CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-0744

Malware in sbrugna...

6.1CVSS6.5AI score0.00305EPSS

Exploits0References4

Microsoft CVE•added 2025/10/02 6:11 a.m.•3 views

The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input.

...

9.1CVSS7AI score0.00425EPSS

Exploits0

RedhatCVE•added 2025/05/22 4:21 p.m.•4 views

CVE-2020-28925

Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance...

5.3CVSS6.9AI score0.00344EPSS

Exploits0

RedhatCVE•added 2025/05/22 9:16 a.m.•7 views

CVE-2019-20058

Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040...

6.1CVSS5.9AI score0.00328EPSS

Exploits3References1

RedhatCVE•added 2025/05/22 8:14 a.m.•6 views

CVE-2019-15485

Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php...

6.1CVSS5.8AI score0.00305EPSS

Exploits0References1

Prion•added 2019/08/23 1:15 p.m.•11 views

Design/Logic Flaw

Bolt before 3.6.10 has XSS via a title that is mishandled in the system log...

4.3CVSS5.9AI score0.00223EPSS

Exploits0References2Affected Software1

Cvelist•added 2017/11/09 7:0 p.m.•10 views

CVE-2017-16754

Bolt before 3.3.6 does not properly restrict access to profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php...

5.7AI score0.0038EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by