CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

4.9CVSS5.8AI score

Exploits0References1

RedhatCVE•added 2025/10/01 5:26 a.m.•11 views

CVE-2025-6815

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘servicename’ parameter in all versions up to, and including, 5.1.94 due to insufficient input sanitization and output escaping. This makes it possible for...

5.5CVSS5AI score0.00234EPSS

Exploits0References1

NVD•added 2025/09/30 11:37 a.m.•3 views

CVE-2025-6815

5.5CVSS0.00234EPSS

Exploits0References3

Cisco•added 2025/09/24 4:0 p.m.•14 views

Cisco IOS XE Software HTTP API Command Injection Vulnerability

A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system. This vulnerability is due to insufficient input validation. An attacker with administrative privileges...

8.8CVSS7.6AI score0.00468EPSS

Exploits0References1

RedhatCVE•added 2025/09/24 12:28 a.m.•11 views

CVE-2025-57203

MagicProject AI version 9.1 is affected by a Cross-Site Scripting XSS vulnerability within the chatbot generation feature available to authenticated admin users. The vulnerability resides in the prompt parameter submitted to the /dashboard/user/generator/generate-stream endpoint via a...

4.8CVSS6.2AI score0.00221EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by