CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

36507 matches found

UbuntuCve•added 2026/04/30 1:16 p.m.•2 views

CVE-2025-14576

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...

9.3CVSS6AI score0.00221EPSS

Exploits0References3

OSV•added 2026/04/30 1:16 p.m.•1 views

UBUNTU-CVE-2025-14576

9.3CVSS6.1AI score0.00221EPSS

Exploits0References4

Cvelist•added 2026/04/30 12:39 p.m.•25 views

CVE-2025-14576 Possible QML code injection in VectorImage component

9.3CVSS0.00221EPSS

Exploits0References1

ATTACKERKB•added 2026/04/30 12:39 p.m.•2 views

CVE-2025-14576

9.3CVSS5.9AI score0.00221EPSS

Exploits0References2Affected Software1

CVE•added 2026/04/30 12:39 p.m.•10 views

CVE-2025-14576

CVE-2025-14576 affects Qt’s SVG module (VectorImage in Qt Quick). The root cause is insufficient validation of node IDs, enabling arbitrary QML/JavaScript code injection when loading malicious SVG files. The NVD entry notes local attack vector with no privileges required and passive user interact...

9.3CVSS5.8AI score0.00221EPSS

Exploits0References1Affected Software1

Snyk•added 2026/04/30 12:39 p.m.•7 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the VectorImage component when a user is tricked into loading a specially crafted SVG file. An attacker can execute arbitrary QML or JavaScript code by embedding malicious payloads within the SVG, potentiall...

9.3CVSS6.1AI score0.00221EPSS

Exploits0References2

Debian CVE•added 2026/04/30 12:39 p.m.•6 views

CVE-2025-14576

9.3CVSS6.1AI score0.00221EPSS

Exploits0

CNNVD•added 2026/04/30 12:0 a.m.•5 views

Qt 代码注入漏洞

Qt is an open-source, cross-platform application development framework. Qt has a code injection vulnerability, which stems from insufficient node ID verification. This vulnerability allows for the injection of arbitrary QML or JavaScript code through the VectorImage component in Qt Quick, when...

9.3CVSS5.9AI score0.00221EPSS

Exploits0References1

CNNVD•added 2026/04/30 12:0 a.m.•6 views

Webkul Krayin CRM 代码注入漏洞

Webkul Krayin CRM is a free and open-source CRM solution for small and medium-sized businesses developed by the Indian company Webkul. Version 2.1.5 of Webkul Krayin CRM contains a code injection vulnerability, which stems from issues with the compose email function. This vulnerability could allo...

8.1CVSS6.2AI score0.00567EPSS

Exploits1References1

CNNVD•added 2026/04/30 12:0 a.m.•7 views

IBM Langflow Desktop 代码注入漏洞

IBM Langflow Desktop is a desktop application for AI process orchestration developed by IBM. Versions 1.0.0 to 1.8.4 of IBM Langflow Desktop contain a code injection vulnerability. This vulnerability allows attackers to execute arbitrary commands with privileges to run the Langflow process,...

8.8CVSS6.1AI score0.0047EPSS

Exploits0References1

CNNVD•added 2026/04/30 12:0 a.m.•6 views

Bootstrap CMS 注入漏洞

Bootstrap CMS is an open-source content management system based on PHP. The Bootstrap CMS 0.9.0-alpha version has a vulnerability due to an unknown function in the Page Creation Handler component file resources/views/pages/show.blade.php, which allows for code injection when manipulating the body...

6.5CVSS6.6AI score0.00233EPSS

Exploits0References2

Positive Technologies•added 2026/04/30 12:0 a.m.•1 views

PT-2026-36212

Name of the Vulnerable Software and Affected Versions Bootstrap CMS version 0.9.0-alpha Description An issue exists in the Page Creation Handler component within the file resources/views/pages/show.blade.php. Manipulation of the body argument allows for remote code injection, which is the executi...

6.5CVSS7.1AI score0.00233EPSS

Exploits0References8

OSV•added 2026/04/29 8:54 p.m.•2 views

GHSA-WR32-99HH-6F35 Nginx-UI has Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware that Allows Access to Internal Services

Summary An authenticated user can perform Server-Side Request Forgery SSRF by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwards these requests to the attacker-specified internal address, bypassing...

8.5CVSS6AI score0.00318EPSS

Exploits1References3

Cvelist•added 2026/04/29 7:50 p.m.•32 views

CVE-2026-34965 Cockpit CMS Authenticated Remote Code Execution via Collections

Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/savecollection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP...

8.8CVSS0.00825EPSS

Exploits0References4

Vulnrichment•added 2026/04/29 7:50 p.m.•2 views

CVE-2026-34965 Cockpit CMS Authenticated Remote Code Execution via Collections

8.8CVSS6.5AI score0.00825EPSS

Exploits0References4

Snyk•added 2026/04/29 4:24 p.m.•4 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the filter parameter in multiple endpoints, leveraging the MongoLite $func operator. An attacker can execute arbitrary system commands by supplying crafted input to the affected endpoints. Remediation Upgrad...

9.8CVSS6.1AI score0.00426EPSS

Exploits0References2

NVD•added 2026/04/29 4:16 p.m.•3 views

CVE-2026-7388

A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been...

5.8CVSS0.00239EPSS

Exploits0References4