CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

134 matches found

Vulnrichment•added 2026/05/27 2:54 a.m.•3 views

CVE-2026-2253 Hitachi Vantara Pentaho Data Integration & Analytics - Improper Restriction of XML External Entity Reference

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities...

7.7CVSS5.8AI score0.00032EPSS

Exploits0References1

Fedora•added 2026/05/13 9:27 p.m.•6 views

[SECURITY] Fedora 42 Update: nano-8.3-4.fc42

GNU nano is a small and friendly text editor...

5.5CVSS5.8AI score0.00019EPSS

Exploits0

OSV•added 2026/05/12 8:56 a.m.•3 views

BIT-PHP-MIN-2026-7258 Out-of-bounds read in urldecode() on NetBSD

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...

7.5CVSS5.8AI score0.00023EPSS

Exploits0References2

OSV•added 2026/05/12 8:56 a.m.•6 views

BIT-PHP-2026-7262 NULL pointer dereference in SOAP apache:Map decoder with missing <value>

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferences a NULL pointer,...

7.5CVSS5.8AI score0.00134EPSS

Exploits0References2

UbuntuCve•added 2026/05/10 5:16 a.m.•4 views

CVE-2026-6735

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

8.8CVSS6AI score0.00046EPSS

Exploits1References2

Vulnrichment•added 2026/05/10 4:28 a.m.•4 views

CVE-2026-7258 Out-of-bounds read in urldecode() on NetBSD

6.3CVSS5.8AI score0.00023EPSS

Exploits0References1

Tenable Nessus•added 2026/02/06 12:0 a.m.•3 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-005265)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005265 advisory. In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, a heap buffer overflow occurs in arraymerge when t...

8.2CVSS5.8AI score0.00019EPSS

Exploits1References3

OSV•added 2026/01/28 10:13 a.m.•3 views

RHSA-2026:1429 Red Hat Security Advisory: php:8.3 security update

Bulletin has no description...

7.5CVSS5.8AI score0.00047EPSS

Exploits4References18

RedhatCVE•added 2026/01/09 12:15 p.m.•6 views

CVE-2018-1000653

zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. This attack appear to be exploitable via running zzcms in nginx...

9.8CVSS8.2AI score0.0025EPSS

Exploits1References1

OSV•added 2025/12/27 8:15 p.m.•1 views

AZL-73198 CVE-2025-14178 affecting package php for versions less than 8.3.29-1

In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, a heap buffer overflow occurs in arraymerge when the total element count of packed arrays exceeds 32-bit limits or HTMAXSIZE, due to an integer overflow in the precomputation of...

8.2CVSS6.1AI score0.00019EPSS

Exploits1References1

Cvelist•added 2025/12/16 8:12 a.m.•27 views

CVE-2025-67983 WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 8.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in osama.esh WP Visitor Statistics Real Time Traffic wp-stats-manager allows DOM-Based XSS.This issue affects WP Visitor Statistics Real Time Traffic: from n/a through = 8.3...

6.5CVSS0.00029EPSS

Exploits0References1

Vulnrichment•added 2025/12/15 10:50 p.m.•2 views

CVE-2025-9122 Hitachi Vantara Pentaho Business Analytics Server - Generation of Error Message Containing Sensitive Information

Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to versions 10.2.0.4, including 9.3.0.x and 8.3.x display the full server stack trace when encountering an error within the GetCdfResource servlet...

5.3CVSS6.5AI score0.00037EPSS

Exploits0References1

CVE•added 2025/12/15 10:50 p.m.•5 views

CVE-2025-9122

Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework exposes the full server stack trace when errors occur in the GetCdfResource servlet. Affected versions include before 10.2.0.4, specifically 9.3.0.x and 8.3.x. Impact is information disclosure of internal stack d...

5.3CVSS6.5AI score0.00037EPSS

Exploits0References1

Vulnrichment•added 2025/11/25 2:26 a.m.•7 views

CVE-2025-6389 Sneeit Framework <= 8.3 - Unauthenticated Remote Code Execution in sneeit_articles_pagination_callback

The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeitarticlespaginationcallback function. This is due to the function accepting user input and then passing that through calluserfunc. This makes it possible for...

9.8CVSS6.7AI score0.01178EPSS

Exploits3References2