CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2025/10/30 5:38 p.m.•3 views

EUVD-2025-37183

Malicious code in com.apple.unityplugin.spatialcontroller npm...

6.6AI score

NVD•added 2025/10/30 5:15 p.m.•14 views

CVE-2025-60319

PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint AttachController.java...

6.5CVSS0.00241EPSS

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the enforcer that uses environment variables without sanitation. An attacker can execute arbitrary commands or cause a buffer overflow by supplying crafted input to the affected component. Remediation Upgrade...

Command Injection

Command Injection

Command Injection

Fedora•added 2025/10/30 4:36 a.m.•5 views

[SECURITY] Fedora 42 Update: qt6-qtserialbus-6.9.3-1.fc42

Qt Serial Bus API provides classes and functions to access the various industrial serial buses and protocols, such as CAN, ModBus, and others...

9.4CVSS7AI score0.00204EPSS

Microsoft CVE•added 2025/10/30 1:1 a.m.•5 views

ata: libata-sff: Ensure that we cannot write outside the allocated buffer

...

5.5CVSS8.9AI score0.00192EPSS

CNNVD•added 2025/10/30 12:0 a.m.•4 views

Seeyon Zhiyuan OA Web Application System 安全漏洞

Seeyon Zhiyuan OA Web Application System is a comprehensive office automation platform from Seeyon. A security vulnerability exists in Seeyon Zhiyuan OA Web Application System 7.0 SP1 and prior versions, which stems from improper encoding and parsing of parameters in thirdpartyController.do, whic...

9.3CVSS6.7AI score0.00602EPSS

Exploits0References4

Vulnrichment•added 2025/10/30 12:0 a.m.•2 views

CVE-2025-60319

PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint AttachController.java...

6.5AI score0.00241EPSS

Positive Technologies•added 2025/10/30 12:0 a.m.•8 views

PT-2025-44429

Name of the Vulnerable Software and Affected Versions PerfreeBlog version 4.0.11 Description The software contains a Server-Side Request Forgery condition resulting from a missing authorization check. This issue affects the uploadAttachByUrl API endpoint located in the AttachController.java file...

6.5CVSS6.5AI score0.00241EPSS

Exploits0References7

Github Security Blog•added 2025/10/29 3:31 p.m.•8 views

Jenkins Azure CLI Plugin does not restrict the commands it executes

Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller. This allows attackers with Item/Configure permission to execute arbitrary shell commands on the Jenkins controller. As of publication of this advisory, there is no fix...

8.8CVSS7.5AI score0.00556EPSS

Exploits0References4Affected Software1

OSV•added 2025/10/29 3:31 p.m.•6 views

GHSA-RH72-238F-G26Q Jenkins Azure CLI Plugin does not restrict the commands it executes

8.8CVSS7.5AI score0.00556EPSS

Exploits0References4

NVD•added 2025/10/29 2:15 p.m.•6 views

CVE-2025-64144

Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

4.3CVSS0.00158EPSS

OSV•added 2025/10/29 2:15 p.m.•5 views

CVE-2025-64143

Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

4.3CVSS6.9AI score