CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28675 matches found

EUVD•added 2025/12/16 5:3 p.m.•3 views

EUVD-2023-60193

Rukovoditel 3.4.1 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert XSS payloads in project task comments to execute arbitrary JavaScript in victim browsers...

5.1CVSS5.5AI score0.00205EPSS

Exploits1References4

Vulnrichment•added 2025/12/16 5:3 p.m.•1 views

CVE-2023-53897 Rukovoditel 3.4.1 Multiple Stored Cross-Site Scripting via Comments

5.4CVSS5.6AI score0.00205EPSS

Exploits1References3

OSV•added 2025/12/16 4:16 p.m.•2 views

CVE-2025-68162

In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration...

2.7CVSS5.8AI score0.00178EPSS

Exploits0References1

NVD•added 2025/12/16 4:16 p.m.•4 views

CVE-2025-68162

In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration...

2.7CVSS0.00178EPSS

Exploits0References1

UbuntuCve•added 2025/12/16 4:16 p.m.•4 views

CVE-2025-68288

In the Linux kernel, the following vulnerability has been resolved: usb: storage: Fix memory leak in USB bulk transport A kernel memory leak was identified by the 'ioctlsg01' test from Linux Test Project LTP. The following bytes were mainly observed: 0x53425355. When USB storage devices incorrect...

6.5AI score0.00173EPSS

Exploits0References35

CVE•added 2025/12/16 3:27 p.m.•9 views

CVE-2025-68162

JetBrains TeamCity: CVE-2025-68162 affects the maven embedder in TeamCity versions before 2025.11, allowing loading of extensions via project configuration. The published metrics indicate a low overall severity (CVSS 3.1: Confidentiality None, Integrity Low, Availability None; Privileges Required...

2.7CVSS6.6AI score0.00178EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/12/16 3:27 p.m.•27 views

CVE-2025-68162

In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration...

2.7CVSS0.00178EPSS

Exploits0References1

EUVD•added 2025/12/16 3:27 p.m.•3 views

EUVD-2025-203768

In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration...

2.7CVSS6.4AI score0.00178EPSS

Exploits0References1

Vulnrichment•added 2025/12/16 3:27 p.m.•1 views

CVE-2025-68162

In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration...

2.7CVSS6.6AI score0.00178EPSS

Exploits0References1

Cvelist•added 2025/12/16 3:6 p.m.•29 views

CVE-2025-68288 usb: storage: Fix memory leak in USB bulk transport

0.00173EPSS

Exploits0References7

RedhatCVE•added 2025/12/16 12:26 a.m.•4 views

CVE-2025-60786

A Zip Slip vulnerability in the import a Project component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via uploading a crafted Zip file...

8.8CVSS7.7AI score0.00546EPSS

Exploits1References1

EUVD•added 2025/12/16 12:7 a.m.•3 views

EUVD-2025-203447

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue...

4.3CVSS6.2AI score0.00235EPSS

Exploits0References3

Cvelist•added 2025/12/16 12:7 a.m.•26 views

CVE-2025-67715 Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue...

4.3CVSS0.00235EPSS

Exploits0References2

Vulnrichment•added 2025/12/16 12:7 a.m.•3 views

CVE-2025-67715 Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue...

4.3CVSS6.4AI score0.00235EPSS

Exploits0References2

OSV•added 2025/12/16 12:7 a.m.•6 views

CVE-2025-67715 Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue...

4.3CVSS6.7AI score0.00235EPSS

Exploits0References4

CVE•added 2025/12/16 12:0 a.m.•7 views

CVE-2025-65834

CVE-2025-65834 affects Meltytech Shotcut 25.10.31, with a buffer overflow in mlt_image_fill_white triggered by processing MLT project files that specify extremely large width/height. The issue is documented across several security entries (Red Hat, SUSE/OpenSUSE, NVD, EUVD, OSV, CVE.org) and is d...

9.8CVSS7.1AI score0.0034EPSS

Exploits0References2Affected Software1

CNNVD•added 2025/12/16 12:0 a.m.•4 views

JetBrains IntelliJ IDEA 安全漏洞

JetBrains IntelliJ IDEA is a set of integrated development environments for the Java language from the Czech company JetBrains. A security vulnerability exists in JetBrains IntelliJ IDEA versions prior to 2025.3, which stems from a missing validation step that could result in opening an untrusted...

5.4CVSS6.4AI score0.00088EPSS

Exploits0References1

CNNVD•added 2025/12/16 12:0 a.m.•3 views

Rukovoditel 安全漏洞

Rukovoditel is a web-based open source project management software from the Rukovoditel team. The software features project management, customer relationship management, and more. A security vulnerability exists in Rukovoditel version 3.4.1, which stems from a stored cross-site scripting...

5.4CVSS5.8AI score0.00205EPSS

Exploits1References3

CNNVD•added 2025/12/16 12:0 a.m.•2 views

Shotcut 安全漏洞

Shotcut is an open source video editor for the MLT Framework. A security vulnerability exists in Shotcut version 25.10.31 that stems from a buffer overflow when processing MLT project files, which could result in a memory access violation...

9.8CVSS7.2AI score0.0034EPSS

Exploits0References2