CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

57 matches found

EUVD•added 2026/05/01 11:18 a.m.•1 views

EUVD-2026-26497

The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'addpluginspage' and 'addthemespage' functions. This makes it possible for unauthenticated attackers to overwrite arbitrar...

8.8CVSS5.9AI score0.00026EPSS

Exploits0References4

CNNVD•added 2026/04/24 12:0 a.m.•5 views

skim 代码注入漏洞

Skim is a fuzzy search and rapid file location tool developed by skim-rs. Skim has a code injection vulnerability, which stems from the generate-files task in pr.yml checking and executing forked code controlled by the attacker, potentially leading to key leakage. The following versions are...

7.4CVSS5.9AI score0.00044EPSS

Exploits1References2

ATTACKERKB•added 2026/04/15 10:49 p.m.•1 views

CVE-2026-40316

OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. The workflow uses the pullrequesttarget trigger to run wit...

8.8CVSS6.3AI score0.00092EPSS

Exploits1References2Affected Software1

Veracode•added 2026/02/28 5:2 a.m.•5 views

Remote Code Execution (RCE)

mchange-commons-java is vulnerable to Remote Code Execution RCE. The vulnerability is due to its independent JNDI dereferencing implementation allowing remote factoryClassLocation values, which can cause the application to download and execute attacker-controlled code when processing a malicious...

9.8CVSS6.1AI score0.00151EPSS

Exploits1References6Affected Software1

CNNVD•added 2026/01/10 12:0 a.m.•1 views

Fickling 代码问题漏洞

Fickling is an open source decompiler and static analyzer for Python by Trail of Bits. A code issue vulnerability exists in Fickling version 0.1.6 and earlier, which stems from failing to mark the runpy module as unsafe, which could lead to the execution of attacker-controlled code...

9.3CVSS6.8AI score0.00089EPSS

Exploits1References3

NVD•added 2025/12/10 4:16 p.m.•3 views

CVE-2025-34422

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIPC.DLL from its installation directory without sufficient integrity validation or a secure search order. A...

8.5CVSS0.00007EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-25349

Malware in sbrugna...

7.2CVSS6.6AI score0.00051EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2023-2452

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00736EPSS

Exploits1References7

RedhatCVE•added 2025/05/22 8:37 p.m.•2 views

CVE-2021-35297

Scalabium dBase Viewer version 2.6 Build 5.751 is vulnerable to remote code execution via a crafted DBF file that triggers a buffer overflow. An attacker can use the Structured Exception Handler SEH records and redirect execution to attacker-controlled code...

7.8CVSS7.9AI score0.01112EPSS

Exploits0References1

Vulnrichment•added 2024/05/18 9:24 p.m.•16 views

CVE-2024-36050

Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request...

7AI score0.00136EPSS

Exploits0References4

Debian CVE•added 2024/05/18 9:24 p.m.•13 views

CVE-2024-36050

4.3CVSS4.8AI score0.00136EPSS

Exploits0

NVD•added 2023/06/02 5:15 p.m.•17 views

CVE-2023-29537

Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

7.5CVSS7.1AI score0.00202EPSS

Exploits0References4

Prion•added 2023/06/02 5:15 p.m.•20 views

Race condition

5.1CVSS7.5AI score0.00202EPSS

Exploits0References4Affected Software2

Debian CVE•added 2023/06/02 12:0 a.m.•22 views

CVE-2023-29537

7.5CVSS9AI score0.00202EPSS

Exploits0

UbuntuCve•added 2023/04/12 12:0 a.m.•22 views

CVE-2023-29537

7.5CVSS7.3AI score0.00202EPSS

Exploits0References3

OSV•added 2022/12/22 8:15 p.m.•0 views

DEBIAN-CVE-2022-1529

An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR 91.9.1...

8.8CVSS8.1AI score0.04295EPSS

Exploits0References1

RedHat Linux•added 2022/05/27 7:33 p.m.•2 views

Mozilla: Prototype pollution in Top-Level Await implementation

The Mozilla Foundation Security Advisory describes this flaw as: If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context...

8.8CVSS7.6AI score0.67932EPSS

Exploits0References5

RedHat Linux•added 2022/05/27 7:13 p.m.•3 views

Mozilla: Prototype pollution in Top-Level Await implementation

8.8CVSS7.6AI score0.67932EPSS

Exploits0References5

RedHat Linux•added 2022/05/27 7:6 p.m.•4 views

Mozilla: Prototype pollution in Top-Level Await implementation

8.8CVSS7.6AI score0.67932EPSS

Exploits0References5

RedHat Linux•added 2022/05/27 2:55 a.m.•3 views

Mozilla: Prototype pollution in Top-Level Await implementation