CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

242 matches found

OSSF Malicious Packages•added 2026/05/25 11:50 a.m.•10 views

Malicious code in atel-mcp-openclaw (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1e4255e19fdb4f0352f184f35599be81651badab879e4f39d0f3bb4fda4a58e The package contains multiple structural fingerprints of an active credential-stealer / C2 implant. bin/install.js performs lifecycle-time HTTP POSTs...

5.8AI score

Exploits0References2

Fedora•added 2026/04/25 1:52 a.m.•1 views

[SECURITY] Fedora 44 Update: tcpflow-1.6.2-0.1.8d47b53.fc44

tcpflow is a program that captures data transmitted as part of TCP connections flows, and stores the data in a way that is convenient for protocol analysis or debugging. A program like 'tcpdump' shows a summary of packets seen on the wire, but usually doesn't store the data that's actually being...

7.5CVSS5.3AI score0.00085EPSS

Exploits1

ICS•added 2026/04/16 6:0 a.m.•2 views

Anviz Multiple Products

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow attackers to conduct reconnaissance, capture or decrypt sensitive data, alter device configurations, gain unauthorized administrative or root‑level access, execute arbitrary code, compromise credentials or...

6.5AI score

Exploits0References11

Cvelist•added 2026/01/02 12:0 a.m.•17 views

CVE-2024-55374

REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy between login attempts...

0.00034EPSS

Exploits0References2

CNNVD•added 2025/12/22 12:0 a.m.•2 views

ClinCapture EDC 安全漏洞

ClinCapture EDC is a clinical trial data capture system from ClinCapture, Inc. A security vulnerability exists in ClinCapture EDC versions 3.0 and 2.2.3, which originates in reflective cross-site scripting and could lead to the execution of JavaScript code by an unauthenticated, remote attacker i...

6.1CVSS6.3AI score0.00058EPSS

Exploits1References3

CVE•added 2025/12/22 12:0 a.m.•6 views

CVE-2025-65270

CVE-2025-65270 is a reflected XSS vulnerability in ClinCapture EDC versions 2.2.3 and 3.0, allowing an unauthenticated remote attacker to execute JavaScript in the victim’s browser. Root cause involves reflective XSS in ClinCapture EDC. Impact is context of the victim’s browser with low confident...

6.1CVSS5.8AI score0.00058EPSS

Exploits1References2Affected Software1

RedhatCVE•added 2025/11/15 12:47 a.m.•7 views

CVE-2025-54346

A Reflected Cross Site Scripting XSS vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information...

7.6CVSS5.9AI score0.00051EPSS

Exploits0References1

EUVD•added 2025/11/14 6:31 p.m.•3 views

EUVD-2025-197628

A Stored Cross Site Scripting XSS vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information...

6.5CVSS5.2AI score0.0003EPSS

Exploits0References4

OSV•added 2025/11/14 6:15 p.m.•2 views

CVE-2025-54346

7.6CVSS5.8AI score0.00051EPSS

Exploits0References2

Vulnrichment•added 2025/11/14 12:0 a.m.•0 views

CVE-2025-54348

5.3AI score0.0003EPSS

Exploits0References2

Packet Storm News•added 2025/10/28 12:0 a.m.•3 views

Covert Surveillance in Smart Devices: A SCOUR Framework Analysis of Youth Privacy Implications

This paper investigates how smart devices covertly capture private conversations and discusses in more in-depth the implications of this for youth privacy. Using a structured review guided by the PRISMA methodology, the analysis focuses on privacy concerns, data capture methods, data storage and...

7AI score

Exploits0

Github Security Blog•added 2025/10/09 3:31 p.m.•3 views

Apache Flink CDC is vulnerable to SQL Injection through maliciously crafted identifiers

Apache Flink CDC version 3.0.0 to before 3.5.0 are vulnerable to a SQL injection via maliciously crafted identifiers eg. crafted database name or crafted table name. Even through only the logged-in database user can trigger the attack, users are recommended to update Flink CDC version to 3.5.0...

8.8CVSS8AI score0.00037EPSS

Exploits0References6Affected Software5

OSV•added 2025/10/09 3:31 p.m.•1 views

GHSA-WQM3-W3P6-XJGM Apache Flink CDC is vulnerable to SQL Injection through maliciously crafted identifiers

5.1CVSS8AI score0.00037EPSS

Exploits0References6

Snyk•added 2025/10/09 1:42 p.m.•3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the quote function that fails to properly escape special characters. An attacker can execute arbitrary SQL commands by supplying specially crafted input values for database name or table names. Remediation Upgrade...

8.8CVSS8.6AI score0.00037EPSS

Exploits0References2

Positive Technologies•added 2025/10/09 12:0 a.m.•2 views

PT-2025-41380

Name of the Vulnerable Software and Affected Versions Apache Flink CDC version 3.4.0 Description The software is susceptible to a SQL injection due to maliciously crafted identifiers, such as a crafted database name or table name. The attack can only be triggered by a logged-in database user...

8.8CVSS7.4AI score0.00037EPSS

Exploits0References11

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2005-3437

Malware in sbrugna...

10CVSS6.3AI score0.07741EPSS

Exploits5References8

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2011-4606

Malware in sbrugna...

5CVSS6.1AI score0.00241EPSS

Exploits1References6