CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6720 matches found

CNNVD•added 2025/12/16 12:0 a.m.•2 views

Podcast Generator 安全漏洞

Podcast Generator is PodcastGenerator's open source set of free podcast publishing scripts written in PHP. A security vulnerability exists in Podcast Generator version 3.2.9, which stems from a blind server-side request forgery that could allow an attacker to inject XML into the episode upload fo...

9.8CVSS6.8AI score0.0049EPSS

Exploits1References4

Positive Technologies•added 2025/12/16 12:0 a.m.•3 views

PT-2025-51747

Name of the Vulnerable Software and Affected Versions PodcastGenerator version 3.2.9 Description The software contains a blind server-side request forgery issue that allows attackers to inject XML. This can be triggered by manipulating the shortdesc parameter in the episode upload form, enabling...

9.8CVSS7AI score0.0049EPSS

Exploits1References9

Veracode•added 2025/12/13 4:33 a.m.•4 views

Weak Encryption

org.apache.streampark, streampark is vulnerable to weak encryption. The vulnerability is due to the use of AES encryption in ECB mode along with a weak random number generator for protecting sensitive data, which allows an attacker to potentially expose or recover sensitive authentication...

7.5CVSS6.6AI score0.00216EPSS

Exploits0References5Affected Software1

Github Security Blog•added 2025/12/12 3:30 p.m.•9 views

Apache StreamPark uses a Weak Encryption Algorithm

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

7.5CVSS7.1AI score0.00216EPSS

Exploits0References5Affected Software1

OSV•added 2025/12/12 3:30 p.m.•3 views

GHSA-749J-2HP6-8CXM Apache StreamPark uses a Weak Encryption Algorithm

8.7CVSS7AI score0.00216EPSS

Exploits0References5

NVD•added 2025/12/12 3:15 p.m.•8 views

CVE-2025-54981

7.5CVSS0.00216EPSS

Exploits0References2

OSV•added 2025/12/12 3:15 p.m.•4 views

CVE-2025-54981

7.5CVSS6.7AI score

Exploits0References2

Cvelist•added 2025/12/12 3:10 p.m.•23 views

CVE-2025-54981 Apache StreamPark: Weak Encryption Algorithm in StreamPark

0.00216EPSS

Exploits0References1

CVE•added 2025/12/12 3:10 p.m.•13 views

CVE-2025-54981

CVE-2025-54981 affects Apache StreamPark prior to 2.1.7, due to use of AES in ECB mode and a weak RNG for encrypting sensitive data such as JWT tokens. This weak encryption could lead to exposure of confidential data. The vulnerability is documented across multiple sources (NVD, Red Hat, OSV, CNV...

7.5CVSS6.7AI score0.00216EPSS

Exploits0References2Affected Software1

NVD•added 2025/12/12 7:15 a.m.•4 views

CVE-2025-14356

The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'uacf7getgeneratedpdf' function in all versions up to, and including, 3.5.33. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS0.00337EPSS

Exploits0References6

Vulnrichment•added 2025/12/12 6:32 a.m.•2 views

CVE-2025-14356 Ultra Addons for Contact Form 7 <= 3.5.33 - Missing Authorization to Authenticated (Subscriber+) to Generate Form Submission PDF

4.3CVSS4.8AI score0.00337EPSS

Exploits0References6

CVE•added 2025/12/12 6:32 a.m.•16 views

CVE-2025-14356

CVE-2025-14356 — The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on uacf7_get_generated_pdf in all versions up to and including 3.5.33. The Wordfence report confirms authenticated users with Subscriber-level a...

4.3CVSS4.8AI score0.00337EPSS

Exploits0References6

Cvelist•added 2025/12/12 6:32 a.m.•29 views

CVE-2025-14356 Ultra Addons for Contact Form 7 <= 3.5.33 - Missing Authorization to Authenticated (Subscriber+) to Generate Form Submission PDF

4.3CVSS0.00337EPSS

Exploits0References6

Positive Technologies•added 2025/12/12 12:0 a.m.•3 views

PT-2025-50893

The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'uacf7 get generated pdf' function in all versions up to, and including, 3.5.33. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS5.1AI score0.00337EPSS

Exploits0References7

Metasploit•added 2025/12/10 6:57 p.m.•311 views

Simple

Simple NOP generator Module Options msf use nop/loongarch64/simple msf nopsimple show actions ...actions... msf nopsimple set ACTION msf nopsimple show options ...show and set options... msf nopsimple run This module requires Metasploit: https://metasploit.com/download Current source:...

5.8AI score

Exploits0

RedhatCVE•added 2025/12/10 2:23 p.m.•2 views

CVE-2025-67469

Cross-Site Request Forgery CSRF vulnerability in kubiq PDF Thumbnail Generator pdf-thumbnail-generator allows Cross Site Request Forgery.This issue affects PDF Thumbnail Generator: from n/a through = 1.4...

4.3CVSS6.9AI score0.00107EPSS

Exploits0References1