CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

81 matches found

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2023-1139

Malicious code in bioql PyPI...

4.9CVSS5.2AI score0.00499EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-59053

Malicious code in bioql PyPI...

9.8CVSS7.7AI score0.0019EPSS

Exploits0References5

Vulnrichment•added 2025/09/14 6:2 a.m.•2 views

CVE-2025-10393 miurla morphic HTTP Status Code 3xx advanced-search fetchHtml server-side request forgery

A flaw has been found in miurla morphic up to 0.4.5. This impacts the function fetchHtml of the file /api/advanced-search of the component HTTP Status Code 3xx Handler. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been...

6.5CVSS6.4AI score0.00056EPSS

Exploits0References4

Veracode•added 2025/09/09 8:49 a.m.•3 views

Blind Server Side Request Forgery (SSRF)

johnbillion/wp-crontrol plugin is vulnerable to Blind Server Side Request Forgery SSRF. The vulnerability is due to improper use of the wpremoterequest function, which allows an attacker with Administrator-level access to send arbitrary web requests and interact with internal services...

5.9CVSS7AI score0.0005EPSS

Exploits0References4Affected Software1

NVD•added 2025/08/22 8:15 a.m.•3 views

CVE-2025-8678

The WP Crontrol plugin for WordPress is vulnerable to blind Server-Side Request Forgery in versions 1.17.0 to 1.19.1 via the 'wpremoterequest' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations...

5.9CVSS0.0005EPSS

Exploits0References3

CVE•added 2025/08/22 7:24 a.m.•30 views

CVE-2025-8678

The CVE-2025-8678 entry concerns the WordPress WP Crontrol plugin. Affected versions 1.17.0–1.19.1 expose a blind Server-Side Request Forgery via wp_remote_request() that can be exploited by authenticated administrators or higher to issue web requests from the WordPress host to arbitrary external...

5.9CVSS5.3AI score0.0005EPSS

Exploits0References3

Cvelist•added 2025/08/22 7:24 a.m.•8 views

CVE-2025-8678 WP Crontrol - 1.17.0 - 1.19.1 - Authenticated (Administrator+) Blind Server-Side Request Forgery

5.9CVSS0.0005EPSS

Exploits0References3

Snyk•added 2025/07/14 12:40 a.m.•3 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the preHandle function of the AuthorizationInterceptor.java component. An attacker can gain unauthorized access to restricted resources by manipulating the Request argument remotely. Remediation A fix was pushed...

6.5CVSS7AI score0.00237EPSS

Exploits0References2

BDU FSTEC•added 2025/07/02 12:0 a.m.•1 views

The vulnerability of the built-in boa server (/boafrm/formParentControl) of the TOTOLINK A3002RU router’s microprogramming software allows a intruder to cause a service failure.

The vulnerability of the built-in boa server /boafrm/formParentControl of the TOTOLINK A3002RU router’s microprogramming software is related to the issue of the operation exceeding the buffer in memory when processing the submit-url parameter. Exploiting this vulnerability allows a malicious acto...

9CVSS7.8AI score0.01357EPSS

Exploits1References2Affected Software1

BDU FSTEC•added 2025/06/11 12:0 a.m.•1 views

The vulnerability of the SAP NetWeaver Application Server ABAP software integration platform lies in the lack of a mechanism for verifying the authenticity of incoming RFC requests. This allows attackers to increase their privileges.

The vulnerability of the SAP NetWeaver Application Server ABAP software integration platform is related to the absence of a mechanism for verifying the authenticity of incoming RFC requests during processing. Exploiting this vulnerability allows an attacker operating remotely to increase their...

9.6CVSS5.8AI score0.00227EPSS

Exploits0References2

Patchstack•added 2025/02/17 10:18 a.m.•2 views

WordPress Responsive Plus plugin <= 3.1.4 - Authenticated (Contributor+) Blind Server-Side Request Forgery via remote_request vulnerability

Authenticated Contributor+ Blind Server-Side Request Forgery via remoterequest vulnerability discovered by Francesco Carlucci in WordPress Plugin Responsive Plus versions = 3.1.4...

5.4CVSS7.1AI score0.00075EPSS

Exploits0References1Affected Software1

OSV•added 2025/02/15 3:15 p.m.•2 views

CVE-2024-13834

The Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.4 via the 'remoterequest' function. This makes it possible for authenticated attacker...

5.4CVSS7.4AI score

Exploits0References2

Vulnrichment•added 2025/01/31 1:41 a.m.•7 views

CVE-2023-0092

An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem...

4.9CVSS6.7AI score0.00499EPSS

Exploits0References2

OSV•added 2024/12/06 10:15 p.m.•2 views

CVE-2024-38926

Open Robotics Robotic Operating System 2 ROS2 and Nav2 humble versions were discovered to contain a use-after-free via the nav2amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter /amcl zshort...

9.8CVSS5.8AI score

Exploits0References3

NVD•added 2024/12/06 10:15 p.m.•15 views

CVE-2024-38923

Open Robotics Robotic Operating System 2 ROS2 and Nav2 humble versions were discovered to contain a use-after-free via the nav2amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter/amcl odomframeid...

9.8CVSS0.00183EPSS

Exploits1References3

Vulnrichment•added 2024/12/06 12:0 a.m.•8 views

CVE-2024-38926

7.5AI score0.00137EPSS

Exploits1References3

CNNVD•added 2024/12/06 12:0 a.m.•2 views

Nav2 全漏洞

Nav2 is the ROS community's navigation framework and system for ROS2. Nav2 has a security vulnerability that originates from the nav2amcl process containing post-release reuse. The vulnerability is triggered by remotely sending a request to change the value of zshort in the dynamic parameters/amc...

9.8CVSS6.8AI score0.00137EPSS

Exploits1References3

BDU FSTEC•added 2024/06/04 12:0 a.m.•1 views

The vulnerability of the WOPI protocol implementation in the MyOffice SDK software development kit allows a hacker to manipulate requests from the server.

The vulnerability of the WOPI protocol implementation in the MyOffice SDK software relates to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to manipulate requests from the server remotely...

5.3CVSS5.4AI score0.00181EPSS

Exploits0References2Affected Software1

BDU FSTEC•added 2024/03/20 12:0 a.m.•1 views

The vulnerability of the aiohttp HTTP client, related to deficiencies in handling headers like Content-Length and Transfer-Encoding, allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the aiohttp HTTP client is related to deficiencies in handling headers such as Content-Length and Transfer-Encoding. Exploiting this vulnerability allows an attacker to send hidden HTTP requests remotely HTTP Request Smuggling attack...

6.5CVSS6.3AI score0.00457EPSS

Exploits4References4Affected Software2

OSV•added 2024/01/10 4:13 a.m.•22 views

CVE-2024-21643 Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability

IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the SignedHttpRequestprotocol or the SignedHttpRequestValidatoris vulnerable. Microsoft.IdentityModel trusts the jkuclaim...

7.1CVSS8.5AI score0.0063EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by