CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2019-13597

Malware in sbrugna...

4.3CVSS4.7AI score0.01037EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•10 views

EUVD-2025-22019

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00626EPSS

Exploits0References3

Positive Technologies•added 2025/07/08 12:0 a.m.•0 views

PT-2025-28306 · Unknown · Hitsz-Ids Airda

Name of the Vulnerable Software and Affected Versions: hitzs-ids airda version 0.0.3 Description: A critical vulnerability exists in the execute function of the /v1/chat/completions file. Manipulation of the question argument results in SQL injection. The attack can be initiated remotely. The...

6.5CVSS6.8AI score0.00248EPSS

Exploits0References8

Vulnrichment•added 2025/07/02 2:45 p.m.•3 views

CVE-2025-53108 HomeBox Missing User Authorization

HomeBox is a home inventory and organization system. Prior to 0.20.1, HomeBox contains a missing authorization check in the API endpoints responsible for updating and deleting inventory item attachments. This flaw allows authenticated users to perform unauthorized actions on inventory item...

5.3CVSS6.8AI score0.00258EPSS

Exploits0References2

Positive Technologies•added 2025/06/27 12:0 a.m.•1 views

PT-2025-27148 · Lychee · Lychee

Name of the Vulnerable Software and Affected Versions: Lychee versions prior to 6.6.13 Description: A critical Server-Side Request Forgery SSRF issue exists in the "/api/v2/Photo::fromUrl" endpoint, allowing an attacker to instruct the application's backend to make HTTP requests to any URL they...

3CVSS7.1AI score0.00168EPSS

Exploits0References6

NVD•added 2025/06/04 3:15 a.m.•24 views

CVE-2025-5552

A vulnerability was found in ChestnutCMS up to 15.1. It has been declared as critical. This vulnerability affects unknown code of the file /dev-api/groovy/exec of the component API Endpoint. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been...

8.8CVSS0.00399EPSS

Exploits1References4

Redos•added 2025/04/17 12:0 a.m.•11 views

ROS-20250417-02

Vulnerability of /settings/store API endpoint of pgAdmin database management tool is related to failure to take measures to protect the structure of a web page. Exploitation of the vulnerability could allow an attacker, acting remotely, to perform a cross-site scripted attack Server mode...

8.8CVSS7.7AI score0.80069EPSS

Exploits1

RedhatCVE•added 2025/04/05 12:24 a.m.•14 views

CVE-2024-47212

An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API endpoint of Iglu Server and can render it completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt...

7.5CVSS7.1AI score0.00335EPSS

Exploits0References1

OSV•added 2025/04/03 9:15 p.m.•9 views

CVE-2024-47212

7.5CVSS6.6AI score

Exploits0References1

RedhatCVE•added 2025/04/03 3:32 p.m.•7 views

CVE-2025-31132

Raven is an open-source messaging platform. A vulnerability allowed any logged in user to execute code via an API endpoint. This vulnerability is fixed in 2.1.10...

8.1CVSS7.5AI score0.00527EPSS

Exploits0References1

RedhatCVE•added 2025/03/22 11:30 a.m.•7 views

CVE-2024-8438

A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint /api/file does not properly sanitize the path parameter, allowing an attacker to read arbitrary files on the server...

7.5CVSS6.8AI score0.00713EPSS

Exploits1References1

Positive Technologies•added 2025/01/06 12:0 a.m.•3 views

PT-2025-3338 · Unknown · Chestnutcms

Name of the Vulnerable Software and Affected Versions: ChestnutCMS versions prior to 1.5.0 Description: The issue concerns a file upload vulnerability where the /api/member/avatar API endpoint receives a base64 string as input, which is then processed by the memberService.uploadAvatarByBase64...

9.8CVSS6.4AI score0.0085EPSS

Exploits1References9

Positive Technologies•added 2024/02/01 12:0 a.m.•3 views

PT-2024-4534 · Unknown · Zenml Server

Name of the Vulnerable Software and Affected Versions: ZenML Server versions prior to 0.46.7 ZenML Server versions 0.44.4, 0.43.1, and 0.42.2 are patched and not vulnerable, so the actual vulnerable range is any version before 0.46.7, excluding the mentioned patched versions. However, since 0.44....

8.8CVSS8.7AI score0.70581EPSS

Exploits1References18

Positive Technologies•added 2023/03/22 12:0 a.m.•2 views

PT-2023-17078 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue allows an attacker to learn the full name of a board owner due to Mattermost failing to check the "Show Full Name" setting when rendering the result for the...

4.3CVSS4.4AI score0.00464EPSS

Exploits0References5

Positive Technologies•added 2022/08/30 12:0 a.m.•4 views

PT-2022-4568 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.10 through 15.1.6 GitLab CE/EE versions 15.2 through 15.2.4 GitLab CE/EE versions 15.3 through 15.3.2 Description: A vulnerability in GitLab CE/EE allows an authenticated user to achieve remote code execution via the...

10CVSS9.4AI score0.86194EPSS

Exploits5References25

Positive Technologies•added 2022/08/25 12:0 a.m.•4 views

PT-2022-16224 · Ece · Ece

Name of the Vulnerable Software and Affected Versions: ECE versions prior to 3.4.0 Description: A flaw in ECE might lead to the disclosure of sensitive information, such as user passwords and Elasticsearch keystore settings values, in logs like the audit log or deployment logs in the Logging and...

6.5CVSS6.3AI score0.0065EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by