CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28676 matches found

Veracode•added 2025/10/06 10:50 a.m.•5 views

Sensitive Information Disclosure

github.com/argoproj/argo-cd is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the project details API returning stored repository usernames and passwords in its response, and an attacker with a token scoped only for standard application management can call that endpoi...

9.9CVSS6.8AI score0.04518EPSS

Exploits1References2Affected Software3

Packet Storm•added 2025/10/06 12:0 a.m.•135 views

📄 WordPress KKProgressbar2 1.1.4.2 Cross Site Request Forgery

WordPress KKProgressbar2 version 1.1.4.2 cross site request forgery proof of concept exploit. Exploit Title: WordPress Plugin KKProgressbar2 - Cross-Site Request Forgery CSRF Date: 2025-10-05 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H:...

8.8CVSS6.6AI score0.00324EPSS

Exploits3

Circl•added 2025/10/05 10:2 a.m.•3 views

CVE-2021-27856

creationtimestamp| type| source ---|---|--- 2025-10-05 10:02:43+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-27856.yaml...

9.8CVSS6AI score0.05598EPSS

Exploits1References1

Vulnrichment•added 2025/10/05 6:2 a.m.•2 views

CVE-2025-11285 samanhappy MCPHub serverController.ts os command injection

A vulnerability was found in samanhappy MCPHub up to 0.9.10. Affected by this issue is some unknown functionality of the file src/controllers/serverController.ts. The manipulation of the argument command/args results in os command injection. The attack can be launched remotely. The exploit has be...

6.5CVSS6.5AI score0.07899EPSS

Exploits1References4

Hacker One•added 2025/10/04 1:4 p.m.•7 views

Lovable VDP: Users can change project visibility which requires high subscription by just changing request body

A Broken Access Control vulnerability was discovered that allowed users to change project visibility to higher subscription tiers by modifying the request body. The visibility was changed from the default setting to Personal or Workspace, bypassing subscription checks and enabling unauthorized...

5.8AI score

Exploits0