CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

70 matches found

NVD•added 2026/06/01 5:17 p.m.•9 views

CVE-2026-45159

Nextcloud is an open source content collaboration platform. From versions 1.15.0 to before 1.15.4, 1.16.0 to before 1.16.3, 1.17.0 to before 1.17.1, and 1.18.0 to before 1.18.1, a malicious user with access to an end-to-end encrypted files drop link was able to also drop files into other end-to-e...

3.5CVSS0.00203EPSS

Exploits0References3

Snyk•added 2026/05/21 8:35 p.m.•7 views

Missing Authorization

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Missing Authorization via the AclMiddleware in the request authorization path. An attacker can invite users or enumerate base members by sending userInvite or baseUserList requests from a shared-base session. This...

7.2CVSS5.8AI score0.00037EPSS

Exploits0References2

CNNVD•added 2026/03/11 12:0 a.m.•2 views

Asseco SEE Live 安全漏洞

Asseco SEE Live is a real-time customer interaction and notification management system for financial services offered by the Polish company Asseco. Version 2.0 of Asseco SEE Live contains a security vulnerability. This vulnerability stems from improper access control in the Contact Plan, E-Mail,...

9.9CVSS5.9AI score0.0058EPSS

Exploits0References3

EUVD•added 2026/02/27 12:31 p.m.•4 views

EUVD-2026-9022

PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payload, which will be executed when a victim clicks the link associated with the uploaded image. In version 5.9.0-rc7 clicking the link associated with...

5.4CVSS6AI score0.00169EPSS

Exploits0References3

ATTACKERKB•added 2026/02/04 10:28 p.m.•2 views

CVE-2025-62615

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in RSSFeedBlock, the third-party library urllib.request.urlopen is used directly to access the URL, but the inpu...

9.3CVSS5.3AI score0.00357EPSS

Exploits1References2

ATTACKERKB•added 2026/02/04 6:14 a.m.•3 views

CVE-2026-20985

Improper input validation in Samsung Members prior to version 5.6.00.11 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability...

7CVSS5.6AI score0.00276EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 11:35 a.m.•14 views

CVE-2021-41641

Deno =1.14.0 file sandbox does not handle symbolic links correctly. When running Deno with specific write access, the Deno.symlink method can be used to gain access to any directory...

8.4CVSS7.1AI score0.00382EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 8:59 a.m.•2 views

CVE-2023-49909

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

8.8CVSS8.3AI score0.01822EPSS

Exploits1References1

NVD•added 2025/11/19 8:15 p.m.•2 views

CVE-2025-51662

A stored cross-site scripting XSS vulnerability is found in the text sharing feature of FileCodeBox version 2.2 and earlier. Insufficient input validation allows attackers to inject arbitrary JavaScript code into shared text "codeboxes". The xss payload is automatically executed in the browsers o...

5.4CVSS0.0014EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-4259

Malware in sbrugna...

4.8CVSS5.1AI score0.00804EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2017-6666

Malware in sbrugna...

4.3CVSS4.8AI score0.00973EPSS

Exploits0References5