CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1746 matches found

GithubExploit•added 2025/12/29 4:7 p.m.•192 views

Exploit for Command Injection in Dlink Di-7400G\+_Firmware

CVE-2025-57105 D-Link DI-7400G+ Command Injection Ove...

9.8CVSS7.9AI score0.03705EPSS

Exploits3

Vulnrichment•added 2025/12/10 8:54 p.m.•3 views

CVE-2020-36895 EIBIZ i-Media Server Digital Signage 3.8.0 Unauthenticated Configuration Disclosure

EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. Attackers can retrieve the SiteConfig.properties file through an HTTP GET request, exposi...

8.7CVSS6.4AI score0.00618EPSS

Exploits1References4

Positive Technologies•added 2025/12/08 12:0 a.m.•6 views

PT-2025-49550

Some endpoints in vulnerability-lookup that modified application state e.g. changing database entries, user data, configurations, or other privileged actions may have been accessible via HTTP GET requests without requiring a CSRF token. This flaw leaves the application vulnerable to Cross-Site...

7CVSS7.1AI score0.00146EPSS

Exploits0References2

OSV•added 2025/11/18 12:15 p.m.•5 views

CVE-2025-6670

A Cross-Site Request Forgery CSRF vulnerability exists in multiple WSO2 products due to the use of the HTTP GET method for state-changing operations within admin services, specifically in the event processor of the Carbon console. Although the SameSite=Lax cookie attribute is used as a mitigation...

8.8CVSS6.3AI score

Exploits0References1

Vulnrichment•added 2025/11/18 11:28 a.m.•4 views

CVE-2025-6670 Cross-Site Request Forgery (CSRF) in Multiple WSO2 Products via HTTP GET in Admin Services

8.8CVSS6AI score0.0019EPSS

Exploits0References1

NVD•added 2025/11/14 11:15 p.m.•6 views

CVE-2021-4465

ReQuest Serious Play F3 Media Server versions 7.0.3.4968 Pro, 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 contain a remote denial-of-service vulnerability. The device can be shut down or rebooted by an unauthenticated attacker through a single crafted HTTP GET request, allowing...

8.7CVSS0.00416EPSS

Exploits1References7

CVE•added 2025/11/14 10:51 p.m.•12 views

CVE-2021-4465

CVE-2021-4465 affects ReQuest Serious Play F3 Media Server. A remote, unauthenticated attacker can force a DoS by sending a crafted HTTP GET request, potentially shutting down or rebooting the device and interrupting service. Affected versions include 2.0.1.823 through 7.0.3.4968 (Pro); vulnerabl...

8.7CVSS6.7AI score0.00416EPSS

Exploits1References7

RedhatCVE•added 2025/11/07 1:46 p.m.•5 views

CVE-2025-31954

HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see...

5.4CVSS6.6AI score0.00159EPSS

Exploits0References1