CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1148 matches found

Vulnrichment•added 2025/10/10 10:2 p.m.•2 views

CVE-2025-61911 python-ldap has sanitization bypass in ldap.filter.escape_filter_chars

python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...

6.9CVSS6.6AI score0.00294EPSS

Exploits1References3

EUVD•added 2025/10/08 11:32 p.m.•2 views

EUVD-2025-25456

Keycloak Potential Variable Reference in Model Storage Services...

4.9CVSS3.7AI score0.00464EPSS

Exploits0References13

OSV•added 2025/10/08 11:32 p.m.•0 views

GHSA-8HXP-QMPH-W5GQ Keycloak Potential Variable Reference in Model Storage Services

A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process allows for injection attacks when crafted realm documents are...

4.9CVSS5.8AI score0.00464EPSS

Exploits0References12

Github Security Blog•added 2025/10/08 11:32 p.m.•8 views

Keycloak Potential Variable Reference in Model Storage Services

4.9CVSS6.9AI score0.00464EPSS

Exploits0References12Affected Software1

OSV•added 2025/10/08 8:15 p.m.•2 views

CVE-2025-60311

ProjectWorlds Gym Management System1.0 is vulnerable to SQL Injection via the "id" parameter in the profile/edit.php page...

8.8CVSS5.9AI score0.00406EPSS

Exploits1References3

Positive Technologies•added 2025/10/08 12:0 a.m.•2 views

PT-2025-41230

Name of the Vulnerable Software and Affected Versions Find Me On WordPress plugin versions through 2.0.9.1 Description The Find Me On WordPress plugin does not properly sanitize and escape a parameter before using it in a SQL query. This allows users with subscriber privileges or higher to execut...

7.7CVSS8.2AI score0.00243EPSS

Exploits0References7

CVE•added 2025/10/07 7:32 a.m.•12 views

CVE-2025-11357

The CVE-2025-11357 entry concerns code-projects Simple Banking System 1.0, with a SQL injection in the /createuser.php endpoint via the Name parameter due to insufficient input validation. Public exploitation is indicated, and remote initiation is possible. Multiple connected sources corroborate ...

8.8CVSS6.4AI score0.00299EPSS

Exploits1References5Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2002-0549

Malware in sbrugna...

7.5CVSS6.4AI score0.06735EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2004-0338

Malware in sbrugna...

10CVSS6.4AI score0.02358EPSS

Exploits0References4