CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1234 matches found

GithubExploit•added 2026/01/25 2:51 p.m.•146 views

POC-Generator-Burp_Suite_Extension

🎯 POC Generator - Burp Suite Extension From vulnerability...

6.1AI score

Exploits0

OSV•added 2026/01/20 9:16 p.m.•2 views

CVE-2026-21640

HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...

2.7CVSS5.8AI score0.0004EPSS

Exploits0References1

Positive Technologies•added 2026/01/20 12:0 a.m.•4 views

PT-2026-3657

2.7CVSS5.5AI score0.0004EPSS

Exploits0References2

Github Security Blog•added 2026/01/12 6:7 p.m.•7 views

Weblate wlc has insecure API key configuration

Impact Historically, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be used against different server. Patches https://github.com/WeblateOrg/wlc/pull/1098 Workarounds Remove unscoped...

5.5CVSS7.2AI score0.00003EPSS

Exploits0References5Affected Software1

OSV•added 2026/01/12 6:7 p.m.•1 views

GHSA-9RP8-H4G8-8766 Weblate wlc has insecure API key configuration

5.3CVSS7AI score0.00003EPSS

Exploits0References5

Brave Browser•added 2026/01/07 2:49 a.m.•7 views

Brave Desktop 1.85.120 Security Fixes

Updated Picture-in-Picture PiP to display origin as reported on HackerOne by frozzipies. Upgraded Chromium to 143.0.7499.192 — refer to Google Chrome advisories for inherited CVEs...

5.8AI score

Exploits0References2Affected Software1

OSV•added 2025/12/17 10:50 p.m.•2 views

GHSA-J22H-9J4X-23W5 mcp-server-git has missing path validation when using --repository flag

In mcp-server-git versions prior to 2025.12.18, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repopath arguments in subsequent tool calls were actually within that configured path. This could allow tool calls t...

6.4CVSS6.5AI score0.00177EPSS

Exploits0References3

Github Security Blog•added 2025/12/17 7:49 p.m.•7 views

mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations

In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other tools which required an existing repository, gitinit could operate on any directory accessible to the server proces...

8.8CVSS7AI score0.00034EPSS

Exploits0References4Affected Software1

Hacker One•added 2025/12/13 8:12 a.m.•17 views

curl: testing hackerone functions

hi team i am testing hackerone functions i need some help of you this is my test account can you blacklist me from your program not ban just blacklist Impact thanks...

6.9AI score

Exploits0

Nextcloud•added 2025/12/05 7:54 a.m.•8 views

Stored XSS in contacts app via organisation and title field

None...

5.4CVSS5.2AI score0.00016EPSS

Exploits0References2Affected Software1

EUVD•added 2025/12/02 1:42 a.m.•7 views

EUVD-2025-200129

HackerOne community member Kassem S.kassems94 has reported that username handling in Revive Adserver was still vulnerable to impersonation attacks after the fix for CVE-2025-52672, via several alternate techniques. Homoglyphs based impersonation has been independently reported by other HackerOne...

5.4CVSS5.5AI score0.00025EPSS

Exploits1References2

Positive Technologies•added 2025/12/02 12:0 a.m.•3 views

PT-2025-49010

🚨 CVE-2025-55129 HackerOne community member Kassem S.kassem s94 has reported that username handling in Revive Adserver was still vulnerable to impersonation attacks after the fix for CVE-2025-52672, via several alternate techniques. Homoglyphs based impersonation has been independently reported b...

5.4CVSS7AI score0.00025EPSS

Exploits1References2

EUVD•added 2025/11/20 9:30 p.m.•1 views

EUVD-2025-198333

HackerOne community member Dao Hoang Anh yoyomiski has reported an uncontrolled resource consumption vulnerability in the “userlog-index.php”. An attacker with access to the admin interface could request an arbitrarily large number of items per page, potentially leading to a denial of service...

6.5CVSS6.4AI score0.00111EPSS

Exploits1References2

EUVD•added 2025/11/20 9:30 p.m.•3 views

EUVD-2025-198334

HackerOne community member Dang Hung Vi vidang04 has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS...

6.5CVSS6.2AI score0.00026EPSS

Exploits1References2

NVD•added 2025/11/20 7:16 p.m.•4 views

CVE-2025-55126

6.5CVSS0.00026EPSS

Exploits1References1

Vulnrichment•added 2025/11/20 7:7 p.m.•7 views

CVE-2025-55126

6.5CVSS5.8AI score0.00026EPSS

Exploits1References1

Vulnrichment•added 2025/11/20 7:6 p.m.•3 views

CVE-2025-55128

HackerOne community member Dang Hung Vi vidang04 has reported an uncontrolled resource consumption vulnerability in the “userlog-index.php”. An attacker with access to the admin interface could request an arbitrarily large number of items per page, potentially leading to a denial of service...

6.5CVSS6.4AI score0.00111EPSS

Exploits1References1

OSV•added 2025/11/10 4:50 p.m.•1 views

MAL-2025-55037 Malicious code in hackerone-internal-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f16e6417e8eaebc0aa37552f263af3e1445a1a3cb50245074d579c9b818a73e6 The package hackerone-internal-test was found to contain malicious code. Source: ossf-package-analysis...

7AI score

Exploits0

EUVD•added 2025/11/10 4:50 p.m.•2 views

EUVD-2025-48938

Malicious code in hackerone-internal-test npm...

6.6AI score

Exploits0