CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

857 matches found

RedhatCVE•added 2026/01/09 9:21 a.m.•11 views

CVE-2021-27609

SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP EarlyWatch Alert service data collection and sending to SAP without the intended authorization...

6.5CVSS6.7AI score0.00515EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:26 a.m.•4 views

CVE-2019-12571

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v0.9.8 beta build 02099 for macOS could allow an authenticated, local attacker to overwrite arbitrary files. When the client initiates a connection, the XML /tmp/pia-watcher.plist file is created. If the file exists,...

7.1CVSS6.8AI score0.00643EPSS

Exploits1References1

EUVD•added 2025/12/24 12:30 p.m.•5 views

EUVD-2025-205068

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix MSDU buffer types handling in RX error path Currently, packets received on the REO exception ring from unassociated peers are of MSDU buffer type, while the driver expects link descriptor type packets. These...

6.1AI score0.00155EPSS

Exploits0References4

Cvelist•added 2025/12/24 10:33 a.m.•19 views

CVE-2025-68729 wifi: ath12k: Fix MSDU buffer types handling in RX error path

0.00155EPSS

Exploits0References3

CVE•added 2025/12/24 10:33 a.m.•14 views

CVE-2025-68729

The CVE-2025-68729 entry documents a Linux kernel issue in ath12k where MSDU buffer type packets received on the REO exception ring from unassociated peers were mis-parsed as link descriptor packets. The underlying cause was not freeing the skb, risking kernel crashes and buffer leaks. The provid...

6.3AI score0.00155EPSS

Exploits0References3

The Hacker News•added 2025/12/22 6:11 a.m.•8 views

Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale

Threat actors have been observed leveraging malicious dropper apps masquerading as legitimate applications to deliver an Android SMS stealer dubbed Wonderland in mobile attacks targeting users in Uzbekistan. "Previously, users received 'pure' Trojan APKs that acted as malware immediately upon...

7.3AI score

Exploits0

Cvelist•added 2025/11/26 12:0 a.m.•7 views

CVE-2025-65235

OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL injection vulnerability via the ID parameter in the getSubUsersByProvider function...

0.00377EPSS

Exploits1References3

Vulnrichment•added 2025/11/26 12:0 a.m.•2 views

CVE-2025-65236

OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint...

8AI score0.00385EPSS

Exploits1References3

CNNVD•added 2025/11/18 12:0 a.m.•4 views

Fortinet FortiWeb 信任管理问题漏洞

Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...

5.5CVSS7AI score0.001EPSS

Exploits0References2

CNNVD•added 2025/11/06 12:0 a.m.•2 views

WordPress plugin Blog2Social 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plug...

5.3CVSS6.7AI score0.00173EPSS

Exploits0References2

CNNVD•added 2025/11/05 12:0 a.m.•2 views

WordPress plugin WPeMatico RSS Feed Fetcher 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin...

6.4CVSS6.7AI score0.00194EPSS

Exploits0References6

Positive Technologies•added 2025/10/23 12:0 a.m.•4 views

PT-2025-43504

Name of the Vulnerable Software and Affected Versions Android Framework affected versions not specified Description A flaw in the Android Framework component allows a remote attacker to cause a persistent denial of service through resource exhaustion. The issue exists in the onHeaderDecoded...

10CVSS6.2AI score0.00465EPSS

Exploits0References29

CNNVD•added 2025/10/23 12:0 a.m.•3 views

WordPress plugin RSS Aggregator by Feedzy 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin RSS...

5CVSS6.9AI score0.00244EPSS

Exploits0References6

Redos•added 2025/10/08 12:0 a.m.•3 views

ROS-20251008-02

Thunderbird email client vulnerability is related to insufficient protection of service data. Exploitation exploitation of the vulnerability could allow an attacker acting remotely to download arbitrary files...

7AI score

Exploits0

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-22240

Malware in sbrugna...

5.5CVSS6.5AI score0.02497EPSS

Exploits0References19

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-4167

Malware in sbrugna...

7.1CVSS7AI score0.00582EPSS

Exploits1References2