CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1594 matches found

EUVD•added 2025/11/18 10:39 p.m.•3 views

EUVD-2025-198098

Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the prefill data fields are dynamically set to readonly/disabled can be modified by malicious users deliberately trying to modify data they're not supposed to. For regular users, the form fields...

4.3CVSS6.3AI score0.00057EPSS

Exploits0References3

EUVD•added 2025/11/12 4:47 p.m.•1 views

EUVD-2025-148381

Malicious code in tealove-nameka5 npm...

6.6AI score

Exploits0

Tenable Nessus•added 2025/11/10 12:0 a.m.•3 views

Lucee Administration Panel Login Form Detected

Lucee Administration Panel has been detected on the target web application. This may present an attacker with an exploit vector which could be leveraged using other techniques, such as a Brute-Force or Dictionary Attack, allowing an attacker to gain access to administrative functionality. No sour...

7AI score

Exploits0

CNNVD•added 2025/11/04 12:0 a.m.•2 views

MediaTek Chipsets 安全漏洞

MediaTek Chipsets is a series of chips from China's MediaTek Corporation MediaTek. A security vulnerability exists in MediaTek Chipsets that stems from incorrect boundary checking, which could lead to out-of-bounds writes, and remote elevation of privilege if the user's device is connected to a...

7.5CVSS7AI score0.00381EPSS

Exploits0References1

Snyk•added 2025/10/29 3:31 p.m.•3 views

Cross-site Request Forgery (CSRF)

Overview org.jenkins-ci.plugins:windocks-start-container is an Allows users to create running containers based on Images available on the WinDocks host. WinDocks is a port of Docker’s open source to Windows, and supports all editions of Windows 8, Windows 10, Windows Server 2012, and Windows Serv...

6.9CVSS6.5AI score0.00019EPSS

Exploits0References2

CVE•added 2025/10/29 1:29 p.m.•54 views

CVE-2025-64150

The CVE-2025-64150 issue affects Jenkins Publish to Bitbucket Plugin 0.4 and earlier, where a missing permission check in an HTTP endpoint allows an attacker with Overall/Read permission to connect to an attacker‑specified URL using attacker‑specified credentials IDs. This can enable capture of c...

5.4CVSS6.2AI score0.00035EPSS

Exploits0References2Affected Software1

CVE•added 2025/10/27 5:29 p.m.•59 views

CVE-2025-55754

CVE-2025-55754 affects Apache Tomcat: improper neutralization of ANSI escape sequences in log messages could enable console/clipboard manipulation via crafted URLs. Affected: Tomcat 11.x (11.0.0-M1 to 11.0.10), 10.x (10.1.0-M1 to 10.1.44), 9.x (9.0.40 to 9.0.108), plus some EOL versions. Remediat...

9.6CVSS6.5AI score0.00135EPSS

Exploits0References3Affected Software1

Cvelist•added 2025/10/16 6:50 p.m.•14 views

CVE-2025-62427 Server-Side Request Forgery (SSRF) in Angular SSR

The Angular SSR is a server-rise rendering tool for Angular applications. The vulnerability is a Server-Side Request Forgery SSRF flaw within the URL resolution mechanism of Angular's Server-Side Rendering package @angular/ssr before 19.2.18, 20.3.6, and 21.0.0-next.8. The function createRequestU...

8.7CVSS0.00068EPSS

Exploits1References2

Vulnrichment•added 2025/10/15 6:43 a.m.•2 views

CVE-2025-11161 WPBakery Page Builder <= 8.6.1 - Stored Cross-Site Scripting via vc_custom_heading Shortcode

The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vccustomheading shortcode in all versions up to, and including, 8.6.1. This is due to insufficient restriction of allowed HTML tags and improper sanitization of user-supplied attributes in the...

6.4CVSS4.6AI score0.00024EPSS

Exploits0References2

Positive Technologies•added 2025/10/14 12:0 a.m.•2 views

PT-2025-42014

Name of the Vulnerable Software and Affected Versions Microsoft Windows Hyper-V affected versions not specified Description A race condition exists in Windows Hyper-V during concurrent execution using shared resources with improper synchronization. This allows a locally authorized attacker to...

7.8CVSS8.9AI score0.0004EPSS

Exploits0References4

Positive Technologies•added 2025/10/14 12:0 a.m.•2 views

PT-2025-42118

Name of the Vulnerable Software and Affected Versions Microsoft Office Excel affected versions not specified Description An issue exists in Microsoft Office Excel where access of a resource using an incompatible type, referred to as a 'type confusion', can allow an unauthorized attacker to execut...

7.8CVSS6.7AI score0.00109EPSS

Exploits0References3

CNNVD•added 2025/10/14 12:0 a.m.•5 views

Microsoft Windows 资源管理错误漏洞

Microsoft Windows is a suite of operating systems used by Microsoft Corporation USA for personal devices. Microsoft Windows suffers from a Resource Management Error vulnerability that stems from an attacker's ability to elevate privileges by exploiting the vulnerability...

4.7CVSS9AI score0.00041EPSS

Exploits0References1

CNNVD•added 2025/10/14 12:0 a.m.•1 views

Adobe Illustrator 缓冲区错误漏洞

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...

7.8CVSS7.3AI score0.00031EPSS

Exploits0References1

Ubuntu•added 2025/10/13 2:39 p.m.•3 views

USN-7818-1: Apache Subversion vulnerability

It was discovered that Apache Subversion incorrectly parsed control characters in filenames. An attacker could possibly use this issue to commit a corrupted revision to a repository, leading to a denial of service...

4.3CVSS5.5AI score0.05806EPSS

Exploits1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2020-6850

Malware in sbrugna...

4.4CVSS6.5AI score0.00094EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-16795

Malware in sbrugna...

3.5CVSS4.6AI score0.00292EPSS

Exploits0References2