CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2025/11/11 3:9 p.m.•2 views

xorg: xmayland: Use-after-free in XPresentNotify structure creation

7.3CVSS6.1AI score0.00476EPSS

HackRead•added 2025/11/11 12:30 p.m.•8 views

Have I Been Pwned Adds 1.96B Accounts From Synthient Credential Data

Have I Been Pwned HIBP, the popular breach notification service, has added another massive dataset to its platform.…...

7AI score

Exploits0

RedhatCVE•added 2025/11/08 3:57 p.m.•10 views

CVE-2025-54167

A cross-site scripting XSS vulnerability has been reported to affect Notification Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following...

9.2CVSS5.8AI score0.00436EPSS

RedhatCVE•added 2025/11/07 8:56 p.m.•5 views

CVE-2025-64174

Magento-lts is a long-term support alternative to Magento Community Edition CE. Versions 20.15.0 and below are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin with direct database access or the admin notification feed source to inject malicious scripts...

4.6CVSS5.7AI score0.00188EPSS

Exploits1References1

EUVD•added 2025/11/07 6:30 p.m.•2 views

EUVD-2025-38276

9.2CVSS5.3AI score0.00436EPSS

Exploits0References2

NVD•added 2025/11/07 4:15 p.m.•3 views

CVE-2025-54167

9.2CVSS0.00436EPSS

Cvelist•added 2025/11/07 3:12 p.m.•4 views

CVE-2025-54167 Notification Center

9.2CVSS0.00436EPSS

Vulnrichment•added 2025/11/07 3:12 p.m.•2 views

CVE-2025-54167 Notification Center

9.2CVSS5.5AI score0.00436EPSS

CVE•added 2025/11/07 3:12 p.m.•9 views

CVE-2025-54167

CVE-2025-54167 is a cross-site scripting (XSS) vulnerability affecting QNAP/N notification Center. The advisory bodies and connected sources confirm the issue exists in Notification Center components and versions prior to the fixed releases: 2.1.0.3443 and later, 1.9.2.3163 and later, and 3.0.0.3...

9.2CVSS5.5AI score0.00436EPSS

CNNVD•added 2025/11/07 12:0 a.m.•4 views

QNAP Notification Center 跨站脚本漏洞

QNAP Notification Center is a system event alert and notification software from Taiwan, China-based QNAP Technology QNAP. A cross-site scripting vulnerability exists in QNAP Notification Center versions 2.1.0.3443, 1.9.2.3163, and 3.0.0.3466, which stems from susceptibility to cross-site scriptin...

9.2CVSS6AI score0.00436EPSS

Exploits0References2

Positive Technologies•added 2025/11/07 12:0 a.m.•3 views

PT-2025-45431

Name of the Vulnerable Software and Affected Versions Notification Center versions prior to 2.1.0.3443 Notification Center versions prior to 1.9.2.3163 Notification Center versions prior to 3.0.0.3466 Description A cross-site scripting XSS issue exists in Notification Center. An attacker who...

9.2CVSS5.8AI score0.00436EPSS

NVD•added 2025/11/06 9:15 p.m.•5 views

CVE-2025-64174

4.8CVSS0.00188EPSS

Exploits1References2

RedHat Linux•added 2025/11/06 1:8 p.m.•3 views

xorg: xmayland: Use-after-free in XPresentNotify structure creation

7.3CVSS6.1AI score0.00476EPSS

CVE•added 2025/11/06 4:36 a.m.•24 views

CVE-2025-11271

The CVE-2025-11271 entry concerns WordPress Easy Digital Downloads (EDD) plugin versions up to and including 3.5.2. The vulnerability is an order verification bypass: the POST parameter verification_override=1 causes the verification check to be skipped unconditionally, enabling an attacker to su...

5.3CVSS5.9AI score0.00263EPSS

EUVD•added 2025/11/06 4:36 a.m.•5 views

EUVD-2025-37973

The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verificationoverride=1. Because this value is...

5.3CVSS5.8AI score0.00263EPSS

Positive Technologies•added 2025/11/06 12:0 a.m.•9 views

PT-2025-45174

Name of the Vulnerable Software and Affected Versions Easy Digital Downloads versions up to and including 3.5.2 Description The Easy Digital Downloads plugin for WordPress has a flaw that allows manipulation of orders. This is due to a bypass in order verification, which occurs when the...

5.3CVSS6.3AI score0.00263EPSS

Exploits0References7

RedhatCVE•added 2025/11/05 5:8 a.m.•2 views

CVE-2025-12412

The Top Bar Notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on th tbnajaxadd function. This makes it possible for unauthenticated attackers to update the plugin's setting...

6.1CVSS5.3AI score0.0012EPSS

Tenable Nessus•added 2025/11/05 12:0 a.m.•4 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990362)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990362 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't read past the mfuart notifcation In case the firmware sends a...

5.5CVSS6AI score0.00268EPSS

Tenable Nessus•added 2025/11/05 12:0 a.m.•3 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989853)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989853 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't read past the mfuart notifcation In case the firmware sends a...

5.5CVSS6AI score0.00268EPSS