CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2025/09/24 8:48 a.m.•3 views

BIT-GOLANG-2025-47910 CrossOriginProtection insecure bypass patterns not limited to exact matches in net/http

When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections...

5.4CVSS6.9AI score0.00308EPSS

Exploits0References5

CNNVD•added 2025/09/24 12:0 a.m.•2 views

AMD Kintex 7-Series FPGA和AMD Artix 7-Series FPGA 安全漏洞

The AMD Kintex 7-Series FPGA and AMD Artix 7-Series FPGA are both FPGA chips from UltraMicroelectronics AMD. A security vulnerability exists in AMD Kintex 7-Series FPGAs and AMD Artix 7-Series FPGAs that stems from insufficient voltage and clock burr protection, which could lead to an attacker...

8.6CVSS6.4AI score0.00183EPSS

Drupal•added 2025/09/24 12:0 a.m.•10 views

Currency - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-110

This module allows you to use different currencies on your website and do currency conversion. The module doesn't sufficiently protect routes used to enable and disable currencies from Cross-Site Request Forgery CSRF attacks, potentially allowing an attacker to trick an admin into changing settin...

6.5CVSS5.4AI score0.00122EPSS

Exploits0References2

Microsoft Secure•added 2025/09/23 4:0 p.m.•2 views

Microsoft Purview delivered 30% reduction in data breach likelihood

In today’s digital-first world, data is both an asset and a liability. As organizations scale their use of cloud platforms, AI, and remote collaboration tools, the complexity of managing data security, data privacy, and regulatory compliance grows exponentially. For organizations, the challenge i...

6.2AI score

Vulnrichment•added 2025/09/23 2:55 p.m.•1 views

CVE-2025-4760 Authenticated Stored Cross-Site Scripting (XSS) in Multiple WSO2 Products via API Document Upload in Publisher

An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...

4.8CVSS5.2AI score0.00173EPSS

SUSE Linux•added 2025/09/23 7:54 a.m.•3 views

Security update for kernel-livepatch-MICRO-6-0_Update_2

This update for kernel-livepatch-MICRO-6-0Update2 fixes the following issues: CVE-2024-49860: ACPI: sysfs: validate return type of STR method bsc1231862 CVE-2025-38177: kernel: schhfsc: make hfscqlennotify idempotent bsc1246356 CVE-2025-38109: net/mlx5: fix ECVF vports unload on shutdown flow...

8.5CVSS7.5AI score0.00824EPSS

Exploits3References28

Packet Storm News•added 2025/09/23 12:0 a.m.•3 views

Obelix: Mitigating Side-Channels through Dynamic Obfuscation

Trusted execution environments TEEs offer hardware-assisted means to protect code and data. However, as shown in numerous results over the years, attackers can use side-channels to leak data access patterns and even single-step the code. While the vendors are slowly introducing hardware-based...

7.2AI score

Positive Technologies•added 2025/09/23 12:0 a.m.•5 views

PT-2025-39223

Name of the Vulnerable Software and Affected Versions Click Plus PLC version 3.60 Description A hard-coded cryptographic key is present in firmware version 3.60 of the Click Plus PLC. This key, an AES key, is used to protect the initial messages of a new KOPS session. Recommendations At the momen...

6.9CVSS6.4AI score0.00244EPSS

Exploits0References6

Imperva Blog•added 2025/09/22 9:16 p.m.•4 views

KuppingerCole 2025: Why Thales is a Market Leader in API Security

APIs are the backbone of modern applications connecting critical microservices and enabling enterprises to turn data into context-aware business logic via AI across their digital services. As applications become more contextual, APIs expose the data, workflows, and model interactions attackers...

7AI score

NVD•added 2025/09/22 9:15 p.m.•2 views

CVE-2025-47910

5.4CVSS0.00308EPSS

OSV•added 2025/09/22 9:15 p.m.•3 views

CVE-2025-47910

6.9AI score

OSV•added 2025/09/22 9:15 p.m.•3 views

DEBIAN-CVE-2025-47910

5.4CVSS8.1AI score0.00308EPSS

OSV•added 2025/09/22 9:15 p.m.•4 views

UBUNTU-CVE-2025-47910

5.4CVSS6.9AI score0.00308EPSS

Exploits0References6

Cvelist•added 2025/09/22 9:1 p.m.•12 views

CVE-2025-47910 CrossOriginProtection insecure bypass patterns not limited to exact matches in net/http

0.00308EPSS

CVE•added 2025/09/22 9:1 p.m.•104 views

CVE-2025-47910

CVE-2025-47910 — Normal (detailed) The connected sources confirm a vulnerability in Go’s net/http CrossOriginProtection: the AddInsecureBypassPattern can bypass more requests than intended, causing CrossOriginProtection to skip validation while forwarding the original request path. This may allow...

5.4CVSS6.5AI score0.00308EPSS

Vulnrichment•added 2025/09/22 9:1 p.m.•2 views

CVE-2025-47910 CrossOriginProtection insecure bypass patterns not limited to exact matches in net/http

6.5AI score0.00308EPSS

Debian CVE•added 2025/09/22 9:1 p.m.•5 views

CVE-2025-47910

5.4CVSS8.1AI score0.00308EPSS

NVD•added 2025/09/22 7:16 p.m.•3 views

CVE-2025-58670

Cross-Site Request Forgery CSRF vulnerability in Shankaranand Maurya WP Content Protection wp-content-protection allows Stored XSS.This issue affects WP Content Protection: from n/a through = 1.3...

7.1CVSS0.00118EPSS