CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

310 matches found

Vulnrichment•added 2025/10/14 12:0 a.m.•1 views

CVE-2025-57618

A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthenticated attacker to read arbitrary files on the server. By leveraging this vulnerability, it is possible to access the application's configuration files, which contain the secret key used to sign JSON Web Tokens as well as...

7.8AI score0.00687EPSS

Exploits0References3

CNVD•added 2025/10/13 12:0 a.m.•4 views

WordPress Copypress Rest API plugin code execution vulnerability

WordPress Copypress Rest API plugin plugin is used to extend the functionality of WordPress plugin , by providing a RESTful interface to achieve data interaction . A code execution vulnerability exists in the WordPress Copypress Rest API plugin, which stems from the use of a hard-coded JWT signin...

9.8CVSS7.9AI score0.0078EPSS

Exploits2References1

SUSE CVE•added 2025/10/10 11:23 p.m.•2 views

SUSE CVE-2025-61152

python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary claims e.g., isadmin=true and bypass authentication checks, leading to privilege escalation or unauthoriz...

6.5CVSS7.1AI score0.00068EPSS

Exploits0References3

OSV•added 2025/10/10 2:15 p.m.•0 views

CVE-2025-61152

6.5CVSS5.9AI score0.00068EPSS

Exploits0References3

Vulnrichment•added 2025/10/10 12:0 a.m.•3 views

CVE-2025-61152

6.6AI score0.00068EPSS

Exploits0References3

CVE•added 2025/10/10 12:0 a.m.•15 views

CVE-2025-61152

The vulnerability CVE-2025-61152 affects python-jose up to version 3.3.0. It allows JWT tokens signed with alg=none to be decoded and accepted without cryptographic signature verification, enabling a forged token with arbitrary claims (e.g., is_admin=true) and bypassing authentication in applicat...

6.5CVSS6.6AI score0.00068EPSS

Exploits0References3