CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5519 matches found

Positive Technologies•added 2025/11/18 12:0 a.m.•3 views

PT-2025-47327

Name of the Vulnerable Software and Affected Versions electic-shop version 1.0 Description A DOM-based cross-site scripting issue exists where the client-side JavaScript reads attacker-controlled input and inserts it into the DOM via unsafe sinks, specifically innerHTML, insertAdjacentHTML, and...

5.4CVSS6AI score0.0023EPSS

Exploits1References4

Vulnrichment•added 2025/11/18 12:0 a.m.•3 views

CVE-2025-63883

A DOM-based cross-site scripting vulnerability exists in electic-shop v1.0 Bhabishya-123/E-commerce. The site's client-side JavaScript reads attacker-controlled input for example, values derived from the URL or page fragment and inserts it into the DOM via unsafe sinks...

6AI score0.0023EPSS

Exploits1References1

Positive Technologies•added 2025/11/18 12:0 a.m.•5 views

PT-2025-47311

Name of the Vulnerable Software and Affected Versions Windu CMS version 4.1 Windu CMS affected versions not specified Description Windu CMS has a weak client-side brute-force protection mechanism. The system utilizes the loginError parameter, but does not store attempt counts or timeouts...

7.5CVSS6.6AI score0.00243EPSS

Exploits0References7

OSV•added 2025/11/17 10:17 a.m.•3 views

CLSA-2025-1763374645 varnish: Fix of 2 CVEs

CVE-2024-30156: fix HTTP/2 flow control vulnerability allowing window credit exhaustion Broke Window Attack causing potential denial of service - CVE-2025-47905: fix client-side request smuggling via malformed HTTP/1 chunked requests...

7.5CVSS6.7AI score0.03663EPSS

Exploits0References1

RedhatCVE•added 2025/11/17 9:7 a.m.•12 views

CVE-2025-64308

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle...

8.7CVSS7AI score0.00302EPSS

Exploits0References1

NVD•added 2025/11/15 12:15 a.m.•5 views

CVE-2025-64308

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle...

8.7CVSS0.00302EPSS

Exploits0References3

CNNVD•added 2025/11/15 12:0 a.m.•3 views

Brightpick Mission Control 安全漏洞

Brightpick Mission Control is a centralized control platform for mission management from Brightpick USA. A security vulnerability exists in Brightpick Mission Control that stems from the inclusion of hard-coded credentials in a client-side JavaScript package...

8.7CVSS6.6AI score0.00302EPSS

Exploits0References4

Cvelist•added 2025/11/14 11:38 p.m.•8 views

CVE-2025-64308 Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle...

8.7CVSS0.00302EPSS

Exploits0References3

EUVD•added 2025/11/14 11:38 p.m.•3 views

EUVD-2025-197665

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle...

8.7CVSS6.4AI score0.00302EPSS

Exploits0References4

Vulnrichment•added 2025/11/14 11:38 p.m.•3 views

CVE-2025-64308 Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle...

8.7CVSS6.5AI score0.00302EPSS

Exploits0References3

CVE•added 2025/11/14 11:38 p.m.•12 views

CVE-2025-64308

Brightpick Mission Control web application exposes hardcoded credentials in the client-side JavaScript bundle. The vulnerability can enable unauthorized access to credentials and could allow manipulation of robot control functions through an unauthenticated interface and via WebSocket traffic, pe...

8.7CVSS6.6AI score0.00302EPSS

Exploits0References3

RedhatCVE•added 2025/11/13 9:8 a.m.•1 views

CVE-2025-12872

The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will execute on the client side when a user is tricked into visiting a specific URL...

5.4CVSS6AI score0.00171EPSS

Exploits0References1

RedhatCVE•added 2025/11/12 6:1 p.m.•2 views

CVE-2025-60705

Improper access control in Windows Client-Side Caching CSC Service allows an authorized attacker to elevate privileges locally...

7.8CVSS5.3AI score0.02268EPSS

Exploits0References1

RedhatCVE•added 2025/11/12 1:6 p.m.•6 views

CVE-2025-10161

Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. Perfektive allows Brute Force, Authentication Bypass, Functionality Bypass.This iss...

7.3CVSS6.9AI score0.00247EPSS

Exploits0References1

NVD•added 2025/11/12 8:15 a.m.•3 views

CVE-2025-12872

5.4CVSS0.00171EPSS

Exploits0References2

OSV•added 2025/11/11 6:15 p.m.•2 views

CVE-2025-60705

Improper access control in Windows Client-Side Caching CSC Service allows an authorized attacker to elevate privileges locally...

7.8CVSS5.7AI score0.02268EPSS

Exploits0References1

NVD•added 2025/11/11 6:15 p.m.•2 views

CVE-2025-60705

Improper access control in Windows Client-Side Caching CSC Service allows an authorized attacker to elevate privileges locally...

7.8CVSS0.02268EPSS

Exploits0References1

CVE•added 2025/11/11 5:59 p.m.•18 views

CVE-2025-60705

Technical details about CVE-2025-60705 (affected product, root cause, impact, or Fix) are not provided in the connected documents. Monitor for updates from Microsoft/MSRC for validation, impact, and remediation.

7.8CVSS5.2AI score0.02268EPSS

Exploits0References1Affected Software14

Vulnrichment•added 2025/11/11 5:59 p.m.•1 views

CVE-2025-60705 Windows Client-Side Caching Elevation of Privilege Vulnerability

...

7.8CVSS6.6AI score0.02268EPSS

Exploits0References1