CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

450 matches found

RedhatCVE•added 2026/01/09 8:56 a.m.•3 views

CVE-2023-40020

PrivateUploader is an open source image hosting server written in Vue and TypeScript. In affected versions app/routes/v3/admin.controller.ts did not correctly verify whether the user was an administrator High Level or moderator Low Level causing the request to continue processing. The response...

9.9CVSS6.8AI score0.00403EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:36 a.m.•7 views

CVE-2020-7874

Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension...

8.8CVSS7.4AI score0.00565EPSS

Exploits0References1

OSV•added 2025/12/11 9:15 p.m.•3 views

CVE-2025-13663

Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists...

5.4CVSS5.8AI score0.0008EPSS

Exploits0References1

RedhatCVE•added 2025/12/09 5:27 p.m.•4 views

CVE-2025-48626

In multiple locations, there is a possible way to launch an application from the background due to a precondition check failure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

9.8CVSS7.4AI score0.0033EPSS

Exploits0References1

OSV•added 2025/12/02 1:15 p.m.•2 views

CVE-2025-11789

Out-of-bounds read vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'DownloadFile' function converts a parameter to an integer using 'atoi' and then uses it as an index in the 'FilesDownload' array with '&FilesDownloadiVar2'. If the parameter is too large, it will access memory beyond...

7.5CVSS5.8AI score0.00221EPSS

Exploits0References1

NVD•added 2025/12/02 3:16 a.m.•3 views

CVE-2025-20789

In GPU pdma, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117741; Issue ID: MSV-4538...

4.4CVSS0.00067EPSS

Exploits0References1

SUSE CVE•added 2025/11/09 12:24 a.m.•3 views

SUSE CVE-2025-58075

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the RelayState...

8.1CVSS6.9AI score0.00307EPSS

Exploits0References2

CVE•added 2025/10/16 8:44 a.m.•18 views

CVE-2025-58073

Mattermost Server (versions 10.11.x up to 10.11.1, 10.10.x up to 10.10.2, 10.5.x up to 10.5.10) is affected by CVE-2025-58073 due to insufficient verification of a user’s permission to join a team when using the original invite token. The underlying issue is the lack of proper authorization check...

8.1CVSS6.5AI score0.00379EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/10/16 8:20 a.m.•1 views

CVE-2025-58075 Arbitrary Mattermost Team can be joined by manipulating the SAML RelayState

8.1CVSS6.5AI score0.00307EPSS

Exploits0References1

CNNVD•added 2025/10/15 12:0 a.m.•3 views

WordPress plugin Orion SMS OTP Verification 安全漏洞

WordPress Orion SMS OTP Verification plugin is an authentication plugin for WordPress that enables user verification by sending a one-time password OTP via text message SMS. An elevation of privilege vulnerability exists in the WordPress Orion SMS OTP Verification plugin, which can be exploited b...

9.8CVSS7.3AI score0.0039EPSS

Exploits0References3