CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

36547 matches found

RedhatCVE•added 2025/10/18 3:37 p.m.•7 views

CVE-2025-11905

A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the function getArticle of the file app\modules\cms\controller\gather.js. The manipulation results in code injection. The attack may be launched remotely. The exploit has been made public and could be used...

8.8CVSS6.4AI score0.00748EPSS

Exploits1References1

EUVD•added 2025/10/17 6:31 p.m.•6 views

EUVD-2025-34889

6.5CVSS6.4AI score0.00748EPSS

Exploits1References6

OSV•added 2025/10/17 4:15 p.m.•4 views

CVE-2025-11905

8.8CVSS5.5AI score0.00748EPSS

Exploits1References5

NVD•added 2025/10/17 4:15 p.m.•5 views

CVE-2025-11905

8.8CVSS0.00748EPSS

Exploits1References5

Vulnrichment•added 2025/10/17 3:32 p.m.•5 views

CVE-2025-11905 yanyutao0402 ChanCMS gather.js getArticle code injection

6.5CVSS6.6AI score0.00748EPSS

Exploits1References5

Cvelist•added 2025/10/17 3:32 p.m.•9 views

CVE-2025-11905 yanyutao0402 ChanCMS gather.js getArticle code injection

6.5CVSS0.00748EPSS

Exploits1References5

CNVD•added 2025/10/17 12:0 a.m.•3 views

Fortinet FortiClientMac Code Injection Vulnerability

Fortinet FortiClientMAC is a U.S. fly tower Fortinet company based on macOS platform security tools. A code injection vulnerability exists in Fortinet FortiClientMac, which stems from the application's failure to properly filter special elements of constructed snippets, and can be exploited by an...

7.1CVSS9.6AI score0.00253EPSS

Exploits0References1

CNNVD•added 2025/10/17 12:0 a.m.•8 views

DataEase 代码问题漏洞

DataEase is a set of Java-based development of open source data visualization and analysis tools to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . A code injection vulnerability exists in DataEase DB2/MongoDB JDBC...

8.2CVSS8AI score0.00393EPSS

Exploits0References3

CNNVD•added 2025/10/17 12:0 a.m.•3 views

ChanCMS 代码注入漏洞

ChanCMS is a content management system. A code injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which stems from the function getArticle in the file appmodulescmscontrollergather.js that fails to correctly filter the special elements of the constructed snippet. An attacker ca...

8.8CVSS8AI score0.00748EPSS

Exploits1References6

CNNVD•added 2025/10/17 12:0 a.m.•4 views

DataEase 代码问题漏洞

DataEase is a set of Java-based development of open source data visualization and analysis tools to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase H2.java handles JDBC connection validation with a code injection...

8.8CVSS8AI score0.00915EPSS

Exploits1References3

Snyk•added 2025/10/16 7:42 p.m.•3 views

Arbitrary Code Injection

Overview @cocalc/frontend is a CoCalc: Collaborative Calculation Affected versions of this package are vulnerable to Arbitrary Code Injection via uploading a crafted SVG file. An attacker can execute arbitrary code by uploading a specially crafted SVG file. Remediation A fix was pushed into the...

6.9CVSS8AI score0.0037EPSS

Exploits0References2

CNNVD•added 2025/10/16 12:0 a.m.•5 views

Apeman ID71 代码注入漏洞

Apeman ID71 is a webcam from Apeman. A code injection vulnerability exists in the Apeman ID71 EN75.8.53.20 version, which stems from the incorrect manipulation of the parameter alias in the file /setalias.cgi, and could lead to a cross-site scripting attack...

5.1CVSS4.8AI score0.00307EPSS

Exploits0References4

RedhatCVE•added 2025/10/15 3:47 p.m.•5 views

CVE-2025-31365

An Improper Control of Generation of Code 'Code Injection' vulnerability CWE-94 in FortiClientMac 7.4.0 through 7.4.3, 7.2.1 through 7.2.8 may allow an unauthenticated attacker to execute arbitrary code on the victim's host via tricking the user into visiting a malicious website...

7.1CVSS7.9AI score0.00253EPSS

Exploits0References1

RedhatCVE•added 2025/10/15 1:45 p.m.•5 views

CVE-2025-41699

An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of generation of code 'Code Injection'...

8.8CVSS7.7AI score0.00881EPSS

Exploits0References1

Japan Vulnerability Notes•added 2025/10/15 6:54 a.m.•4 views

Phoenix Contact CHARX SEC-3xxx vulnerable to code injection

Overview CHARX SEC-3xxx provided by Phoenix Contact contains the following vulnerability. Code injection CWE-94 - CVE-2025-41699 Ryo Kato of Panasonic Holdings Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

8.8CVSS7.5AI score0.00881EPSS

Exploits0References5

EUVD•added 2025/10/14 6:30 p.m.•4 views

EUVD-2025-34232

5.8CVSS7.4AI score0.00253EPSS

Exploits0References2

NVD•added 2025/10/14 4:15 p.m.•23 views

CVE-2025-31365

7.1CVSS0.00253EPSS

Exploits0References1

OSV•added 2025/10/14 4:15 p.m.•3 views

CVE-2025-31365

7.1CVSS6.1AI score0.00253EPSS

Exploits0References1

CVE•added 2025/10/14 3:23 p.m.•22 views

CVE-2025-31365

Summary: CVE-2025-31365 is a code injection flaw in Fortinet FortiClientMac (macOS) affecting multiple versions: 7.2.1–7.2.8 and 7.4.0–7.4.3. The root cause is an improper control of generation of code, enabling an unauthenticated attacker to trigger arbitrary code execution when a user visits a ...

7.1CVSS7.8AI score0.00253EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/10/14 3:23 p.m.•5 views

CVE-2025-31365

5.8CVSS0.00253EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by