CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

CVE-2026-7183

A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rlspdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argument pduLength leads to uncaught exception. The attack may be...

6.9CVSS5.4AI score0.00067EPSS

Exploits0References1

Patchstack•added 2026/05/13 1:17 p.m.•4 views

WordPress Redirection for Contact Form 7 plugin <= 3.2.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by JongHwan Shin in WordPress Plugin Redirection for Contact Form 7 versions = 3.2.8...

5.8AI score

Exploits0Affected Software1

Tenable Nessus•added 2026/05/11 12:0 a.m.•3 views

Unity Linux 20.1060e / 20.1070e Security Update: transfig (UTSA-2026-017536)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017536 advisory. An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function computeclosedspline located in transspline.c. It allows an attack...

5.5CVSS6.6AI score0.00108EPSS

Exploits1References4

Patchstack•added 2026/04/14 11:1 a.m.•2 views

WordPress LearnPress plugin <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin LearnPress versions = 4.3.2.8...

9.1CVSS5.8AI score0.00034EPSS

Exploits0References1Affected Software1

EUVD•added 2026/03/12 2:22 a.m.•4 views

EUVD-2026-11509

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability checks on all 10 functions in the SendEmailAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catchlpajax dispatcher verifies a...

4.3CVSS5.9AI score0.00042EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-30471

Malicious code in bioql PyPI...

5.9CVSS6.6AI score0.00039EPSS

Exploits0References2

NVD•added 2025/09/09 8:15 p.m.•1 views

CVE-2025-55053

CWE-328: Use of Weak Hash...

6.5CVSS0.00042EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 3:50 a.m.•2 views

CVE-2023-32826

In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993544...

6.7CVSS7.1AI score0.00012EPSS

Exploits0References1

Circl•added 2025/05/01 6:15 p.m.•2 views

CVE-2025-32886

creationtimestamp| type| source ---|---|--- 2025-05-01 18:15:53+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14357...

5.5CVSS4.8AI score0.00107EPSS

Exploits0References1

Vulnrichment•added 2025/04/16 5:38 p.m.•4 views

CVE-2025-32833

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockProjectUserRights' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...

8.8CVSS7.8AI score0.0004EPSS

Exploits0References1

OSV•added 2024/10/28 8:15 p.m.•1 views

CVE-2024-42930

PbootCMS 3.2.8 is vulnerable to URL Redirect...

6.1CVSS7AI score0.00186EPSS

Exploits0References2

Vulnrichment•added 2024/01/02 2:49 a.m.•2 views

CVE-2023-32878

In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08307992...

4.3AI score0.00008EPSS

Exploits0References1

Circl•added 2023/05/22 10:24 p.m.•1 views

CVE-2023-2839

creationtimestamp| type| source ---|---|--- 2023-05-22 22:24:52+00:00| seen| https://t.me/cibsecurity/64562...

7.5CVSS7.2AI score0.00241EPSS

Exploits1References1

OSV•added 2023/04/13 1:4 p.m.•7 views

SUSE-SU-2023:1837-1 Security update for apache2-mod_auth_openidc

This update for apache2-modauthopenidc fixes the following issues: - CVE-2022-23527: Fixed open redirect in oidcvalidateredirecturl using tab character bsc1206441. - CVE-2023-28625: Fixed NULL pointer dereference when OIDCStripCookies was set and a crafted Cookie header was supplied bsc1210073...

7.5CVSS6.6AI score0.00521EPSS

Exploits0References6

Circl•added 2022/12/01 12:36 a.m.•5 views

CVE-2022-3328

creationtimestamp| type| source ---|---|--- 2022-12-01 00:36:51+00:00| seen| https://t.me/ctinow/78566 2022-12-01 08:23:49+00:00| seen| https://t.me/crackcodes/1578 2022-12-01 23:28:44+00:00| published-proof-of-concept| Telegram/e7mpXn8-zCwJ1LtoziMjcjRzRmSH8ETqIOnXcFKQsQUk0R4 2022-12-02...

7.8CVSS7.3AI score0.00059EPSS

Exploits2References6

RedHat Linux•added 2014/04/14 1:46 p.m.•3 views

Framework: cross-site scripting flaw when using Spring MVC

Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...

4.3CVSS7.5AI score0.0181EPSS

Exploits0References5

RedHat Linux•added 2013/01/10 8:39 p.m.•3 views

rubygem-actionpack: XSS Vulnerability in strip_tags

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/sanitizehelper.rb in the striptags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup...

4.3CVSS7.3AI score0.00333EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by