CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

242 matches found

CNNVD•added 2026/05/27 12:0 a.m.•4 views

WordPress plugin CM Ad Changer 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00014EPSS

Exploits0References5

GithubExploit•added 2026/05/14 8:24 p.m.•35 views

Vulnerability-Exploit-Correlation-Engine

Vulnerability-Exploit-Correlation-Engine Passive-analysis CLI...

5.8AI score

Exploits0

EUVD•added 2026/05/06 3:32 p.m.•3 views

EUVD-2025-209690

HCL BigFix Service Management SM is affected by an Information Disclosure – Server Banner issue was identified. Exposed server banners may reveal software versions and system details, potentially aiding attackers in targeting known vulnerabilities...

2.6CVSS5.8AI score0.00032EPSS

Exploits0References2

NVD•added 2026/05/06 3:16 p.m.•6 views

CVE-2025-31975

5.3CVSS0.00032EPSS

Exploits0References1

Cvelist•added 2026/05/06 1:51 p.m.•29 views

CVE-2025-31975 HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified.

2.6CVSS0.00032EPSS

Exploits0References1

CVE•added 2026/05/06 1:51 p.m.•7 views

CVE-2025-31975

Technical details about CVE-2025-31975 are not publicly available in the provided documents. The sources describe an information disclosure via server banners but do not specify affected versions, root cause, exploitability, or remediation. Monitor for updates.

5.3CVSS5.8AI score0.00032EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/05/06 12:0 a.m.•5 views

PT-2026-37632

2.6CVSS5.8AI score0.00032EPSS

Exploits0References2

Packet Storm News•added 2026/04/18 12:0 a.m.•2 views

Global Web, Local Privacy? an International Review of Web Tracking

Web tracking by ad networks, social networks, and other third parties is privacy-invasive. To protect users' privacy an increasing number of countries are adopting new privacy laws. However, a major reason why their application on the web is so challenging is that privacy laws are local while the...

5.8AI score

Exploits0

Hacker One•added 2026/04/05 7:15 a.m.•2 views

Revive Adserver: Missing access control when linking banners or campaigns to zones

A missing access control check was identified when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and earlier, or via its API. This could have allowed a low-privileged user to link their zones to banners or campaigns owned by other managers on...

5.7AI score

Exploits0

RedhatCVE•added 2026/03/26 2:56 p.m.•2 views

CVE-2019-25643

eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bid parameter. Attackers can send GET requests to banners.php with crafted SQL payloads in the bid parameter to extra...

8.8CVSS6.2AI score0.00051EPSS

Exploits0References1

NVD•added 2026/03/24 12:16 p.m.•1 views

CVE-2019-25643

8.8CVSS0.00051EPSS

Exploits0References4

CVE•added 2026/03/24 11:27 a.m.•9 views

CVE-2019-25643

CVE-2019-25643 is a Linux kernel issue involving improper input validation in ppp_cp_parse_cr that could lead to memory corruption and read overflow. SUSE advisories SUSE-SU-2020:2904/2905/2906 (and related OSV entries) indicate this CVE was addressed by kernel updates for SUSE SLES 12 SP5 and SL...

8.8CVSS6.2AI score0.00051EPSS

Exploits0References4

Cvelist•added 2026/03/24 11:27 a.m.•18 views

CVE-2019-25643 eNdonesia Portal v8.7 SQL Injection via banners.php

8.8CVSS0.00051EPSS

Exploits0References4

Positive Technologies•added 2026/03/24 12:0 a.m.•0 views

PT-2026-27377

8.8CVSS6.2AI score0.00051EPSS

Exploits0References5

Packet Storm News•added 2026/03/22 12:0 a.m.•2 views

When the Abyss Looks Back: Unveiling Evolving Dark Patterns in Cookie Consent Banners

To comply with data protection regulations such as the EU General Data Protection Regulation GDPR and the California Consumer Privacy Act CCPA, websites widely deploy cookie consent banners to collect users' privacy preferences. In practice, however, these interfaces often embed dark patterns tha...

5.8AI score

Exploits0

OSV•added 2026/03/03 1:29 p.m.•2 views

BIT-DISCOURSE-2026-28219 Privilege Escalation via Mass Assignment Allows Regular Users to Set Topics as Global Banners

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an improper authorization check in the topic management logic allows authenticated users to modify privileged attributes of their topics. By manipulating specific parameters in a PUT or POST...

5.3CVSS5.9AI score0.00124EPSS

Exploits0References2

NVD•added 2026/02/26 10:20 p.m.•5 views

CVE-2026-28219

5.3CVSS0.00124EPSS

Exploits0References1

OSV•added 2026/02/26 9:25 p.m.•3 views

CVE-2026-28219 Privilege Escalation via Mass Assignment Allows Regular Users to Set Topics as Global Banners

5.3CVSS5.9AI score0.00124EPSS

Exploits0References3

ATTACKERKB•added 2026/02/26 9:25 p.m.•1 views

CVE-2026-28219

5.3CVSS5.7AI score0.00124EPSS

Exploits0References2Affected Software1

CVE•added 2026/02/26 9:25 p.m.•16 views

CVE-2026-28219

Product/Component: Discourse open source platform. Vulnerability: Improper authorization check in topic management lets authenticated users alter privileged topic attributes via PUT/POST, elevating a topic’s status to a site-wide notice or banner. Affected versions: before 2025.12.2, 2026.1.1, an...

5.3CVSS5.3AI score0.00124EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by