CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5527 matches found

Positive Technologies•added 2025/10/12 12:0 a.m.•4 views

PT-2025-41708

Name of the Vulnerable Software and Affected Versions HCL Unica MaxAI Assistant affected versions not specified Description HCL Unica MaxAI Assistant is susceptible to a HTML injection issue. An attacker could insert special characters that are processed client-side within the user’s session...

4.6CVSS6.6AI score0.00158EPSS

Exploits0References5

Positive Technologies•added 2025/10/12 12:0 a.m.•2 views

PT-2025-41721

Name of the Vulnerable Software and Affected Versions IBM Engineering Requirements Management Doors Next versions 7.0.2 through 7.1 Description An authenticated user on the network may be able to delete reviews belonging to other users. This is due to client-side enforcement of what should be...

3.5CVSS6.3AI score0.00166EPSS

Exploits0References5

CNNVD•added 2025/10/12 12:0 a.m.•4 views

IBM Engineering Requirements Management DOORS Next 安全漏洞

IBM Engineering Requirements Management DOORS Next is a scalable solution from International Business Machines IBM. The solution helps you capture, track, analyze, and manage systems and advanced IT application development. A security vulnerability exists in IBM Engineering Requirements Managemen...

3.5CVSS6.2AI score0.00166EPSS

Exploits0References1

CNNVD•added 2025/10/12 12:0 a.m.•4 views

IBM Engineering Requirements Management DOORS Next 安全漏洞

3.5CVSS6.2AI score0.00166EPSS

Exploits0References1

Positive Technologies•added 2025/10/12 12:0 a.m.•3 views

PT-2025-41720

Name of the Vulnerable Software and Affected Versions IBM Engineering Requirements Management Doors Next versions 7.0.2 through 7.1 Description An authenticated user on the network may be able to delete comments from other users. This is due to client-side enforcement of server-side security...

3.5CVSS6.3AI score0.00166EPSS

Exploits0References5

Github Security Blog•added 2025/10/10 10:53 p.m.•7 views

python-ldap is Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination

Summary ldap.dn.escapednchars escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to construct DNs from untrusted input can be made to consistently fail before a request is sent to the LDAP...

6.9CVSS7.2AI score0.00418EPSS

Exploits1References5Affected Software1

Positive Technologies•added 2025/10/10 12:0 a.m.•3 views

PT-2025-41626

🟠 python-ldap, Client-Side Denial of Service, CVE-2024-5319 Medium https://t.co/upnk2q5jR1...

7AI score

Exploits0References1

Snyk•added 2025/10/08 12:31 a.m.•4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Commerce Search Result widget when user-supplied input is injected into the Name text field of a Commerce Product. An attacker can execute arbitrary web scripts in the context of the user's browser by...

5.4CVSS5.4AI score0.00193EPSS

Exploits0References2

Vulnrichment•added 2025/10/07 12:33 p.m.•2 views

CVE-2025-3718 Client-side path traversal in Guardian/CMC before 25.2.0

A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of an input parameter. An authenticated user with limited privileges can craft a malicious URL which, if visited by an authenticated victim, leads to a Cross-Site Scriptin...

7.9CVSS5.4AI score0.00205EPSS

Exploits0References1