CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

GithubExploit•added 6 days ago•65 views

CVE-2026-BetterSQLCipher-RCE

CVE-2026-XXXXX: better-sqlcipher loadExtension Remote Code E...

5.9AI score

Positive Technologies•added 2026/05/12 12:0 a.m.•7 views

PT-2026-40438

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account. Recommendations At the moment, the...

7.1CVSS5.8AI score0.00009EPSS

Exploits0References7

Positive Technologies•added 2026/05/12 12:0 a.m.•8 views

PT-2026-40440

Name of the Vulnerable Software and Affected Versions cPanel & WHM affected versions not specified Description Improper sanitization of the status query parameter in the '/unprotected/nova error' endpoint allows an unauthenticated attacker to inject arbitrary HTTP headers into the response...

8.3CVSS5.9AI score0.0003EPSS

Exploits0References8

AlpineLinux•added 2026/05/01 2:45 p.m.•2 views

CVE-2026-43506

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by memory leaks from unauthenticated connections...

7.5CVSS5.8AI score0.00063EPSS

NVD•added 2026/04/22 5:16 p.m.•0 views

CVE-2026-6515

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions...

5.4CVSS0.00015EPSS

NVD•added 2026/03/25 5:16 p.m.•4 views

CVE-2025-13436

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when handling certain CI-related inputs...

6.5CVSS0.00054EPSS

Exploits0References3

Debian CVE•added 2026/03/25 4:35 p.m.•2 views

CVE-2025-13078

Removed by vendor...

6.5CVSS5.8AI score0.00029EPSS

Tenable Nessus•added 2026/02/03 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2025-4097

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allow...

6.5CVSS5.4AI score0.00077EPSS

CNNVD•added 2026/01/13 12:0 a.m.•3 views

Microsoft Windows 后置链接漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. Microsoft Windows suffers from a backlink vulnerability. An attacker could exploit this vulnerability to gain elevated privileges. The following products and versions...

7.8CVSS5.8AI score0.00058EPSS

Cvelist•added 2025/10/27 12:5 a.m.•7 views

CVE-2025-10497 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending specially crafted payloads...

7.5CVSS0.00077EPSS

Exploits0References3

Cvelist•added 2025/10/23 3:37 a.m.•10 views

CVE-2025-35981

Exposure of Private Personal Information to an Unauthorized Actor CWE-359 in the Command Centre Server allows a privileged Operator to view limited personal data about a Cardholder they would not normally have permissions to view. This issue affects Command Centre Server: 9.30.1874 MR1, 9.20.2337...

5.5CVSS0.00017EPSS

NVD•added 2025/10/21 8:20 p.m.•2 views

CVE-2025-61764

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

5.3CVSS0.00035EPSS

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2019-12330

Malware in sbrugna...

7.8CVSS8.1AI score0.00139EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-4786

Malware in sbrugna...

9.3CVSS7.5AI score0.02948EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-7164

Malware in sbrugna...

10CVSS9.2AI score0.02559EPSS

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-7953

Malicious code in bioql PyPI...

7.1CVSS9AI score0.00083EPSS

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-25481

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00084EPSS

SUSE CVE•added 2025/09/19 11:22 p.m.•1 views

SUSE CVE-2025-58437

Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automatically generates a session token for a user when a workspace...

8.1CVSS6.9AI score0.00078EPSS

Exploits1References2

OSV•added 2025/08/21 5:15 p.m.•2 views

CVE-2025-8402

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to validate import data which allows a system admin to crash the server via the bulk import feature...

4.9CVSS6.9AI score