CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1447 matches found

CNNVD•added 2025/10/07 12:0 a.m.•3 views

vLLM 安全漏洞

vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A security vulnerability exists in versions prior to vLLM 0.11.0rc2, which stems from a timing attack vulnerability in the API key authentication method that could lead to authentication bypass...

7.5CVSS6.4AI score0.00538EPSS

Exploits1References4

EUVD•added 2025/10/07 12:0 a.m.•5 views

EUVD-2025-32895

Nagios Log Server before 2024R1.3.2 allows authenticated users with read-only API access to stop the Elasticsearch service via a /nagioslogserver/index.php/api/system/stop?subsystem=elasticsearch call. The service stops even though "message": "Could not stop elasticsearch" is in the API response...

8.5CVSS6.2AI score0.02672EPSS

Exploits1References2

CVE•added 2025/10/06 6:47 a.m.•7 views

CVE-2025-58578

The CVE-2025-58578 describes an API misuse where an authorized user can create an unlimited number of user accounts via a POST endpoint due to no quotas or validation. Public documents across Red Hat, NVD, CVE lists, and SICK-related advisories confirm the core issue (unbounded account creation) ...

4.3CVSS6.5AI score0.00292EPSS

Exploits0References6Affected Software1

Cvelist•added 2025/10/06 6:47 a.m.•4 views

CVE-2025-58578 Unlimited user creation by authorized users

A user with the appropriate authorization can create any number of user accounts via an API endpoint using a POST request. There are no quotas, checking mechanisms or restrictions to limit the creation...

3.8CVSS0.00292EPSS

Exploits0References6

EUVD•added 2025/10/06 6:47 a.m.•2 views

EUVD-2025-32501

3.8CVSS6.3AI score0.00292EPSS

Exploits0References7

Positive Technologies•added 2025/10/06 12:0 a.m.•6 views

PT-2025-40949

Name of the Vulnerable Software and Affected Versions YoSmart YoLink versions through 2025-10-02 Description The YoSmart YoLink API constructs an endpoint URL using a device's MAC address and an MD5 hash of non-secret information, including a key starting with cf50. The API endpoint is derived fr...

5.8CVSS6.4AI score0.00414EPSS

Exploits0References7

EUVD•added 2025/10/03 8:7 p.m.•22 views

EUVD-2025-24169

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.00184EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2024-54903

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00616EPSS

Exploits0References3