CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4319 matches found

CVE•added 2025/10/09 8:19 p.m.•27 views

CVE-2025-35051

CVE-2025-35051 affects Newforma Project Center Server (NPCS). The vulnerability exists because NPCS accepts serialized .NET data via the “/ProjectCenter.rem” endpoint on port 9003, enabling a remote, unauthenticated attacker to execute arbitrary code with the NT AUTHORITY\NetworkService privilege...

9.8CVSS7.6AI score0.00765EPSS

Exploits0References3Affected Software1

Cvelist•added 2025/10/09 8:19 p.m.•4 views

CVE-2025-35050 Newforma Info Exchange (NIX) .NET unauthenticated deserialization

Newforma Info Exchange NIX accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. The vulnerable endpoint is used by Newforma Project Center Server NPCS, so a...

9.8CVSS0.00842EPSS

Exploits0References4

NVD•added 2025/10/09 7:15 p.m.•4 views

CVE-2025-4614

An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue...

4.8CVSS0.0022EPSS

Exploits0References1

Positive Technologies•added 2025/10/09 12:0 a.m.•5 views

PT-2025-41466

Name of the Vulnerable Software and Affected Versions Newforma Info Exchange affected versions not specified Description Newforma Info Exchange accepts serialized .NET data via the /remoteweb/remote.rem API endpoint without proper validation. This allows a remote, unauthenticated attacker to...

9.8CVSS7.5AI score0.00842EPSS

Exploits0References12

Positive Technologies•added 2025/10/08 12:0 a.m.•3 views

PT-2025-41317

Name of the Vulnerable Software and Affected Versions code-projects E-Commerce Website version 1.0 Description A flaw exists in code-projects E-Commerce Website 1.0. Manipulation of the prod name argument in the file '/pages/product add.php' can lead to SQL injection. This issue may be exploited...

9.8CVSS6.6AI score0.00359EPSS

Exploits1References9

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2017-2963

Malware in sbrugna...

9.8CVSS9.3AI score0.01241EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•10 views

EUVD-2021-20205

Malware in sbrugna...

7.5CVSS7.6AI score0.01172EPSS

Exploits0References4

RedhatCVE•added 2025/10/04 11:53 a.m.•14 views

CVE-2025-9892

The Restrict User Registration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the update function. This makes it possible for unauthenticated attackers to update the plugin's...

5.3CVSS5.2AI score0.0014EPSS

Exploits0References1

Patchstack•added 2025/10/03 10:39 p.m.•7 views

WordPress Restrict User Registration plugin <= 1.0.1 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Nabil Irawan in WordPress Plugin Restrict User Registration versions = 1.0.1...

5.3CVSS7AI score0.0014EPSS

Exploits0References1Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•7 views

EUVD-2023-51767

Malicious code in bioql PyPI...

7.5CVSS7.9AI score0.01009EPSS

Exploits2References1

EUVD•added 2025/10/03 8:7 p.m.•6 views

EUVD-2025-18328

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00614EPSS

Exploits0References3