CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

431 matches found

Packet Storm News•added 2026/05/04 12:0 a.m.•4 views

PIIGuard: Mitigating PII Harvesting under Adversarial Sanitization

Browsing-enabled LLM assistants can fetch webpages and answer contact-seeking queries, creating a practical channel for scraping contact-style personally identifiable information PII from public pages. Many prior defenses are deployed at the model, service, or agent layer rather than at the webpa...

5.8AI score

Exploits0

OSV•added 2026/02/25 2:2 a.m.•3 views

CVE-2026-25135 OpenEMR's location resource for Group.$export operation returns entire patient/user population contact information

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 have an information disclosure vulnerability that leaks the entire contact information for all users, organizations, and patients in the system to anyone who has the...

4.5CVSS5.5AI score0.00161EPSS

Exploits0References4

Vulnrichment•added 2026/02/19 4:36 a.m.•2 views

CVE-2025-14294 Razorpay for WooCommerce <= 4.7.8 - Missing Authentication to Unauthenticated Order Modification

The Razorpay for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getCouponList function in all versions up to, and including, 4.7.8. This is due to the checkAuthCredentials permission callback always returning true,...

5.3CVSS5.6AI score0.00219EPSS

Exploits0References5

RedhatCVE•added 2026/01/09 12:18 p.m.•5 views

CVE-2018-10189

An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each...

7.5CVSS6.5AI score0.003EPSS

Exploits0References1

RedhatCVE•added 2025/11/21 7:37 p.m.•2 views

CVE-2025-52669

Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and email address of other users on the system...

4.3CVSS4.9AI score0.00018EPSS

Exploits1References1

Malwarebytes•added 2025/10/16 10:49 a.m.•4 views

Mango discloses data breach at third-party provider

Mango has reported a data breach at one of its external marketing service providers. The Spanish fashion retailer says that only personal contact information has been exposed—no financial data. The breach took place at the service provider and did not affect Mango’s own systems. According to the...

7.2AI score

Exploits0