Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3637 matches found

CVE
CVEadded 2025/12/28 3:32 a.m.16 views

CVE-2025-15119

Summary: CVE-2025-15119 affects JeecgBoot up to 3.9.0. The vulnerability lies in the function queryPageList of the file /sys/sysDepartRole/list, where manipulating the department identifier (deptId) enables improper authorization. This can be exploited remotely with high exploit complexity; explo...

3.1CVSS6.3AI score0.00237EPSS
Exploits1References4Affected Software1
NVD
NVDadded 2025/12/28 3:15 a.m.7 views

CVE-2025-15116

A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing a manipulation results in race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...

6.3CVSS0.00382EPSS
Exploits1References5
OSV
OSVadded 2025/12/28 3:15 a.m.4 views

CVE-2025-15116

A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing a manipulation results in race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...

4.8CVSS4.2AI score
Exploits0References5
Cvelist
Cvelistadded 2025/12/28 2:2 a.m.27 views

CVE-2025-15116 OpenCart Single-Use Coupon race condition

A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing a manipulation results in race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...

6.3CVSS0.00382EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2025/12/28 12:0 a.m.5 views

PT-2025-53656

Name of the Vulnerable Software and Affected Versions Halo versions up to 2.21.10 Description A flaw exists in Halo, specifically within the Configuration Handler component. This issue involves the processing of the /actuator file and can lead to information disclosure. The attack can be carried...

3.1CVSS5.5AI score0.00217EPSS
Exploits0References9
NVD
NVDadded 2025/12/27 5:15 p.m.9 views

CVE-2025-15108

A vulnerability was detected in PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5. This affects an unknown function of the file config.yml of the component JWT Secret Handler. The manipulation of the argument key results in use of hard-coded cryptographic key . The attack may be...

6.3CVSS0.00274EPSS
Exploits0References4
Cvelist
Cvelistadded 2025/12/27 4:32 p.m.19 views

CVE-2025-15108 PandaXGO PandaX JWT Secret config.yml hard-coded key

A vulnerability was detected in PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5. This affects an unknown function of the file config.yml of the component JWT Secret Handler. The manipulation of the argument key results in use of hard-coded cryptographic key . The attack may be...

6.3CVSS0.00274EPSS
Exploits0References4
CVE
CVEadded 2025/12/27 4:32 p.m.14 views

CVE-2025-15108

PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5 is affected in the JWT Secret Handler component. The issue stems from manipulating the key argument in config.yml, resulting in use of a hard-coded cryptographic key. The vulnerability can be exploited remotely and is described with h...

6.3CVSS6.1AI score0.00274EPSS
Exploits0References4
OSV
OSVadded 2025/12/27 3:30 p.m.4 views

GHSA-43H9-HC38-QPH5 SQLE's JWT Secret Handler can be manipulated to use hard-coded cryptographic key

A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic key. The attack is...

6.3CVSS4.3AI score0.00564EPSS
Exploits1References8
NVD
NVDadded 2025/12/27 1:15 p.m.3 views

CVE-2025-15107

A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic key . The attack is...

8.1CVSS0.00564EPSS
Exploits1References5
EUVD
EUVDadded 2025/12/27 9:30 a.m.13 views

EUVD-2025-205469

A security flaw has been discovered in getmaxun maxun up to 0.0.28. Impacted is an unknown function of the file /getmaxun/maxun/blob/develop/server/src/routes/auth.ts. Performing manipulation of the argument apikey results in use of hard-coded cryptographic key . Remote exploitation of the attack...

6.3CVSS5.9AI score0.00458EPSS
Exploits1References5
RedhatCVE
RedhatCVEadded 2025/12/26 7:2 p.m.13 views

CVE-2025-15084

A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to...

3.1CVSS6.5AI score0.00245EPSS
Exploits1References1
EUVD
EUVDadded 2025/12/25 9:30 p.m.4 views

EUVD-2025-205383

A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to...

3.1CVSS6.2AI score0.00245EPSS
Exploits1References5
OSV
OSVadded 2025/12/25 7:15 p.m.3 views

CVE-2025-15084

A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to...

3.1CVSS5.3AI score0.00245EPSS
Exploits1References4
CVE
CVEadded 2025/12/25 6:32 p.m.8 views

CVE-2025-15084

CVE-2025-15084 affects youlaitech youlai-mall versions 1.0.0–2.0.0, specifically the Order Payment Handler’s OrderController.payOrder in mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/. The root cause is improper access controls in the orderService.payOrder function, enabling ...

3.1CVSS4.3AI score0.00245EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessusadded 2025/12/23 12:0 a.m.4 views

AlmaLinux 9 : python3.9 (ALSA-2025:23342)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:23342 advisory. python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used CVE-2024-5642 cpython: Python HTMLParser quadratic complexity...

6.5CVSS6.4AI score0.00744EPSS
Exploits0References6
EUVD
EUVDadded 2025/12/22 12:32 a.m.5 views

EUVD-2025-204679

A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument KRECAPTCHASITEKEY/KRECAPTCHASECRETKEY results in use of hard-coded cryptographic key . It is possibl...

6.3CVSS6.1AI score0.00397EPSS
Exploits1References6
Vulnrichment
Vulnrichmentadded 2025/12/22 12:32 a.m.4 views

CVE-2025-15005 CouchCMS reCAPTCHA config.example.php hard-coded key

A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument KRECAPTCHASITEKEY/KRECAPTCHASECRETKEY results in use of hard-coded cryptographic key . It is possibl...

6.3CVSS4.2AI score0.00397EPSS
Exploits1References5
Tenable Nessus
Tenable Nessusadded 2025/12/22 12:0 a.m.11 views

AlmaLinux 8 : python39:3.9 (ALSA-2025:23530)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:23530 advisory. python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used CVE-2024-5642 python: Virtual environment venv activation scripts don't...

9.4CVSS6.8AI score0.01437EPSS
Exploits14References14
RedhatCVE
RedhatCVEadded 2025/12/20 4:4 p.m.6 views

CVE-2025-14954

A vulnerability has been found in Open5GS up to 2.7.6. Affected is the function ogspfcppdrfindoradd/ogspfcpfarfindoradd/ogspfcpurrfindoradd/ogspfcpqerfindoradd in the library lib/pfcp/context.c of the component QER/FAR/URR/PDR. The manipulation leads to reachable assertion. It is possible to...

6.3CVSS4.5AI score0.00501EPSS
Exploits1References1
Rows per page
Query Builder