CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1094 matches found

Vue Vben Admin - Default Credentials

Vue Vben Admin 2.10.1 contains a broken authentication caused by hardcoded credentials in the backend, letting attackers log in without proper authorization, exploit requires access to the login interface. id: CVE-2025-25570 info: name: Vue Vben Admin - Default Credentials author: 0xAkoko severit...

9.8CVSS8AI score0.20574EPSS

Exploits0References2

RedhatCVE•added 2 days ago•4 views

CVE-2026-44589

Nuxt OG Image generates OG Images with Vue templates in Nuxt. The isBlockedUrl denylist introduced in [email protected] to remediate GHSA-pqhr-mp3f-hrpp Dmitry Prokhorov / Positive Technologies, March 2026 is incomplete. It has an incomplete IPv6 prefix list and is missing redirect re-validatio...

3.7CVSS5.4AI score0.00037EPSS

Exploits0References1

RedhatCVE•added 2 days ago•4 views

CVE-2026-7710

A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. Remote...

7.5CVSS6.8AI score0.00105EPSS

Exploits0References1

RedhatCVE•added 2 days ago•4 views

CVE-2026-44245

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 2.5.2, Vue 3's v-html directive is the framework-documented mechanism for injecting raw HTML, and it intentionally disables the auto-escaping that interpolation provides. The PropertyCard.vue component uses...

6.1CVSS5.6AI score0.00031EPSS

Exploits1References1

RedhatCVE•added 2 days ago•4 views

CVE-2026-43900

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, a Cross-Site Scripting XSS vulnerability exists due to a discrepancy between the backend validation layer and the frontend browser rendering engine. The SVGSanitizer...

9.3CVSS5.8AI score0.00044EPSS

Exploits0References1

OSV•added 6 days ago•3 views

MAL-2026-5165 Malicious code in @emcd-vue/loans (npm)

Part of a coordinated multi-package supply-chain attack impersonating EMCD emcd.io, a legitimate Russian cryptocurrency exchange and mining pool. The attacker registered the @emcd-vue npm scope to distribute multiple malicious packages posing as internal tooling. This package was published 90...

5.8AI score

Exploits0References1

OSV•added 6 days ago•2 views

MAL-2026-5164 Malicious code in @emcd-vue/b2b-pay-form (npm)

5.8AI score

Exploits0References1

EUVD•added last week•11 views

EUVD-2026-33493

A weakness has been identified in Orthanc Explorer 2 up to 1.12.0. The impacted element is an unknown function of the file WebApplication/src/components/StudyList.vue of the component URL Handler. This manipulation of the argument remote-source causes cross site scripting. It is possible to...

5.3CVSS4.2AI score0.00039EPSS

Exploits0References6

Vulnrichment•added last week•5 views

CVE-2026-10173 Orthanc Explorer 2 URL StudyList.vue cross site scripting

5.3CVSS4.2AI score0.00039EPSS

Exploits0References6

Positive Technologies•added 2026/05/31 12:0 a.m.•9 views

PT-2026-45177

5.3CVSS4.2AI score0.00039EPSS

Exploits0References7

CNNVD•added 2026/05/31 12:0 a.m.•5 views

Orthanc Explorer 2 代码注入漏洞

Orthanc Explorer 2 is a user interface plugin for the Orthanc Server’s open-source medical imaging management system. Versions of Orthanc Explorer 2 prior to 1.12.0 contained a code injection vulnerability. This vulnerability stemmed from the param operation in the File...

5.3CVSS5.7AI score0.00039EPSS

Exploits0References6

Github Security Blog•added 2026/05/29 5:15 p.m.•8 views

Nuxt's route middleware is not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`

Summary When experimental.componentIslands is enabled default in Nuxt 4, any .server.vue file under pages/ is automatically registered as a server island under the key page and exposed via the /nuxtisland/:name endpoint. Until this fix, requests through that endpoint rendered the page component...

5.9AI score

Exploits0References4Affected Software2

RedhatCVE•added 2026/05/26 8:14 p.m.•9 views

CVE-2026-9374

A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a manipulation results in unrestricted upload. The attack is possible to be carried out remotely. The...

6.5CVSS6.3AI score0.00035EPSS

Exploits0References1

OSSF Malicious Packages•added 2026/05/25 3:12 p.m.•10 views

Malicious code in vue-compiler-sfc-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c320320435358c109567ef3776ced079a2196b831b583b66c87323ddf402bae9 Package name and README impersonate the official @vue/compiler-sfc package; index.js merely re-exports it. The npm postinstall hook runs...

6.1AI score

Exploits0References2

OSV•added 2026/05/25 3:12 p.m.•5 views

MAL-2026-4707 Malicious code in vue-compiler-sfc-plugin (npm)

6.1AI score

Exploits0References2