CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/03/26 12:0 a.m.•1 views

PT-2026-28420

Name of the Vulnerable Software and Affected Versions Mattermost Plugins versions 10.11.11.0 and 11.4 Description Mattermost plugins do not properly validate timestamps in webhook requests. This allows an attacker to repeatedly send webhook requests, potentially corrupting the state of Zoom...

2.2CVSS5.9AI score0.00016EPSS

OpenVAS•added 2026/03/17 12:0 a.m.•4 views

Huawei EulerOS: Security Advisory for libwebsockets (EulerOS-SA-2026-1613)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS5.8AI score0.00075EPSS

Positive Technologies•added 2026/02/07 12:0 a.m.•3 views

PT-2026-6921

Name of the Vulnerable Software and Affected Versions Mapnik versions prior to 4.2.1 Description A flaw exists in Mapnik that relates to a divide by zero error within the mapnik::detail::mod::operator function located in the src/value.cpp file. This issue can be triggered locally. The details of...

4.8CVSS5.3AI score0.00009EPSS

Exploits1References9

Positive Technologies•added 2026/01/29 12:0 a.m.•4 views

PT-2026-6070

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 144.0.7559.132 Description A type confusion issue exists in the V8 engine within Google Chrome. This can lead to heap corruption when processing specially crafted HTML pages. A proof-of-concept PoC has been...

10CVSS5.3AI score0.00062EPSS

Exploits1References24

OSV•added 2026/01/12 9:26 p.m.•1 views

USN-7927-2 python-urllib3 regression

USN-7927-1 fixed vulnerabilities in urllib3. The update for CVE-2025-66471 introduced a regression in the zstd decompression component inside urllib3. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Illia Volochii discovered that urllib3 did not limit...

8.9CVSS6.7AI score0.00017EPSS

Exploits0References3

Positive Technologies•added 2026/01/09 12:0 a.m.•3 views

PT-2026-2170

Name of the Vulnerable Software and Affected Versions GestSup versions up to and including 3.2.56 Description GestSup versions up to and including 3.2.56 have multiple SQL injection flaws in the asset list functionality. Request parameters used to filter, search, or sort assets are included in SQ...

7.5CVSS7.2AI score0.00021EPSS

OpenVAS•added 2025/11/13 12:0 a.m.•1 views

Mozilla Firefox Security Update (mfsa_2025-87) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

9.8CVSS6.8AI score0.00067EPSS

Exploits0References1

OpenVAS•added 2025/11/12 12:0 a.m.•2 views

Huawei EulerOS: Security Advisory for icu (EulerOS-SA-2025-2329)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7CVSS7.4AI score0.00033EPSS

Intel•added 2025/11/11 12:0 a.m.•4 views

Intel® Killer™ Software Advisory

Summary: A potential security vulnerability for some Intel® Killer™ Software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-24491 Description: Uncontrolled search path for some Intel® Killer™...

6.7CVSS6.3AI score0.00013EPSS

Exploits0

Positive Technologies•added 2025/10/30 12:0 a.m.•2 views

PT-2025-44403

Name of the Vulnerable Software and Affected Versions Dell Unity versions 5.4 and prior Description Dell Unity versions 5.4 and prior contain an Improper Neutralization of Special Elements used in an OS Command vulnerability, also known as an OS Command Injection issue. A low privileged attacker...

7.8CVSS6.6AI score0.00031EPSS

Positive Technologies•added 2025/10/29 12:0 a.m.•4 views

PT-2025-44319

Name of the Vulnerable Software and Affected Versions WatchGuard Mobile VPN with SSL client versions prior to 12.11.3 Description A local privilege escalation issue exists in the WatchGuard Mobile VPN with SSL client on Windows. A local user can execute arbitrary commands with elevated privileges...

7.8CVSS7.1AI score0.00233EPSS

Positive Technologies•added 2025/08/27 12:0 a.m.•1 views

PT-2025-34921 · Rtcamp · Rtcamp Transcoder

Name of the Vulnerable Software and Affected Versions: rtCamp Transcoder versions through 1.4.0 Description: rtCamp Transcoder is susceptible to a Stored Cross-Site Scripting XSS issue due to improper neutralization of input during web page generation. Recommendations: Update rtCamp Transcoder to...

6.5CVSS5.5AI score0.00047EPSS

Positive Technologies•added 2025/08/14 12:0 a.m.•2 views

PT-2025-33243 · Unknown · Stylemix Motors

Name of the Vulnerable Software and Affected Versions: Stylemix Motors versions n/a through 1.4.80 Description: A flaw exists in Stylemix Motors related to incorrectly configured access control security levels, allowing for authorization bypass through a user-controlled key. Recommendations: Upda...

5.3CVSS6.4AI score0.00063EPSS

Positive Technologies•added 2025/07/25 12:0 a.m.•2 views

PT-2025-30899 · Unknown · Simplehelp

Name of the Vulnerable Software and Affected Versions: Simplehelp versions prior to 5.5.11 Description: The software contains a Cross-Site Request Forgery CSRF flaw. Recommendations: Update Simplehelp to version 5.5.11 or later...

8.8CVSS6.6AI score0.00089EPSS

Exploits0References3

Positive Technologies•added 2025/07/23 12:0 a.m.•0 views

PT-2025-30532 · Samsung · Magicinfo 9 Server

Name of the Vulnerable Software and Affected Versions: MagicINFO 9 Server versions prior to 21.1080.0 Description: A flaw exists in Samsung Electronics MagicINFO 9 Server that allows code injection through the unrestricted upload of files with dangerous types. Recommendations: Update MagicINFO 9...

9.8CVSS6.7AI score0.00414EPSS

Exploits0References6

Positive Technologies•added 2025/07/16 12:0 a.m.•0 views

PT-2025-29777 · Nootheme · Nootheme Yogi

Name of the Vulnerable Software and Affected Versions: NooTheme Yogi versions through 2.9.0 Description: The software contains a deserialization of untrusted data flaw that allows for object injection. Recommendations: Update NooTheme Yogi to a version later than 2.9.0...

8.8CVSS6.3AI score0.00336EPSS

Positive Technologies•added 2025/07/04 12:0 a.m.•2 views

PT-2025-28015 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: Mediawiki - IPInfo Extension versions 1.39.X through 1.39.12 Mediawiki - IPInfo Extension versions 1.42.X through 1.42.6 Mediawiki - IPInfo Extension versions 1.43.X through 1.43.1 Description: The issue affects the Mediawiki - IPInfo...

6.1CVSS6.1AI score0.00167EPSS

Positive Technologies•added 2025/06/27 12:0 a.m.•0 views

PT-2025-27076 · WordPress · Samex - Clean

Name of the Vulnerable Software and Affected Versions: Samex - Clean, Minimal Shop WooCommerce WordPress Theme versions n/a through 2.6 Description: The issue affects the Samex - Clean, Minimal Shop WooCommerce WordPress Theme, allowing for PHP Local File Inclusion due to improper control of...

8.1CVSS7.2AI score0.00547EPSS

OpenVAS•added 2025/06/12 12:0 a.m.•2 views

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2025-1651)

7.5CVSS8.1AI score0.00803EPSS