CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

275 matches found

CNNVD•added 2026/02/14 12:0 a.m.•5 views

WordPress plugin AMP Enhancer – Compatibility Layer for Official AMP Plugin 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

4.4CVSS5.6AI score0.00202EPSS

Exploits0References4

Snyk•added 2026/02/01 6:39 a.m.•2 views

Arbitrary Code Execution

Overview pymobiledevice3 is a Pure python3 implementation for working with iDevices iPhone, etc... Affected versions of this package are vulnerable to Arbitrary Code Execution via the insecure eval function used to process user-supplied input in the CLI. An attacker can execute arbitrary scripts ...

9.8CVSS5.9AI score

Exploits0References3

CNNVD•added 2026/01/13 12:0 a.m.•3 views

SAP Identity Management 安全漏洞

SAP Identity Management is a suite of identity management applications from SAP Germany that can be embedded into business processes. A security vulnerability exists in SAP Identity Management that stems from insufficient input processing and could cause an authenticated administrator to submit a...

3.8CVSS5.8AI score0.00171EPSS

Exploits0References2

CNVD•added 2025/12/29 12:0 a.m.•1 views

CMSimple Cross-Site Scripting Vulnerability

CMSimple is a free content management system. CMSimple suffers from a cross-site scripting vulnerability that stems from the application not effectively filtering or neutralizing HTML Unicode encoding when processing user input. An attacker could use this vulnerability to execute arbitrary...

6.1CVSS6.4AI score0.00216EPSS

Exploits1References1

OSV•added 2025/12/24 8:15 p.m.•1 views

UBUNTU-CVE-2018-25154

GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system...

9.8CVSS6.5AI score0.00332EPSS

Exploits1References6

Positive Technologies•added 2025/12/24 12:0 a.m.•3 views

PT-2025-53374

9.8CVSS8.1AI score0.00332EPSS

Exploits1References7

CNNVD•added 2025/11/29 12:0 a.m.•2 views

Retro 跨站脚本漏洞

Retro is an online platform for displaying vintage style items by the individual developer Lakshmi Pavananjali. A cross-site scripting vulnerability exists in Retro versions prior to 2.4.7, which stems from the input processing component being susceptible to cross-site scripting attacks...

6.1CVSS6AI score0.00157EPSS

Exploits0References1

RedhatCVE•added 2025/11/27 4:10 p.m.•14 views

CVE-2025-33194

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper processing of input data. A successful exploit of this vulnerability might lead to information disclosure or denial of service...

7.1CVSS6.2AI score0.00125EPSS

Exploits0References1

NVD•added 2025/11/25 6:15 p.m.•6 views

CVE-2025-33194

7.1CVSS0.00125EPSS

Exploits0References3

CVE•added 2025/11/25 5:59 p.m.•13 views

CVE-2025-33194

The CVE-2025-33194 entry affects NVIDIA DGX Spark GB10, specifically the SROOT firmware. The vulnerability stems from improper processing of input data in SROOT, with documented consequences including information disclosure and denial of service. There is no exploitation status provided in the so...

7.1CVSS6AI score0.00125EPSS

Exploits0References3Affected Software1

Cvelist•added 2025/11/25 5:59 p.m.•7 views

CVE-2025-33194

5.7CVSS0.00125EPSS

Exploits0References3

Github Security Blog•added 2025/11/20 9:23 p.m.•8 views

vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs

Summary Users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape e.g. hidden dimension is wrong, regardless of whether the model is intended to support such inputs as defined in the Supported Models page. The issue has...

8.3CVSS6.8AI score0.00331EPSS

Exploits0References6Affected Software1

CNNVD•added 2025/10/31 12:0 a.m.•5 views

Xen 安全漏洞

Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. A security vulnerability exists in Xen that stems from a...

7.5CVSS6.1AI score0.00317EPSS

Exploits0References2

Schneier on Security•added 2025/10/20 11:0 a.m.•7 views

Agentic AI’s OODA Loop Problem

The OODA loop --for observe, orient, decide, act--is a framework to understand decision-making in adversarial situations. We apply the same framework to artificial intelligence agents, who have to make their decisions with untrustworthy observations and orientation. To solve this problem, we need...

7.9AI score

Exploits0

Veracode•added 2025/10/10 5:21 a.m.•5 views

Denial Of Service (DoS)

xgrammar is vulnerable to Denial Of Service DoS. The vulnerability is due to a regression in the Earley parser, which causes excessive processing time for valid grammar inputs, allowing an attacker to exploit this inefficiency to trigger denial of service through resource exhaustion...

7.5CVSS6.5AI score0.00495EPSS

Exploits1References4Affected Software1