CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7189 matches found

Positive Technologies•added 2026/01/27 12:0 a.m.•3 views

PT-2026-4912

Pix-Link LV-WR21Q does not enforce any form of authentication for endpoint /goform/getHomePageInfo. Remote unauthenticated attacker is able to use this endpoint to e.g: retrieve cleartext password to the access point. The vendor was notified early about this vulnerability, but didn't respond with...

6.9CVSS5.9AI score0.0013EPSS

Exploits0References4

CNNVD•added 2026/01/27 12:0 a.m.•1 views

PHPUnit code issues and vulnerabilities

PHPUnit is a PHP unit testing framework developed by Sebastian Bergmann. There were code-related vulnerabilities in versions prior to PHPUnit 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52. These vulnerabilities stemmed from insecure deserialization of code coverage data during PHPUnit testing, whi...

7.8CVSS6.2AI score0.00236EPSS

Exploits0References7

Packet Storm News•added 2026/01/27 12:0 a.m.•3 views

XAMPP and PHPMyAdmin Web Security Research Playbook

This is a comprehensive security testing guide for XAMPP services. It follows a structured approach: 1 Reconnaissance and Information Gathering, 2 Initial Access Attempts, 3 Post-Authentication Exploitation. Each scenario includes realistic commands and expected outcomes for professional security...

5.9AI score

Exploits0

OSV•added 2026/01/26 7:50 p.m.•3 views

MAL-2026-510 Malicious code in radishwxm5 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4cbabb01d98bcad5705b98f5aac22b9d8f53e8c97e2fe5ab8bca66661e6c0644 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score

Exploits0References1

RedhatCVE•added 2026/01/26 3:10 p.m.•6 views

CVE-2025-52024

A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services,...

9.4CVSS6AI score0.00054EPSS

Exploits0References1

OSSF Malicious Packages•added 2026/01/25 10:4 a.m.•7 views

Malicious code in test-poc-package-for-session-2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0b7003b7bd9585bbb25ce1f957ffef83603883d550f07f77443780a7d47a7f20 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

5.8AI score

Exploits0References1

Fedora•added 2026/01/24 1:42 a.m.•2 views

[SECURITY] Fedora 43 Update: python3.9-3.9.25-3.fc43

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

6.3CVSS7.3AI score0.00128EPSS

Exploits0

Fedora•added 2026/01/24 1:36 a.m.•3 views

[SECURITY] Fedora 42 Update: python3.9-3.9.25-3.fc42

6.3CVSS7.3AI score0.00128EPSS

Exploits0

RedhatCVE•added 2026/01/23 9:17 p.m.•2 views

CVE-2025-67944

Improper Control of Generation of Code 'Code Injection' vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through = 8.1.8...

9.1CVSS5.4AI score0.00085EPSS

Exploits0References1

OSV•added 2026/01/23 9:15 p.m.•1 views

CVE-2025-52024

9.4CVSS5.9AI score

Exploits0References2

HackRead•added 2026/01/23 3:53 p.m.•5 views

Halo Security Achieves SOC 2 Type II Compliance, Demonstrating Sustained Security Excellence Over Time

Halo Security, a leading provider of external attack surface management and penetration testing services, today announced it has…...

5.4AI score

Exploits0

ATTACKERKB•added 2026/01/23 12:0 a.m.•2 views

CVE-2025-52024

9.4CVSS6AI score0.00054EPSS

Exploits0References3

CNNVD•added 2026/01/23 12:0 a.m.•2 views

Aptsys Gemscms POS Platform security vulnerabilities

Aptsys Gemscms POS Platform is a catering management system developed by the Indian company Aptsys. There is a security vulnerability in the Aptsys Gemscms POS Platform, which stems from the internal API testing tools being exposed to unverified users. This vulnerability could allow unauthorized...

9.4CVSS5.9AI score0.00054EPSS

Exploits0References3

CVE•added 2026/01/23 12:0 a.m.•8 views

CVE-2025-52024

CVE-2025-52024 affects Aptsys POS Platform Web Services. Affected: Aptsys POS Platform Web Services version(s) prior to 2025-05-29. Root cause: unauthenticated access exposes internal API testing tooling and a directory-style index of backend services and POS web services, each with HTML forms fo...

9.4CVSS5.7AI score0.00054EPSS

Exploits0References2Affected Software1

OSSF Malicious Packages•added 2026/01/22 8:16 p.m.•4 views

Malicious code in urlsser (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c4f6d5a2656d3741fd7a1a4c50a9d3332a09874ef7c46713d0ad5e36478a063e This package does not directly contain malicious code, but was uploaded as part of the malicious campaign and is used as a helper in further infection stages...

5.6AI score

Exploits0References2

OSV•added 2026/01/22 8:16 p.m.•2 views

MAL-2026-468 Malicious code in urlsser (PyPI)

5.6AI score

Exploits0References2