CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3509 matches found

OSV•added 2025/11/06 11:48 p.m.•5 views

GHSA-FV2R-R8MP-PG48 Soft Serve does not sanitize ANSI escape sequences in user input

Impact In several places where the user can insert data e.g. names, ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages, when printed, are also not being sanitized. Places in which this was found: 1. Repository...

4.6CVSS6.8AI score0.00152EPSS

Exploits0References4

RedhatCVE•added 2025/11/06 7:54 a.m.•10 views

CVE-2025-12677

The KiotViet Sync plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.5 via the registerapiroute function in kiotvietsync/includes/publicactions/WebHookAction.php. This makes it possible for unauthenticated attackers to extract the webhoo...

5.3CVSS6.1AI score0.00223EPSS

Exploits0References1

NVD•added 2025/11/05 8:15 a.m.•2 views

CVE-2025-12677

5.3CVSS0.00223EPSS

Exploits0References2

Vulnrichment•added 2025/11/05 7:27 a.m.•3 views

CVE-2025-12677 KiotViet Sync <= 1.8.5 - Unauthenticated Webhook Key Exposure

5.3CVSS5.7AI score0.00223EPSS

Exploits0References2

Cvelist•added 2025/11/05 7:27 a.m.•8 views

CVE-2025-12677 KiotViet Sync <= 1.8.5 - Unauthenticated Webhook Key Exposure

5.3CVSS0.00223EPSS

Exploits0References2

CVE•added 2025/11/05 7:27 a.m.•15 views

CVE-2025-12677

The KiotViet Sync WordPress plugin (versions up to and including 1.8.5) is vulnerable to Sensitive Information Exposure through register_api_route() in kiotvietsync/includes/public_actions/WebHookAction.php. Unauthenticated attackers can extract the webhook token value when configured. Public rep...

5.3CVSS5.7AI score0.00223EPSS

Exploits0References2

Positive Technologies•added 2025/11/05 12:0 a.m.•4 views

PT-2025-45095

Name of the Vulnerable Software and Affected Versions KiotViet Sync plugin for WordPress versions up to and including 1.8.5 Description The KiotViet Sync plugin for WordPress is susceptible to exposure of sensitive information. Specifically, unauthenticated attackers can extract the webhook token...

5.3CVSS6.2AI score0.00223EPSS

Exploits0References5

CNNVD•added 2025/11/05 12:0 a.m.•3 views

WordPress plugin KiotViet Sync 信息泄露漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin KiotViet Sync, which ste...

5.3CVSS5.6AI score0.00223EPSS

Exploits0References3

Wolfi•added 2025/11/02 2:17 p.m.•6 views

CVE-2025-58189 vulnerabilities

Vulnerabilities for packages: chisel, jitsucom-bulker, checksec, cert-manager, gostatsd, kube-vip-cloud-provider, incert, kube-rbac-proxy, licenseclassifier, mockery, prometheus-alertmanager, redka, mkcert, redpanda, speedtest-go, telegraf, wazero, k6, kwok, falcoctl, stakater-reloader,...

5.3CVSS7.3AI score0.00414EPSS

Exploits0

Wolfi•added 2025/11/02 2:17 p.m.•6 views

GHSA-447V-2QG4-H8HC vulnerabilities

5.8AI score

Exploits0

Wolfi•added 2025/11/02 2:17 p.m.•5 views

CVE-2025-61724 vulnerabilities

5.3CVSS7.3AI score0.00492EPSS

Exploits0

Wolfi•added 2025/11/02 2:17 p.m.•5 views

GHSA-RJCG-56PH-3QVG vulnerabilities