CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1078 matches found

Cvelist•added 2025/10/20 7:55 p.m.•5 views

CVE-2025-8053 Insufficient access control vulnerability has been discovered in Opentext Flipper.

Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges. This issue affects Flipper: 3.1....

1CVSS0.00045EPSS

Exploits0References1

OSV•added 2025/10/17 9:15 p.m.•2 views

CVE-2025-62647

The Restaurant Brands International RBI assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed AWS upload URL, for any store's path...

5.8CVSS5.8AI score

Exploits0References5

Cvelist•added 2025/10/17 2:17 a.m.•6 views

CVE-2025-6893

An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in broken access control has been identified in the /api/v1/setting/data endpoint of the affected device. This flaw allows a low-privileged authenticated user to ca...

9.3CVSS0.00122EPSS

Exploits0References1

OSV•added 2025/10/16 6:15 p.m.•3 views

DEBIAN-CVE-2025-61908

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that allows specifying a...

6.5CVSS5.3AI score0.00067EPSS

Exploits0References1

OSV•added 2025/10/16 6:15 p.m.•1 views

UBUNTU-CVE-2025-61908

7.1CVSS5.8AI score0.00067EPSS

Exploits0References9

CVE•added 2025/10/16 5:11 p.m.•15 views

CVE-2025-61907

CVE-2025-61907 affects Icinga 2. Versions 2.4–2.15.0 allow authenticated API users to exploit filter expressions on /v1/objects endpoints to access variables and objects that should be restricted by permissions. The root cause is improper exposure of hidden data through filter evaluation, enablin...

7.1CVSS5.9AI score0.00043EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2025/10/13 5:29 a.m.•3 views

CVE-2025-62292

In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users can query the /api/v2/users-management/users endpoint and obtain user fields intended for administrators only, including the email addresses of other accounts...

4.3CVSS6.7AI score0.00038EPSS

Exploits0References1

EUVD•added 2025/10/09 6:30 p.m.•3 views

EUVD-2025-33367

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the API Access Profiles page that, when visited by another user, enables the attacker to execute commands with the target...

6.1CVSS6.5AI score0.00035EPSS

Exploits0References2

OSV•added 2025/10/09 5:16 p.m.•2 views

CVE-2025-59999

5.1CVSS6AI score0.00035EPSS

Exploits0References1

CVE•added 2025/10/09 4:16 p.m.•13 views

CVE-2025-59999

CVE-2025-59999 affects Juniper Networks Junos Space; the issue is an Improper Neutralization of Input During Web Page Generation (XSS) that allows an attacker to inject script tags into the API Access Profiles page. When other users visit the page, the attacker may execute commands with the targe...

6.1CVSS6.5AI score0.00035EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/10/09 4:16 p.m.•1 views

CVE-2025-59999 Junos Space: API Access Profiles page is vulnerable to reflected cross-site script injection

6.1CVSS6.5AI score0.00035EPSS

Exploits0References1

Positive Technologies•added 2025/10/09 12:0 a.m.•3 views

PT-2025-41435

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos Space versions prior to 24.1R4 Description An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' issue exists in Juniper Networks Junos Space. This allows an attacker to inject script tags...

6.1CVSS6.9AI score0.00035EPSS

Exploits0References4

RedhatCVE•added 2025/10/08 6:18 p.m.•6 views

CVE-2025-27236

A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to...

6.5CVSS6.8AI score0.00046EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-2493

Malware in sbrugna...

7.5CVSS7.4AI score0.0078EPSS

Exploits0References12

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2015-4423

Malware in sbrugna...

4.6CVSS4.9AI score0.0015EPSS

Exploits0References4