flag CTF platform. In version 2.1.0, non-admin users can create arbitrary challenges, potentially introducing malicious, incorrect, or misleading content. This issue has been patched in version 2.2.0...

7.6CVSS0.00215EPSS

Exploits0References1

OSV•added 2025/09/23 8:26 p.m.•4 views

CVE-2025-59826 FlagForgeCTF Vulnerable to Unauthorized Problem Creation

7.6CVSS7AI score0.00215EPSS

Exploits0References3

Cvelist•added 2025/09/23 8:26 p.m.•8 views

CVE-2025-59826 FlagForgeCTF Vulnerable to Unauthorized Problem Creation

7.6CVSS0.00215EPSS

Exploits0References1

CVE•added 2025/09/23 8:26 p.m.•14 views

CVE-2025-59826

Flag Forge CT F platform (CVE-2025-59826) is affected in version 2.1.0 where non-admin users can create arbitrary challenges, potentially introducing malicious, incorrect, or misleading content. The issue is mitigated by upgrading to version 2.2.0. Connected sources consistently describe the vuln...

7.6CVSS6.6AI score0.00215EPSS

Exploits0References1Affected Software1

GithubExploit•added 2025/09/23 1:28 a.m.•253 views

Exploit for Improper Input Validation in Microsoft

Email exploit Moniker Link-CVE-2024-21413-Module — Documentati...

9.8CVSS6.9AI score0.9466EPSS

Exploits22

AlpineLinux•added 2025/09/23 12:0 a.m.•11 views

CVE-2025-51005

A heap-buffer-overflow vulnerability exists in the tcpliveplay utility of the tcpreplay-4.5.1. When a crafted pcap file is processed, the program incorrectly handles memory in the checksum calculation logic at dochecksummathliveplay in tcpliveplay.c, leading to a possible denial of service...

7.5CVSS6.4AI score0.00359EPSS

Exploits1References2

Positive Technologies•added 2025/09/23 12:0 a.m.•5 views

PT-2025-39216

Name of the Vulnerable Software and Affected Versions Flag Forge versions prior to 2.2.0 Description Flag Forge is a Capture The Flag CTF platform. Non-admin users are able to create arbitrary challenges, which could lead to the introduction of malicious, incorrect, or misleading content...

7.6CVSS6.7AI score0.00215EPSS

Exploits0References7

Snyk•added 2025/09/22 2:41 p.m.•0 views

Double Free

Overview Affected versions of this package are vulnerable to Double Free via the dltlinuxsll2cleanup function. An attacker can cause memory corruption and application crash by supplying a specially crafted pcap file to the binary. Remediation Upgrade appneta/tcpreplay to version 4.5.2 or higher...

7.8CVSS6.8AI score0.00172EPSS

Exploits1References2

Vulnrichment•added 2025/09/22 12:0 a.m.•4 views

CVE-2025-51006

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the dltlinuxsll2cleanup function in plugins/dltlinuxsll2/linuxsll2.c. This vulnerability is triggered when tcpeditdltcleanup indirectly invokes the cleanup routine multiple times on the same memory region. By...

6.4AI score0.00172EPSS

Exploits1References2

Cvelist•added 2025/09/18 9:28 p.m.•8 views

CVE-2025-54810 Cognex In-Sight Explorer and In-Sight Camera Firmware Authentication Bypass by Capture-replay

Cognex In-Sight Explorer and In-Sight Camera Firmware expose a proprietary protocol on TCP port 1069 to perform management operations such as modifying system properties. The user management functionality handles sensitive data such as registered usernames and passwords over an unencrypted channe...

8.6CVSS0.00184EPSS

Exploits0References1

The Hacker News•added 2025/09/18 11:38 a.m.•4 views

SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers

Cybersecurity researchers have discovered two new malicious packages in the Python Package Index PyPI repository that are designed to deliver a remote access trojan called SilentSync on Windows systems. "SilentSync is capable of remote command execution, file exfiltration, and screen capturing,"...

7.5AI score

Exploits0

SUSE CVE•added 2025/09/17 11:27 p.m.•2 views

SUSE CVE-2023-53367

In the Linux kernel, the following vulnerability has been resolved: accel/habanalabs: fix mem leak in capture user mappings This commit fixes a memory leak caused when clearing the usermappings info when a new context is opened immediately after usermapping is captured and a hard reset is perform...

5.5CVSS6.5AI score0.00156EPSS

Exploits0References15