Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4418 matches found

CVE
CVEadded 2025/10/24 10:6 a.m.12 views

CVE-2025-10680

OpenVPN CVE-2025-10680 affects OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX platforms. The root cause is improper handling of DNS-related options (--dns and --dhcp-option) in the --dns-updown hook, allowing a remote authenticated server to inject shell commands via DNS variables. Exploitation co...

8.8CVSS6.6AI score0.00212EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEVadded 2025/10/23 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-2915

A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service DoS on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions...

8.8CVSS5.9AI score0.00696EPSS
In wildExploits0References2
OSV
OSVadded 2025/10/22 7:15 p.m.3 views

CVE-2025-62248

A reflected cross-site scripting XSS vulnerability, resulting from a regression, has been identified in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through...

4.8CVSS5.7AI score0.00028EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/10/20 12:0 a.m.4 views

PT-2025-42751

Name of the Vulnerable Software and Affected Versions Galaxy Software Services Corporation Vitals ESP Forum Module versions through 1.3 Description An unrestricted upload of file with dangerous type flaw exists in the upload file function. This allows remote authenticated users to execute arbitra...

9.3CVSS6.3AI score0.00071EPSS
Exploits0References9
Vulnrichment
Vulnrichmentadded 2025/10/17 12:0 a.m.4 views

CVE-2025-62645

The Restaurant Brands International RBI assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation...

9.9CVSS6.4AI score0.00199EPSS
Exploits1References5
OSV
OSVadded 2025/10/15 2:15 a.m.1 views

CVE-2017-20204

DBLTek GoIP devices models GoIP 1, 4, 8, 16, and 32 contain an undocumented vendor backdoor in the Telnet administrative interface that allows remote authentication as an undocumented user via a proprietary challenge–response scheme which is fundamentally flawed. Because the challenge response ca...

9.3CVSS6.1AI score0.01186EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/10/14 9:50 p.m.3 views

CVE-2025-62390

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...

6.5CVSS6AI score0.00368EPSS
Exploits0References1
CVE
CVEadded 2025/10/13 9:13 p.m.8 views

CVE-2025-62384

CVE-2025-62384 is a SQL injection vulnerability in Ivanti Endpoint Manager (EPM). Multiple connected sources confirm that an authenticated, remote attacker could read arbitrary data from the EPM database. The affected product is Ivanti Endpoint Manager; the root cause is SQL injection that target...

6.5CVSS6AI score0.00338EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2025/10/13 9:12 p.m.5 views

CVE-2025-62386

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...

6.5CVSS0.00338EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/10/13 9:12 p.m.1 views

CVE-2025-62386

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...

6.5CVSS6AI score0.00338EPSS
Exploits0References1
CVE
CVEadded 2025/10/13 9:10 p.m.9 views

CVE-2025-62392

CVE-2025-62392 is an SQL injection in Ivanti Endpoint Manager that allows a remote authenticated attacker to read arbitrary data from the database. The CVE is discussed across multiple feeds (NVD, Red Hat, ENISA/NCSC, CNVD) with consistent description of a SQL injection vulnerability in Ivanti En...

6.5CVSS6AI score0.00338EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2025/10/13 8:42 p.m.10 views

CVE-2025-62252

The CVE-2025-62252 issue is an IDOR vulnerability in Liferay Portal 7.4.0–7.4.3.111 and Liferay DXP 2023.Q3.1–Q3.10, 2023.Q4.0–Q4.5, and 7.4 GA–update 92. Affected code path is the _com_liferay_users_admin_web_portlet_UsersAdminPortlet_addUserIds parameter, which can let remote authenticated user...

5.3CVSS6.4AI score0.00052EPSS
Exploits0References1Affected Software2
CNNVD
CNNVDadded 2025/10/13 12:0 a.m.3 views

Liferay DXP 安全漏洞

Liferay DXP is a suite of digital experience collaboration platforms from Liferay USA. A security vulnerability exists in Liferay DXP versions 2023.Q4.1 through 2023.Q4.5, which stems from the comliferaycommerceorderwebinternalportletCommerceOrderPortletcommerceOrderId An insecure direct object...

5.3CVSS6.3AI score0.00047EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/10/13 12:0 a.m.3 views

PT-2025-41831

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager affected versions not specified Description A SQL injection issue exists in Ivanti Endpoint Manager. A remote authenticated attacker can potentially read arbitrary data from the database. The issue allows for unauthoriz...

6.5CVSS7.2AI score0.00338EPSS
Exploits0References4
OSV
OSVadded 2025/10/10 1:15 p.m.4 views

CVE-2025-62239

Cross-site scripting XSS vulnerability in workflow process builder in Liferay Portal 7.4.3.21 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 21 through update 92 allows remote authenticated attackers to inject arbitrary web script or HT...

5.4CVSS5.8AI score0.00028EPSS
Exploits0References1
CVE
CVEadded 2025/10/10 12:33 p.m.10 views

CVE-2025-62238

CVE-2025-62238 is a stored XSS vulnerability affecting Liferay Portal 7.4.3.21–7.4.3.111 and Liferay DXP 2023.Q4.0–2023.Q4.5, plus 2023.Q3.1–2023.Q3.8 and 7.4 update 21–92. The issue occurs on the Membership page in Account Settings via the Account Name field, where insufficient input validation ...

5.4CVSS5AI score0.00031EPSS
Exploits0References1Affected Software2
OSV
OSVadded 2025/10/09 9:15 p.m.2 views

CVE-2025-35060

Newforma Info Exchange NIX provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent...

5.4CVSS5.8AI score0.00033EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/10/09 12:0 a.m.2 views

PT-2025-41442

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 22.4R3-S8 Juniper Networks Junos OS versions 23.2 through 23.2R2-S4 Juniper Networks Junos OS versions 23.4 through 23.4R2-S5 Juniper Networks Junos OS versions 24.2 through 24.2R2-S1 Juniper Network...

5.4CVSS6.8AI score0.00042EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2015-0180

Malware in sbrugna...

4CVSS6.4AI score0.00358EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2015-5009

Malware in sbrugna...

3.5CVSS6.4AI score0.00134EPSS
Exploits0References3
Rows per page
Query Builder