CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3498 matches found

OSV•added 2025/11/21 6:13 p.m.•3 views

RLSA-2025:21255 Moderate: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap CVE-2025-9230 For more details about the securi...

5.6CVSS6.5AI score0.0177EPSS

Exploits0References2

OSV•added 2025/11/21 9:4 a.m.•3 views

BIT-GITLAB-2025-6945 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to leak sensitive information from confidential issues by injecting hidden prompts into merge request comments...

3.5CVSS6.5AI score0.00233EPSS

Exploits0References4

RedhatCVE•added 2025/11/17 7:3 a.m.•4 views

CVE-2025-6945

3.5CVSS6.6AI score0.00233EPSS

Exploits0References1

EUVD•added 2025/11/17 6:30 a.m.•5 views

EUVD-2025-197764

The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the parsedynamicmfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post...

9CVSS7.4AI score0.19241EPSS

Exploits1References2

EUVD•added 2025/11/15 9:30 a.m.•4 views

EUVD-2025-197691

3.5CVSS6.1AI score0.00233EPSS

Exploits0References4

NVD•added 2025/11/15 8:15 a.m.•3 views

CVE-2025-6945

3.5CVSS0.00233EPSS

Exploits0References3

OSV•added 2025/11/15 8:15 a.m.•4 views

UBUNTU-CVE-2025-6945

3.5CVSS5.8AI score0.00233EPSS

Exploits0References5

Cvelist•added 2025/11/15 8:4 a.m.•18 views

CVE-2025-6945 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab

3.5CVSS0.00233EPSS

Exploits0References3

Vulnrichment•added 2025/11/15 8:4 a.m.•2 views

CVE-2025-6945 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab

3.5CVSS5.9AI score0.00233EPSS

Exploits0References3

CVE•added 2025/11/15 8:4 a.m.•13 views

CVE-2025-6945

CVE-2025-6945 concerns GitLab EE in versions 17.8–18.3.6, 18.4–18.4.4, and 18.5–18.5.2, where an authenticated attacker could leak sensitive information from confidential issues by injecting hidden prompts into merge request comments. Multiple sources confirm GitLab has remediated the issue in th...

3.5CVSS6.2AI score0.00233EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2025/11/13 1:0 a.m.•7 views

CVE-2025-63293

FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization checks in the ticketing/commenting API...

6.5CVSS6.9AI score0.00317EPSS

Exploits1References1

The Hacker News•added 2025/11/11 3:44 p.m.•4 views

GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites

The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings from Huntress. The cybersecurity company said it observed three GootLoader infections since October 27, 2025, out of which two resulted in hands-on keyboard...

6.8AI score

Exploits0

GithubExploit•added 2025/11/05 9:17 a.m.•155 views

webapp-fire

webapp-fire Vulnerable Flask app Mi...

7.3AI score

Exploits0

Vulnrichment•added 2025/11/04 1:8 p.m.•2 views

CVE-2025-41111 Missing Authorization vulnerability in CanalDenuncia.app

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'iddenuncia' in '/backend/api/buscarComentariosByDenuncia.php'...

8.7CVSS6.3AI score0.00241EPSS

Exploits0References1

CVE•added 2025/11/04 1:8 p.m.•9 views

CVE-2025-41111

CVE-2025-41111 affects CanalDenuncia.app with a missing authorization vulnerability. An attacker can access other users’ information by sending a POST to /backend/api/buscarComentariosByDenuncia.php using the id_denuncia parameter. The issue is described consistently across multiple sources (Red ...

8.7CVSS6.3AI score0.00241EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/11/03 12:0 a.m.•7 views

CVE-2025-63293

0.00317EPSS

Exploits1References2

Vulnrichment•added 2025/11/03 12:0 a.m.•3 views

CVE-2025-63293

6.5AI score0.00317EPSS

Exploits1References2

Positive Technologies•added 2025/11/03 12:0 a.m.•2 views

PT-2025-44794

Name of the Vulnerable Software and Affected Versions FairSketch Rise Ultimate Project Manager & CRM version 3.9.4 Description A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization. This is due to missing authorization chec...

6.5CVSS6.5AI score0.00317EPSS

Exploits1References5

Vulnrichment•added 2025/10/31 8:25 a.m.•4 views

CVE-2025-12094 OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) <= 1.2.53 - Unauthenticated IP Header Spoofing

The OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments No CAPTCHA plugin for WordPress is vulnerable to IP Header Spoofing in all versions up to, and including, 1.2.53. This is due to the plugin trusting client-controlled forwarded headers such as CF-Connecting-IP, X-Forwarded-For,...

5.3CVSS5.8AI score0.00277EPSS

Exploits0References3

RedhatCVE•added 2025/10/31 12:13 a.m.•5 views

CVE-2025-61196

An issue in BusinessNext CRMnext v.10.8.3.0 allows a remote attacker to execute arbitrary code via the comments input parameter...

8.8CVSS8AI score0.00456EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by