CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3491 matches found

Positive Technologies•added 2026/02/11 12:0 a.m.•2 views

PT-2026-7485

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions prior to 1.5.13 Roundcube Webmail versions prior to 1.6.13 Description The webmail application allows for Cascading Style Sheets CSS injection due to improper handling of comments. This can potentially lead to...

9.3CVSS5.1AI score0.50951EPSS

Exploits7References41

OSV•added 2026/02/10 8:48 a.m.•3 views

BIT-GOLANG-2025-61732 Potential code smuggling via doc comments in cmd/cgo

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...

8.6CVSS5.5AI score0.00003EPSS

Exploits0References5

Packet Storm News•added 2026/02/10 12:0 a.m.•2 views

When Skills Lie: Hidden-Comment Injection in LLM Agents

LLM agents often rely on Skills to describe available tools and recommended procedures. We study a hidden-comment prompt injection risk in this documentation layer: when a Markdown Skill is rendered to HTML, HTML comment blocks can become invisible to human reviewers, yet the raw text may still b...

5.5AI score

Exploits0

RedhatCVE•added 2026/02/09 1:33 a.m.•0 views

CVE-2026-25567

WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier...

5.3CVSS5.3AI score0.00014EPSS

Exploits0References1

OSV•added 2026/02/07 10:16 p.m.•1 views

CVE-2026-25567

4.3CVSS5.3AI score

Exploits0References3

NVD•added 2026/02/07 10:16 p.m.•2 views

CVE-2026-25567

5.3CVSS0.00014EPSS

Exploits0References3

CVE•added 2026/02/07 9:58 p.m.•10 views

CVE-2026-25567

WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user’s identifier. Affected software: ...

5.3CVSS5.4AI score0.00014EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 2026/02/07 9:58 p.m.•4 views

CVE-2026-25567

5.3CVSS5.3AI score0.00014EPSS

Exploits0References4

SUSE CVE•added 2026/02/07 12:23 a.m.•3 views

SUSE CVE-2026-25578

Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, a cross-site scripting vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials. This issue has been patched i...

6.1CVSS5.1AI score0.00018EPSS

Exploits1References3

Positive Technologies•added 2026/02/07 12:0 a.m.•5 views

PT-2026-6930

Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.19 Description WeKan contains an insecure direct object reference IDOR in the card comment creation API. The API endpoint accepts an authorId from the request body, which allows an authenticated user to spoof the...

5.3CVSS5.4AI score0.00014EPSS

Exploits0References7

SUSE CVE•added 2026/02/06 12:34 a.m.•5 views

SUSE CVE-2025-61732

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...

9.6CVSS5.3AI score0.00003EPSS

Exploits0References19

Positive Technologies•added 2026/02/06 12:0 a.m.•3 views

PT-2026-6740

Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. Attackers can post comments with embedded JavaScript through the 'content' parameter in add comment sql.php to execute...

6.4CVSS5.5AI score0.00072EPSS

Exploits0References4

OSV•added 2026/02/05 4:15 a.m.•4 views

CVE-2025-61732

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...

8.6CVSS5.5AI score

Exploits0References4

OSV•added 2026/02/05 4:15 a.m.•1 views

AZL-76743 CVE-2025-61732 affecting package msft-golang 1.24.13-1

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...

8.6CVSS7.4AI score0.00003EPSS

Exploits0References1