CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

RedhatCVE•added 2025/10/24 12:40 a.m.•4 views

CVE-2025-61136

A Host Header Injection vulnerability in the password reset component in axewater sharewarez v2.4.3 allows remote attackers to conduct password reset poisoning and account takeover via manipulation of the Host header when Flask's urlforexternal=True generates reset links without a fixed SERVERNAM...

7.1CVSS7.3AI score0.00194EPSS

Exploits0References1

EUVD•added 2025/10/23 3:30 p.m.•2 views

EUVD-2025-35695

7.1CVSS6.8AI score0.00194EPSS

Exploits0References6

NVD•added 2025/10/23 3:15 p.m.•3 views

CVE-2025-61136

7.1CVSS0.00194EPSS

Exploits0References5

CNNVD•added 2025/10/23 12:0 a.m.•2 views

SharewareZ 安全漏洞

SharewareZ is a game folder conversion tool by Axe Personal Developers. A security vulnerability exists in SharewareZ version 2.4.3, which stems from an unfixed SERVERNAME in the password reset component, which could lead to password reset poisoning and account takeover...

7.1CVSS6.8AI score0.00194EPSS

Exploits0References6

CVE•added 2025/10/23 12:0 a.m.•7 views

CVE-2025-61136

The CVE-2025-61136 entry describes a Host Header Injection vulnerability in the password reset component of axewater sharewarez v2.4.3. The underlying issue is an unfixed SERVER_NAME causing Flask url_for(_external=True) to generate reset links that can be manipulated via the Host header, enablin...

7.1CVSS6.9AI score0.00194EPSS

Exploits0References5