CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

108 matches found

UbuntuCve•added 2026/02/20 11:16 p.m.•3 views

CVE-2026-2044

GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...

7.8CVSS7.3AI score0.00045EPSS

Exploits0References5

CVE•added 2026/02/20 10:11 p.m.•21 views

CVE-2026-0777

The CVE-2026-0777 entry is linked to a concrete vulnerability in Xmind related to attachment handling. The ZDI advisory describes a remote code execution vulnerability in affected Xmind installations that can be exploited when a user opens a malicious attachment or visits a page delivering a craf...

7.8CVSS6.4AI score0.00045EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:46 a.m.•2 views

CVE-2025-14835

The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 9.1.05.008 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.1CVSS5.6AI score0.00138EPSS

Exploits0References1

Positive Technologies•added 2026/01/07 12:0 a.m.•3 views

PT-2026-1560

Name of the Vulnerable Software and Affected Versions WP Photo Album Plus plugin for WordPress versions up to and including 9.1.05.008 Description The WP Photo Album Plus plugin for WordPress is susceptible to Reflected Cross-Site Scripting through the shortcode parameter. Insufficient input...

7.1CVSS5.8AI score0.00138EPSS

Exploits0References10

OSV•added 2025/12/31 7:15 a.m.•0 views

CVE-2025-15270

FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit ...

8.8CVSS7.7AI score

Exploits0References1

OSV•added 2025/12/23 10:15 p.m.•1 views

CVE-2025-14422

GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

7.8CVSS7.7AI score

Exploits0References2

OSV•added 2025/12/23 10:15 p.m.•1 views

CVE-2025-14403

PDFsam Enhanced Launch Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in that the target must visit a malicio...

7.8CVSS6.3AI score0.00052EPSS

Exploits0References1

Cvelist•added 2025/12/23 9:41 p.m.•21 views

CVE-2025-12839 Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this...

7.8CVSS0.00045EPSS

Exploits0References1

CVE•added 2025/12/23 9:24 p.m.•8 views

CVE-2025-14413

Summary: CVE-2025-14413 affects Soda PDF Desktop. The issue is in CBZ file parsing where a lack of validation of a user-supplied path before file operations enables a directory traversal vulnerability that can lead to remote code execution in the context of the current user. This requires user in...

7.8CVSS7.8AI score0.00272EPSS

Exploits0References1Affected Software1

NVD•added 2025/12/23 9:15 p.m.•1 views

CVE-2025-14934

NSF Unidata NetCDF-C Variable Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target...

7.8CVSS0.00027EPSS

Exploits0References1

RedhatCVE•added 2025/11/12 6:1 p.m.•5 views

CVE-2025-61829

Illustrator on iPad versions 3.0.9 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7.7AI score0.00027EPSS

Exploits0References1

Tenable Nessus•added 2025/10/29 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2025-10934

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on...

7.8CVSS7.6AI score0.00076EPSS

Exploits0References2

Vulnrichment•added 2025/10/14 9:18 p.m.•2 views

CVE-2025-61796 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 11.6 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse...

5.4CVSS5AI score0.00026EPSS

Exploits0References1