CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19174 matches found

Microsoft CVE•added 2025/12/16 9:1 a.m.•4 views

Portworx Half-Blind SSRF in kube-controller-manager

...

5.8CVSS7AI score0.00355EPSS

Exploits0

Positive Technologies•added 2025/12/16 12:0 a.m.•8 views

PT-2025-51678

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.13.2-ga1582f1a031e Description The Linux kernel had a flaw related to the admin request queue lifetime in the NVMe subsystem. Namespaces could access the controller's admin request queue, and stale references...

6.3AI score0.00178EPSS

Exploits0

Positive Technologies•added 2025/12/16 12:0 a.m.•4 views

PT-2025-51691

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to a race condition within the dwc3 remove requests function. This occurs due to unsynchronized execution of multiple call paths, potentially...

5.5AI score0.00194EPSS

Exploits0

Positive Technologies•added 2025/12/16 12:0 a.m.•7 views

PT-2025-51708

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Bluetooth implementation within the Linux kernel, specifically in the hci core component. The issue relates to improper locking mechanisms when handling Bluetooth...

9.8CVSS6.3AI score0.00378EPSS

Exploits6References216

NVD•added 2025/12/15 9:15 p.m.•13 views

CVE-2025-14722

A vulnerability was determined in vion707 DMadmin up to 3403cafdb42537a648c30bf8cbc8148ec60437d1. This impacts the function Add of the file Admin/Controller/AddonsController.class.php of the component Backend. Executing manipulation can lead to cross site scripting. The attack can be executed...

4.8CVSS0.00202EPSS

Exploits0References4

Cvelist•added 2025/12/15 8:32 p.m.•27 views

CVE-2025-14722 vion707 DMadmin Backend AddonsController.class.php add cross site scripting

4.8CVSS0.00202EPSS

Exploits0References4

CVE•added 2025/12/15 8:32 p.m.•8 views

CVE-2025-14722

CVE-2025-14722 affects vion707 DMadmin (Backend) with a Cross-Site Scripting vulnerability in the Add function of Admin/Controller/AddonsController.class.php. A remote attacker can manipulate input to trigger XSS; exploits have been publicly disclosed. Affected versions are prior to 3403cafdb4253...

4.8CVSS5AI score0.00202EPSS

Exploits0References4

Vulnrichment•added 2025/12/15 8:32 p.m.•1 views

CVE-2025-14722 vion707 DMadmin Backend AddonsController.class.php add cross site scripting

4.8CVSS5AI score0.00202EPSS

Exploits0References4

RedhatCVE•added 2025/12/15 4:20 p.m.•5 views

CVE-2025-13281

A half-blind Server-Side Request Forgery SSRF found in kube-controller-manager that can be triggered when using the legacy in-tree Portworx StorageClass. An authorized user with sufficient privileges can cause the controller to make requests to internal, host-network–accessible endpoints,...

5.8CVSS6.5AI score0.00355EPSS

Exploits0References5

NVD•added 2025/12/15 4:15 p.m.•3 views

CVE-2025-13824

A security issue exists due to improper handling of malformed CIP packets during fuzzing. The controller enters a hard fault with solid red Fault LED and becomes unresponsive. Upon power cycle, the controller will enter recoverable fault where the MS LED and Fault LED become flashing red and...

8.7CVSS0.00314EPSS

Exploits0References1

Github Security Blog•added 2025/12/15 12:30 a.m.•9 views

kube-controller-manager is vulnerable to half-blind Server Side Request Forgery through in-tree Portworx StorageClass

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

5.8CVSS6.8AI score0.00355EPSS

Exploits0References8Affected Software1

EUVD•added 2025/12/15 12:30 a.m.•4 views

EUVD-2025-203310

5.8CVSS6.2AI score0.00355EPSS

Exploits0References4

OSV•added 2025/12/15 12:30 a.m.•5 views

GHSA-R6J8-C6R2-37RR kube-controller-manager is vulnerable to half-blind Server Side Request Forgery through in-tree Portworx StorageClass

5.8CVSS6.7AI score0.00355EPSS

Exploits0References9

CNNVD•added 2025/12/15 12:0 a.m.•2 views

Rockwell Automation多款产品安全漏洞

The Rockwell Automation Micro820, among others, is a programmable controller from Rockwell Automation USA. A security vulnerability in several Rockwell Automation products, which stems from improper handling of malformed packets by the IPv6 stack, could cause the controller to enter a recoverable...

7.1CVSS6.7AI score0.00177EPSS

Exploits0References2

Positive Technologies•added 2025/12/15 12:0 a.m.•4 views

PT-2025-51312

Name of the Vulnerable Software and Affected Versions vion707 DMadmin versions prior to 3403cafdb42537a648c30bf8cbc8148ec60437d1 Description A cross-site scripting issue exists in vion707 DMadmin. The issue is located in the Add function of the Admin/Controller/AddonsController.class.php file...

4.8CVSS3.4AI score0.00202EPSS

Exploits0References7

CNNVD•added 2025/12/15 12:0 a.m.•2 views

DMadmin 代码注入漏洞

DMadmin is China vion707 open source a basic interface framework . DMadmin code injection vulnerability exists , the vulnerability stems from the file Admin/Controller/AddonsController.class.php in the Add function there is a cross-site scripting vulnerability can be exploited remotely...

4.8CVSS4.3AI score0.00202EPSS

Exploits0References5

OSV•added 2025/12/14 10:15 p.m.•8 views

AZL-72382 CVE-2025-13281 affecting package kubernetes for versions less than 1.30.10-18

5.8CVSS5.9AI score0.00355EPSS

Exploits0References1

NVD•added 2025/12/14 10:15 p.m.•7 views

CVE-2025-13281

5.8CVSS0.00355EPSS

Exploits0References3

OSV•added 2025/12/14 10:15 p.m.•6 views

DEBIAN-CVE-2025-13281