CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Talos Blog•added 2025/12/17 4:55 p.m.•10 views

UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager

Cisco Talos recently discovered a campaign targeting Cisco AsyncOS Software for Cisco Secure Email Gateway, formerly known as Cisco Email Security Appliance ESA, and Cisco Secure Email and Web Manager, formerly known as Cisco Content Security Management Appliance SMA. We assess with moderate...

7.7AI score

Exploits0

Cvelist•added 2025/12/16 3:15 p.m.•32 views

CVE-2025-14432 Poly Video - Sensitive Data Might Be Written to Log File

In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center TAC to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration...

8.1CVSS0.00344EPSS

Vulnrichment•added 2025/12/16 8:12 a.m.•2 views

CVE-2025-67976 WordPress Watu Quiz plugin <= 3.4.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watu Quiz: from n/a through = 3.4.5...

6.5CVSS6.6AI score0.00248EPSS

Microsoft Secure•added 2025/12/15 7:35 p.m.•12 views

Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components

CVE-2025-55182 also referred to as React2Shell and includes CVE-2025-66478, which was merged into it is a critical pre-authentication remote code execution RCE vulnerability affecting React Server Components, Next.js, and related frameworks. With a CVSS score of 10.0, this vulnerability could all...

10CVSS8.9AI score0.99562EPSS

Exploits381

Veracode•added 2025/12/13 6:48 a.m.•8 views

Improper Access Control

mantisbt/mantisbt is vulnerable to improper access control. The vulnerability is due to insufficient access-level checks, which allows an attacker to exploit the Copy From functionality to retrieve column configurations from private projects without authorization...

5.3CVSS5.8AI score0.00215EPSS

Exploits1References5Affected Software1

Veracode•added 2025/12/13 5:3 a.m.•7 views

Uncontrolled Resource Consumption

Apache Commons Configuration is vulnerable to Uncontrolled Resource Consumption. The vulnerability is due to multiple design issues in the configuration loading and processing logic, where loading untrusted configuration files or allowing attacker-controlled usage patterns can trigger excessive C...

6.5CVSS6.8AI score0.01663EPSS

Exploits0References2Affected Software1

Veracode•added 2025/12/13 5:0 a.m.•8 views

Missing Authorization

Jenkins MCP Server Plugin is vulnerable to Missing Authorization. The vulnerability is due to missing permission checks in multiple MCP tools, which allows an attacker to trigger builds and access sensitive information related to job and cloud configurations without proper authorization...

5.4CVSS5.8AI score0.00218EPSS

Exploits0References4Affected Software1

Veracode•added 2025/12/13 4:34 a.m.•3 views

Sensitive Information Disclosure

Jenkins ReadyAPI Functional Testing Plugin is vulnerable to Sensitive Information Disclosure. The vulnerability is due to storing license keys, client secrets, and passwords in plaintext in job configuration files, allowing users with Item/Extended Read permission or file system access on the...

6.5CVSS6.9AI score0.00347EPSS

Exploits0References2Affected Software1

Veracode•added 2025/12/13 4:18 a.m.•6 views

Sensitive Information Disclosure

Jenkins Curseforge Publisher Plugin is vulnerable to Sensitive Information Disclosure. The vulnerability is due to storing API keys in plaintext in job configuration files, allowing users with Item/Extended Read permission or file system access on the Jenkins controller to view and misuse the...

4.3CVSS6.8AI score0.00144EPSS

Exploits0References2Affected Software1

RedHat Linux•added 2025/12/10 5:45 p.m.•2 views

tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve

A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...

RedHat Linux•added 2025/12/10 2:55 p.m.•4 views

tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve

RedHat Linux•added 2025/12/10 2:45 p.m.•0 views

tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve

RedHat Linux•added 2025/12/10 2:39 p.m.•3 views

tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve

RedhatCVE•added 2025/12/10 3:26 a.m.•3 views

CVE-2025-66631

CSLA .NET is a framework designed for the development of reusable, object-oriented business layers for applications. Versions 5.5.4 and below allow the use of WcfProxy. WcfProxy uses the now-obsolete NetDataContractSerializer NDCS and is vulnerable to remote code execution during deserialization...

9.2CVSS7.8AI score0.00555EPSS

IBM Security Bulletins•added 2025/12/09 7:38 p.m.•6 views

Security Bulletin: IBM® Db2® is vulnerable to privilege escalation under specific configurations (CVE-2025-36186)

Summary IBM® Db2® under specific configurations could allow a local user to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level. Vulnerability Details CVEID:CVE-2025-36186 DESCRIPTION: IBM Db2 for Linux,...

7.8CVSS6.6AI score0.00108EPSS

Exploits0Affected Software1

RedHat Linux•added 2025/12/09 3:22 p.m.•2 views

tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve