CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1177 matches found

Vulnrichment•added 2025/10/15 8:26 a.m.•2 views

CVE-2025-10056 Task Scheduler <= 1.6.3 - Authenticated (Admin+) Blind Server-Side Request Forgery

The Task Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.3 via the “Check Website” task. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations...

4.4CVSS5.4AI score0.00024EPSS

Exploits0References2

Tenable Nessus•added 2025/10/15 12:0 a.m.•2 views

F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K000156801)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.8 / 16.1.6.1 / 17.1.3 / 17.5.1.3. It is, therefore, affected by a vulnerability as referenced in the K000156801 advisory. A directory traversal vulnerability exists in the BIG-IP Configuration utility that allows a...

6.9CVSS5.6AI score0.0027EPSS

Exploits0References2

Positive Technologies•added 2025/10/14 12:0 a.m.•2 views

PT-2025-42175

Name of the Vulnerable Software and Affected Versions Flowise versions 3.0.1 through 3.0.7 Flowise versions 3.0.8 and later with 'ALLOW BUILTIN DEP' enabled Description The software contains an authenticated remote code execution issue and a node VM sandbox escape. This is due to insecure use of...

8.4CVSS7.8AI score0.01665EPSS

Exploits1References6

Tenable Nessus•added 2025/10/14 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2025-39664

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient escaping in the report scheduler within Checkmk 2.4.0p13, 2.3.0p38, 2.2.0p46 and 2.1.0 EOL allows authenticated attackers to define the storage...

7.1CVSS5.5AI score0.00081EPSS

Exploits1References2

NVD•added 2025/10/08 5:15 a.m.•3 views

CVE-2025-11204

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 6.0.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.2CVSS0.00135EPSS

Exploits0References4