CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1011 matches found

CNNVD•added 2026/01/07 12:0 a.m.•2 views

WordPress plugin MoneySpace 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An information...

8.6CVSS6.1AI score0.00198EPSS

Exploits0References5

OSV•added 2025/12/27 2:15 p.m.•3 views

CVE-2025-54322

Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to vLogin.py. The title and oIP parameters are also used...

9.8CVSS6.4AI score0.00294EPSS

Exploits2References2

EUVD•added 2025/12/23 12:30 a.m.•2 views

EUVD-2023-60243

PhotoShow 3.0 contains a remote code execution vulnerability that allows authenticated administrators to inject malicious commands through the exiftran path configuration. Attackers can exploit the ffmpeg configuration settings by base64 encoding a reverse shell command and executing it through a...

8.8CVSS7.8AI score0.00864EPSS

Exploits1References5

Trellix•added 2025/12/18 12:0 a.m.•6 views

Amadey Exploiting Self-Hosted GitLab to Distribute StealC

Amadey Exploiting Self-Hosted GitLab to Distribute StealC By Rahul Sharma · December 18, 2025 Executive summary Amadey is a malware loader that has been active since 2018, primarily used to distribute second-stage payloads and infostealers. While Amadey has been previously known to distribute...

7.9AI score

Exploits0

GithubExploit•added 2025/12/09 10:26 a.m.•116 views

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell A scanner for detecting and exploiting Next.js...

10CVSS7.3AI score0.83197EPSS

Exploits377

GithubExploit•added 2025/12/01 12:54 a.m.•215 views

Exploit for OS Command Injection in Xstream

CVE-2020-26217 XStream RCE Exploit XStream remote code execut...

9.3CVSS7.4AI score0.93171EPSS

Exploits7

Metasploit•added 2025/11/26 6:53 p.m.•416 views

IGEL OS Persistent Payload

Gain persistence for specified payload on IGEL OS Workspace Edition, by writing a payload to disk or base64-encoding and executing from registry. Module Options msf use exploit/linux/persistence/igelpersistence msf exploitigelpersistence show targets ...targets... msf exploitigelpersistence set...

5.8AI score

Exploits0

RedhatCVE•added 2025/11/21 12:18 a.m.•1 views

CVE-2025-25613

FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. All versions before 2.2.0D Build 135103 were discovered to transmit cookies for their web based administrative application containing usernames and passwords. These were transmitted in cleartext usi...

7.5CVSS7.1AI score0.00032EPSS

Exploits1References1

Tenable Nessus•added 2025/11/20 12:0 a.m.•5 views

TencentOS Server 4: gdk-pixbuf2 (TSSA-2025:0706)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0706 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.5CVSS7.9AI score0.00938EPSS

Exploits0References2

OSV•added 2025/11/17 9:25 a.m.•5 views

CLSA-2025-1763371545 gdk-pixbuf2: Fix of CVE-2025-7345

CVE-2025-7345: fix heap buffer overflow during base64 encoding in gdkpixbufjpegimageloadincrement...

7.5CVSS6AI score0.00938EPSS

Exploits0References1

NVD•added 2025/11/07 6:15 p.m.•2 views

CVE-2025-57697

AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function encodeimagebs64. Since the encodeimagebs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimac...

6.5CVSS0.00086EPSS

Exploits1References1

RedhatCVE•added 2025/10/31 12:13 a.m.•2 views

CVE-2025-61116

AdForest - Classified Android App version 4.0.12 package name scriptsbundle.adforest, developed by Muhammad Jawad Arshad, contains an improper access control vulnerability in its authentication mechanism. The app uses a Base64-encoded email address as the authorization credential, which can be...

7.5CVSS7AI score0.00045EPSS

Exploits0References1

Debian•added 2025/10/23 4:23 a.m.•3 views

[SECURITY] [DLA 4344-1] gdk-pixbuf security update

Debian LTS Advisory DLA-4344-1 [email protected] https://www.debian.org/lts/security/ Carlos Henrique Lima Melara October 22, 2025 https://wiki.debian.org/LTS Package : gdk-pixbuf Version : 2.42.2+dfsg-1+deb11u4 CVE ID : CVE-2025-7345 Debian Bug : 1109262 A vulnerability was found in...

7.5CVSS6.8AI score0.00938EPSS

Exploits0

Tenable Nessus•added 2025/10/23 12:0 a.m.•5 views

Debian dla-4344 : gdk-pixbuf-tests - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4344 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4344-1 [email protected] https://www.debian.org/lts/security/...

7.5CVSS7.4AI score0.00938EPSS

Exploits0References4

Vulnrichment•added 2025/10/15 12:0 a.m.•3 views

CVE-2025-56748

Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing brute force attacks to guess valid reset tokens and compromise user accounts...

6.6AI score0.00069EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-15202

Malware in sbrugna...

7.8CVSS4.1AI score0.00057EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-2401

Malware in sbrugna...

7CVSS6.9AI score0.00054EPSS

Exploits1References2