CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25 matches found

Vulnrichment•added 2026/02/10 9:51 p.m.•1 views

CVE-2026-26013 LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the ChatOpenAI.getnumtokensfrommessages method fetches arbitrary imageurl values without validation when computing token counts for vision-enabled models. This allows attackers to trigger Server-Side Reque...

3.7CVSS5.7AI score0.00019EPSS

Exploits0References3

VulnCheck KEV•added 2025/11/26 12:0 a.m.•1 views

VulnCheck KEV: CVE-2023-45311

fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project that depends on fsevents distributes code that was obtained from that URL at a time when it was controlled by an...

9.8CVSS6.2AI score0.00881EPSS

In wildExploits1References2

Tenable Nessus•added 2025/09/10 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2023-45311

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any...

9.8CVSS7.8AI score0.00881EPSS

Exploits1References2

RedhatCVE•added 2025/08/30 6:18 p.m.•3 views

CVE-2025-58048

Paymenter is a free and open-source webshop solution for hostings. Prior to version 1.2.11, the ticket attachments functionality in Paymenter allows a malicious authenticated user to upload arbitrary files. This could result in sensitive data extraction from the database, credentials being read...

9.9CVSS7.2AI score0.0013EPSS

Exploits0References1

CVE•added 2025/08/28 5:31 p.m.•11 views

CVE-2025-58048

CVE-2025-58048 affects Paymenter before version 1.2.11. The ticket attachments feature lets an authenticated user upload arbitrary files, enabling sensitive data extraction, credentials read from configuration files, and arbitrary commands executed under the web server user. A fix was released in...

9.9CVSS6.7AI score0.0013EPSS

Exploits0References3

CNNVD•added 2025/08/28 12:0 a.m.•1 views

Paymenter 代码问题漏洞

Paymenter is an online store hosting software from Paymenter open source. A code issue vulnerability exists in Paymenter versions prior to 1.2.11, which stems from the ticket attachment feature that allows the upload of arbitrary files, which could lead to sensitive data disclosure or system...

9.9CVSS7.1AI score0.0013EPSS

Exploits0References4

Tenable Nessus•added 2025/08/26 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2020-9355

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled. CVE-2020-9355 Note that Nessus relies on the...

9.8CVSS8.2AI score0.00527EPSS

Exploits0References2

RedhatCVE•added 2025/05/22 11:27 p.m.•2 views

CVE-2022-0638

Cross-Site Request Forgery CSRF in Packagist microweber/microweber prior to 1.2.11...

4.3CVSS6.8AI score0.00098EPSS

Exploits0References1

SUSE CVE•added 2023/02/15 6:20 a.m.•1 views

SUSE CVE-2004-0986

Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers...

7.5CVSS7.1AI score0.01269EPSS

Exploits0References4

ATTACKERKB•added 2022/02/26 11:15 a.m.•2 views

CVE-2022-0723

Cross-site Scripting XSS - Reflected in GitHub repository microweber/microweber prior to 1.2.11...

8CVSS5.4AI score0.00384EPSS

Exploits1References3

ATTACKERKB•added 2022/02/20 3:15 p.m.•2 views

CVE-2022-0688

Business Logic Errors in Packagist microweber/microweber prior to 1.2.11...

9.4CVSS6.8AI score0.00333EPSS

Exploits1References3

CNNVD•added 2022/02/20 12:0 a.m.•1 views

microweber 安全漏洞

Microweber is a drag-and-drop online store management system from the Microweber community in the United States. The system includes modules for adding products, images, etc. A security vulnerability exists in versions of microweber prior to 1.2.11, which stems from a business logic error in the...

9.4CVSS5.6AI score0.00333EPSS

Exploits1References4

ATTACKERKB•added 2022/02/19 4:15 p.m.•2 views

CVE-2022-0689

Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11...

5.3CVSS5.8AI score0.00284EPSS

Exploits1References3

ATTACKERKB•added 2022/02/19 11:15 a.m.•2 views

CVE-2022-0678

Cross-site Scripting XSS - Reflected in Packagist microweber/microweber prior to 1.2.11...

6.5CVSS6.5AI score0.00903EPSS

Exploits1References4

ATTACKERKB•added 2022/02/18 3:15 p.m.•3 views

CVE-2022-0666

CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11...

7.6CVSS7.1AI score0.17242EPSS

Exploits1References4

ATTACKERKB•added 2022/02/18 11:15 a.m.•2 views

CVE-2022-0660

Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11...

9.4CVSS7.5AI score0.07502EPSS

Exploits1References4

ATTACKERKB•added 2022/02/15 2:15 p.m.•3 views

CVE-2022-0597

Open Redirect in Packagist microweber/microweber prior to 1.2.11...

6.1CVSS5.5AI score0.00964EPSS

Exploits1References4