CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

637 matches found

Malwarebytes•added 2026/01/23 4:4 p.m.•7 views

Spammers abuse Zendesk to flood inboxes with legitimate-looking emails, but why?

Short answer: we have no idea. People are actively complaining that their mailboxes and queues are being flooded by emails coming from the Zendesk instances of trusted companies like Discord, Riot Games, Dropbox, and many others. Zendesk is a customer service and support software platform that...

5.7AI score

Exploits0

Fedora•added 2026/01/23 1:16 a.m.•7 views

[SECURITY] Fedora 42 Update: rclone-1.72.1-1.fc42

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

7.5CVSS6.9AI score0.00613EPSS

Exploits1

Fedora•added 2026/01/22 1:8 a.m.•6 views

[SECURITY] Fedora 43 Update: rclone-1.72.1-1.fc43

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

7.5CVSS6.8AI score0.00579EPSS

Exploits1

RedhatCVE•added 2026/01/09 11:36 a.m.•3 views

CVE-2021-41467

Cross-site scripting XSS vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter...

6.1CVSS6AI score0.03545EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:55 a.m.•6 views

CVE-2020-12759

Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook...

6.1CVSS5.8AI score0.00671EPSS

Exploits0References1

RedhatCVE•added 2025/12/06 10:52 p.m.•18 views

CVE-2025-66629

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.4, some of HedgeDoc's OAuth2 endpoints for social login providers such as Google, GitHub, GitLab, Facebook or Dropbox lack CSRF protection, since they don't send a state parameter and verify the respon...

4.3CVSS6.8AI score0.00084EPSS

Exploits0References1

CVE•added 2025/12/05 10:47 p.m.•18 views

CVE-2025-66629

HedgeDoc versions prior to 1.10.4 are affected by missing CSRF protection in OAuth2 endpoints for social logins (Google, GitHub, GitLab, Facebook, Dropbox) due to not sending/verifying a state parameter. This could allow attackers to hijack user authentication sessions. The issue is fixed in 1.10...

4.3CVSS6.4AI score0.00084EPSS

Exploits0References2Affected Software1

HackRead•added 2025/12/05 3:21 p.m.•6 views

New Variant of ClayRat Android Spyware Seize Full Device Control

The dangerous ClayRat Android spyware has evolved, gaining the ability to steal PINs, record screens, and disable security by abusing Accessibility Services. Users must beware of fake apps spreading through phishing sites and Dropbox...

7AI score

Exploits0

Malwarebytes•added 2025/12/03 2:12 p.m.•10 views

How attackers use real IT tools to take over your computer

A new wave of attacks is exploiting legitimate Remote Monitoring and Management RMM tools like LogMeIn Resolve formerly GoToResolve and PDQ Connect to remotely control victims’ systems. Instead of dropping traditional malware, attackers trick people into installing these trusted IT support progra...

7.5AI score

Exploits0

Fedora•added 2025/12/03 12:59 a.m.•9 views

[SECURITY] Fedora 43 Update: rclone-1.72.0-1.fc43

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

7.5CVSS7AI score0.00626EPSS

Exploits0