CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

81 matches found

GamiPress <= 2.8.9 - SQL Injection

GamiPress WordPress plugin version 2.8.9 and below suffers from an SQL injection vulnerability due to insufficient sanitization of user input, allowing attackers to execute arbitrary SQL commands. id: CVE-2024-13496 info: name: GamiPress = 2.8.9 - SQL Injection author: ritikchaddha severity: high...

7.5CVSS9AI score0.02191EPSS

Exploits0References2

Nuclei•added 12 hours ago•17 views

Docusaurus Gists Plugin < 4.0.0 - GitHub Personal Access Token Exposure

The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuratio...

10CVSS5.2AI score0.01842EPSS

Exploits0References3

EUVD•added 2026/05/29 12:38 a.m.•10 views

EUVD-2026-33209

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00237EPSS

Exploits0References3

Positive Technologies•added 2026/04/19 12:0 a.m.•1 views

PT-2026-33647

A vulnerability was identified in Tenda F451 1.0.0.7 cn svn7958. The affected element is the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component httpd. The manipulation of the argument menufacturer/Go leads to buffer overflow. Remote exploitation of the attack is...

9CVSS7.9AI score0.00447EPSS

Exploits0References7

Positive Technologies•added 2026/04/18 12:0 a.m.•2 views

PT-2026-33611

Name of the Vulnerable Software and Affected Versions H3C Magic B0 versions prior to 100R002 Description A buffer overflow exists in the Edit BasicSSID function within the '/goform/aspForm' file. This issue occurs when the param argument is manipulated, allowing for remote execution of the attack...

9CVSS8.6AI score0.00481EPSS

Exploits0References12

Positive Technologies•added 2026/04/12 12:0 a.m.•5 views

PT-2026-32224

Name of the Vulnerable Software and Affected Versions Totolink A800R version 4.1.2cu.5137 B20200730 Description A flaw exists in the Totolink A800R version 4.1.2cu.5137 B20200730 due to a buffer overflow in the setAppEasyWizardConfig function within the /lib/cste modules/app.so library. The...

9CVSS7.6AI score0.00472EPSS

Exploits0References9

Rosalinux•added 2026/03/15 6:5 p.m.•7 views

Advisory ROSA-SA-2026-3208

Software: webmin 2.520 WASP: ROSA-CHROME unaffected versions = webmin-2.520-1 affected versions webmin-2.520-1 CVE-ID: CVE-2025-61541 BDU-ID: 2025-14429 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the getwebminemailurl function of the Webmin hosting control panel is related to access delimitatio...

7.1CVSS5.7AI score0.00416EPSS

Exploits1

Positive Technologies•added 2026/03/08 12:0 a.m.•5 views

PT-2026-23945

Name of the Vulnerable Software and Affected Versions Tenda F453 version 1.0.0.3 Description A flaw exists in the Tenda F453 device that allows for remote code execution. The issue is located within the WrlclientSet function of the /goform/WrlclientSet file. Manipulation of the GO argument leads ...

9CVSS8AI score0.00632EPSS

Exploits1References14

RedhatCVE•added 2026/01/07 9:11 a.m.•3 views

CVE-2025-1701

CVE-2025-1701 is a high-severity vulnerability in the MIM Admin service. An attacker could exploit this vulnerability by sending a specially crafted request over the RMI interface to execute arbitrary code with the privileges of the MIM Admin service. The RMI interface is only accessible locally...

8.9CVSS8.1AI score0.00614EPSS

Exploits0References1

Rosalinux•added 2025/12/02 1:16 p.m.•4 views

Advisory ROSA-SA-2025-3090

Software: python-setuptools 0.9.8 OS: rosa-server79 unaffected versions = python-setuptools-0.9.8-7.0.3.res7 affected versions python-setuptools-0.9.8-7.0.3.res7 CVE-ID: CVE-2025-47273 BDU-ID: 2025-08604 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the setuptools project packaging simplification...

8.8CVSS8.6AI score0.01428EPSS

Exploits4

NCSC•added 2025/11/21 4:3 p.m.•11 views

Vulnerabilities fixed in Oracle Fusion Middleware

Oracle has fixed vulnerabilities in Oracle Fusion Middleware components. The vulnerabilities allow unauthenticated attackers to access critical data over HTTP, which can lead to partial denial-of-service. The severity of these vulnerabilities is underscored by CVSS scores of 7.5, indicating...

9.8CVSS6.9AI score0.88124EPSS

Exploits12References1

Rosalinux•added 2025/11/10 6:21 a.m.•20 views

Advisory ROSA-SA-2025-3073

Software: libxml2 2.9.7 OS: ROSA Virtualization 3.0 unaffected versions = libxml2-2.9.7-21.0.1.rv30.3 affected versions libxml2-2.9.7-21.0.1.1.rv30.3 CVE-ID: CVE-2025-6021 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlBuildQName function of the Libxml2 library is related to a...

9.1CVSS8.9AI score0.2421EPSS

Exploits12

CVE•added 2025/10/13 6:26 a.m.•21 views

CVE-2025-0636

CVE-2025-0636 affects Ericsson RAN Compute and Ericsson Site Controller (EMCLI). The issue is a high-severity vulnerability arising from improper neutralization of special elements used in an OS command, potentially enabling Arbitrary Code Execution. The publicly documented details across multipl...

8.4CVSS6.7AI score0.00266EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-16870

Malicious code in bioql PyPI...

8.9CVSS6.6AI score0.00614EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2023-29491

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01478EPSS

Exploits0References1