CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

874 matches found

RedhatCVE•added 2026/01/09 8:43 a.m.•9 views

CVE-2022-42967

Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled. This directly leads to client-side code execution...

9.6CVSS6AI score0.00821EPSS

Exploits1References1

Positive Technologies•added 2026/01/08 12:0 a.m.•3 views

PT-2026-3410

Summary Since 2017, the default webpack plugins have passed the entire process.env to EnvironmentPlugin. This pattern exposed ALL build environment variables to client-side JavaScript bundles whenever application code or any dependency referenced process.env.VARIABLE NAME. This is not a regressio...

7.5CVSS7.1AI score

Exploits0References5

Tenable Nessus•added 2025/12/04 12:0 a.m.•6 views

AI Service Secret Disclosure

Most of the web applications rely on various public services to provide features to their users. In secure designs, consuming these private or cloud services will require authentication like API and private keys, username and password based credentials and similar sensitive data. Developers...

7.6AI score

Exploits0References1

Tenable Nessus•added 2025/12/04 12:0 a.m.•7 views

Third-Party Service Secret Disclosure

7.6AI score

Exploits0References1

Vulnrichment•added 2025/10/25 1:45 a.m.•12 views

CVE-2025-11760 eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams <= 1.5.6 - Unauthenticated Sensitive Information Exposure

The eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin for WordPress is vulnerable to exposure of sensitive information in all versions up to, and including, 1.5.6. This is due to the plugin exposing Zoom SDK secret keys in client-side JavaScript within the meeting vie...

5.3CVSS5.2AI score0.00287EPSS

Exploits0References3

EUVD•added 2025/10/25 1:45 a.m.•6 views

EUVD-2025-35900

5.3CVSS5.2AI score0.00287EPSS

Exploits0References4

Positive Technologies•added 2025/10/25 12:0 a.m.•14 views

PT-2025-43694

Name of the Vulnerable Software and Affected Versions eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams versions through 1.5.6 Description The eRoom plugin for WordPress exposes Zoom SDK secret keys in client-side JavaScript within the meeting view template. This allows...

5.3CVSS6.5AI score0.00287EPSS

Exploits0References8

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-6604

Malware in sbrugna...

6.1CVSS6.3AI score0.00897EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2019-8009

Malware in sbrugna...

5.4CVSS5.6AI score0.00516EPSS

Exploits0References2