CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25430 matches found

OSV•added 2025/10/13 1:15 a.m.•1 views

CVE-2025-36087

IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound...

9.8CVSS5.8AI score0.0002EPSS

Exploits0References1

NVD•added 2025/10/13 1:15 a.m.•2 views

CVE-2025-36087

9.8CVSS0.0002EPSS

Exploits0References1

Cvelist•added 2025/10/13 12:38 a.m.•5 views

CVE-2025-36087 IBM Security Verify Access hard coded credentials

8.1CVSS0.0002EPSS

Exploits0References1

CVE•added 2025/10/13 12:38 a.m.•11 views

CVE-2025-36087

The CVE-2025-36087 affects IBM Security Verify Access and IBM Verify Identity Access (and their container equivalents). Affected products/versions include IBM Security Verify Access 10.0.0–10.0.9 and 11.0.0, IBM Verify Identity Access Container 10.0.0–10.0.9 and 11.0.0. The issue is hard-coded cr...

9.8CVSS6.4AI score0.0002EPSS

Exploits0References1Affected Software2

Vulnrichment•added 2025/10/13 12:38 a.m.•2 views

CVE-2025-36087 IBM Security Verify Access hard coded credentials

8.1CVSS6.4AI score0.0002EPSS

Exploits0References1

Positive Technologies•added 2025/10/13 12:0 a.m.•3 views

PT-2025-41743

Name of the Vulnerable Software and Affected Versions IBM Security Verify Access versions 10.0.0 through 10.0.9 and 11.0.0 IBM Verify Identity Access Container versions 10.0.0 through 10.0.9 and 11.0.0 Description The software contains hard-coded credentials, such as passwords or cryptographic...

8.1CVSS6.4AI score0.0002EPSS

Exploits0References10

CNVD•added 2025/10/13 12:0 a.m.•3 views

AndSoft e-TMS Encryption Issue Vulnerability

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an encryption issue vulnerability that stems from the use of MD5 encrypted passwords, which can be exploited by an attacker to cause the disclosure of user credentials...

7.5CVSS6.8AI score0.00027EPSS

Exploits0References1

OSV•added 2025/10/11 1:20 p.m.•5 views

OESA-2025-2383 xml-security security update

The XML Security project is aimed at providing implementation of security standards for XML. Currently the focus is on the W3C standards : - XML-Signature Syntax and Processing; and - XML Encryption Syntax and Processing. Security Fixes: All versions of Apache Santuario - XML Security for Java...

6.5CVSS6.9AI score0.00173EPSS

Exploits0References2

OSV•added 2025/10/10 10:54 p.m.•1 views

GHSA-G7F3-828F-7H7M Authlib : JWE zip=DEF decompression bomb enables DoS

Summary Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable tokens to exhaust memory and CPU and cause denial of service. Details - Affected component...

6.5CVSS7.1AI score0.00137EPSS

Exploits1References5

RedhatCVE•added 2025/10/10 8:22 p.m.•3 views

CVE-2025-35054

Newforma Info Exchange NIX stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If...

5.3CVSS7AI score0.00013EPSS

Exploits0References1

OSSF Malicious Packages•added 2025/10/10 4:27 p.m.•4 views

Malicious code in python3-6 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d48e27507362baa15b8e41d1554bce82077fcc870112ab6cb4d17694b47c8ef3 During installation, the obfuscated code is run and connect with a remote server. In the current version, the code just opens a URL without exfiltrating any...

7.2AI score

Exploits0References1

OSV•added 2025/10/10 4:27 p.m.•3 views

MAL-2025-191843 Malicious code in python3-6 (PyPI)

7.1AI score

Exploits0References1

CNNVD•added 2025/10/10 12:0 a.m.•3 views

SAMSUNG Smart Switch 安全漏洞

SAMSUNG Smart Switch is a data migration tool from Samsung South Korea. A security vulnerability exists in SAMSUNG Smart Switch versions prior to 3.7.67.2, which stems from the use of an insecure encryption algorithm that could lead to a local attacker replacing the recovery application...

7.8CVSS6.3AI score0.00008EPSS

Exploits0References1

EUVD•added 2025/10/09 9:31 p.m.•4 views

EUVD-2025-33573

5.3CVSS6.5AI score0.00013EPSS

Exploits0References3

NVD•added 2025/10/09 9:15 p.m.•4 views

CVE-2025-35054

5.3CVSS0.00013EPSS

Exploits0References2

NVD•added 2025/10/09 9:15 p.m.•6 views

CVE-2025-35052

Newforma Info Exchange NIX uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the 'qs' parameter used in '/DownloadWeb/download.aspx'. This key is shar...

6.3CVSS0.00048EPSS

Exploits0References2

OSV•added 2025/10/09 9:15 p.m.•3 views

CVE-2025-35054

5.3CVSS5.8AI score0.00013EPSS

Exploits0References2

GithubExploit•added 2025/10/09 8:44 p.m.•117 views

cryptidy-analysis

PoC for cryptidy pickle deserialization RCE 🚨 CVE PoC — Unsaf...

8.6AI score

Exploits0

CVE•added 2025/10/09 8:20 p.m.•10 views

CVE-2025-35054

CVE-2025-35054 affects Newforma Info Exchange (NIX). The root issue is insufficient protection of credentials stored in HKLM\Software\WOW6432Node\Newforma\Credentials, where both the credentials and the encryption key reside in the same registry location. Authenticated users can access both, and ...

5.3CVSS6.6AI score0.00013EPSS

Exploits0References2Affected Software1

Cvelist•added 2025/10/09 8:20 p.m.•3 views

CVE-2025-35054 Newforma Info Exchange (NIX) insufficiently protected credentials

5.3CVSS0.00013EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by