CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/23 8:16 a.m.•5 views

CVE-2024-36066

The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of RFC 4211, and might make man-in-the-middle attacks easier. CMP includes password-based MAC as one of the options for message integrity and authentication the...

3.1CVSS7.1AI score0.00398EPSS

RedhatCVE•added 2025/05/22 10:16 p.m.•5 views

CVE-2022-0188

The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, to arbitrarily change the coming soon page layout...

5.3CVSS6.7AI score0.05863EPSS

Exploits2References1

RedhatCVE•added 2025/05/22 4:27 p.m.•4 views

CVE-2020-17429

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

7.8CVSS5.9AI score0.00968EPSS

RedhatCVE•added 2025/05/22 3:16 p.m.•6 views

CVE-2020-17428

4.3CVSS5.9AI score0.01126EPSS

RedhatCVE•added 2025/05/22 3:16 p.m.•3 views

CVE-2020-17433

7.8CVSS6AI score0.00259EPSS

OSSF Malicious Packages•added 2025/05/05 5:43 p.m.•3 views

Malicious code in design-system-cmp (npm)

The package communicates with a domain associated with malicious activity...

7AI score

SUSE CVE•added 2025/05/02 2:2 a.m.•1 views

SUSE CVE-2025-37784

In the Linux kernel, the following vulnerability has been resolved: net: ti: icss-iep: Fix possible NULL pointer dereference for perout request The ICSS IEP driver tracks perout and pps enable state with flags. Currently when disabling pps and perout signals during icssiepexit, results in NULL...

5.5CVSS7.6AI score0.00064EPSS

OSV•added 2025/05/01 2:15 p.m.•1 views

DEBIAN-CVE-2025-37784

5.5CVSS5.5AI score0.00064EPSS

RedhatCVE•added 2025/04/06 4:28 p.m.•15 views

CVE-2025-32118

Unrestricted Upload of File with Dangerous Type vulnerability in NiteoThemes CMP – Coming Soon & Maintenance cmp-coming-soon-maintenance allows Using Malicious Files.This issue affects CMP – Coming Soon & Maintenance: from n/a through = 4.1.14...

9.1CVSS7.2AI score0.00402EPSS

Exploits1References1

NVD•added 2025/04/04 4:15 p.m.•9 views

CVE-2025-32118

9.1CVSS0.00402EPSS

Exploits1References1

Vulnrichment•added 2025/04/04 3:58 p.m.•26 views

CVE-2025-32118 WordPress CMP – Coming Soon & Maintenance plugin <= 4.1.13 - Remote Code Execution (RCE) vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in NiteoThemes CMP – Coming Soon & Maintenance allows Using Malicious Files. This issue affects CMP – Coming Soon & Maintenance: from n/a through 4.1.13...

9.1CVSS7.2AI score0.00402EPSS

Exploits1References1

Patchstack•added 2025/04/04 1:18 p.m.•9 views

WordPress CMP – Coming Soon & Maintenance plugin <= 4.1.14 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by savphill in WordPress Plugin CMP – Coming Soon & Maintenance versions = 4.1.14...

9.1CVSS8.5AI score0.00402EPSS

Exploits1Affected Software1

vulnersOsv•added 2025/03/27 6:0 p.m.•3 views

@ekyc_qoobiss/qbs-cid-cmp (>=1.0.5 <=1.5.9), @ekyc_qoobiss/qbs-ect-cmp (>=1.2.0 <=4.8.0) +56 more potentially affected by CVE-2025-27793 via vega-functions (>=5.10.0 <=5.16.0)

vega-functions NPM version =5.10.0, =1.0.5, =1.2.0, =0.0.2, =0.1.2, =0.5.0, =1.0.0, =1.0.7, =0.1.4, =0.6.2, =1.0.1, =2.8.0-canary.140, =2.27.0 and more Source cves: CVE-2025-27793 Source advisory: OSV:GHSA-963H-3V39-3PQF...

5.3CVSS5.9AI score0.00468EPSS

NVD•added 2025/03/06 12:15 p.m.•11 views

CVE-2025-1666

The Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the senduninstallsurvey function in all versions up to, and including, 4.4.1. This makes it possible for authenticate...

4.3CVSS0.00091EPSS

Vulnrichment•added 2025/03/06 11:11 a.m.•7 views

CVE-2025-1666 Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics <= 4.4.1 - Missing Authorization to Authenticated (Subscriber+) Survey Submission

4.3CVSS6.7AI score0.00091EPSS

CVE•added 2025/03/06 11:11 a.m.•73 views

CVE-2025-1666

CVE-2025-1666 refers to the WordPress cookie banner plugin Cookiebot CMP by Usercentrics. The Red Hat entry and Wordfence coverage confirm a vulnerability caused by a missing capability check in send_uninstall_survey() affecting all versions up to 4.4.1, allowing authenticated attackers with Subs...

4.3CVSS6.7AI score0.00091EPSS

Cvelist•added 2025/03/06 11:11 a.m.•14 views

CVE-2025-1666 Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics <= 4.4.1 - Missing Authorization to Authenticated (Subscriber+) Survey Submission

4.3CVSS0.00091EPSS

OSSF Malicious Packages•added 2025/02/28 4:25 p.m.•2 views

Malicious code in cmp-ocr-liveness-acquisition (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 867eeaa4b91a53b10e36a59a627a3ea2e8164a4ec9b0d9f3829fb936f71330bf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

OSSF Malicious Packages•added 2025/02/28 4:25 p.m.•4 views

Malicious code in cmp-dossier-tracking (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ca47cddd0ff04336d55d7da2799d42183ab77e8b7270202739f7728e7904f712 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score