CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

33 matches found

Fedora•added 2026/04/16 11:42 p.m.•3 views

[SECURITY] Fedora 44 Update: kf6-kded-6.25.0-1.fc44

KDED stands for KDE Daemon which isn't very descriptive. KDED runs in the background and performs a number of small tasks. Some of these tasks are built in, others are started on demand. Custom KDED modules can be provided by 3rd party frameworks and applications...

5.8AI score

Exploits0

CNNVD•added 2026/04/16 12:0 a.m.•5 views

Luanti 安全漏洞

Luanti is an open-source voxel game engine developed by Luanti itself, supporting mods and game creation. Versions of Luanti prior to 5.5.2 contained security vulnerabilities. These vulnerabilities were caused by improper security environment configuration, which could allow custom modules to...

8.1CVSS5.8AI score0.00006EPSS

Exploits0References2

Drupal•added 2026/03/04 12:0 a.m.•6 views

File Access Fix (deprecated) - Moderately critical - Access bypass - SA-CONTRIB-2026-020

This module moves files to and from private storage depending on the access of its owning entities. The module does not sufficiently incorporate the results of hookfiledownload when a custom or contrib module implements that hook leading to access bypass...

5.3CVSS5.8AI score0.00044EPSS

Exploits0References2

VulnCheck KEV•added 2025/11/27 12:0 a.m.•9 views

VulnCheck KEV: CVE-2025-8943

The Custom MCPs feature is designed to execute OS commands, for instance, using tools like npx to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls RBAC. Furthermore, in Flowise versions before 3.0.1 the...

9.8CVSS5.9AI score0.82098EPSS

In wildExploits3References140

Gitee•added 2025/09/13 6:50 p.m.•97 views

pwntools

This is a CTF Capture The Flag framework and exploit development library. It is a Python library that provides a set of tools for developing exploits and performing penetration testing. The library is designed to be extensible and customizable, allowing users to easily add new features and plugin...

7AI score

Exploits0

Tenable Nessus•added 2025/08/05 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2017-6929

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it...

6.1CVSS6.2AI score0.00603EPSS

Exploits0References2

OSV•added 2023/04/26 3:30 p.m.•13 views

GHSA-G36H-4JR6-QMM9 Improper input validation in Drupal core

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...

7.5CVSS7.2AI score0.0047EPSS

Exploits0References3

Github Security Blog•added 2023/04/26 3:30 p.m.•19 views

Improper input validation in Drupal core

7.5CVSS6AI score0.0047EPSS

Exploits0References3Affected Software1

NVD•added 2023/04/26 3:15 p.m.•16 views

CVE-2022-25278

Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules...

6.5CVSS6.5AI score0.00479EPSS

Exploits0References1

UbuntuCve•added 2023/04/26 3:15 p.m.•17 views

CVE-2022-25278

6.5CVSS6.5AI score0.00479EPSS

Exploits0References2

Prion•added 2023/04/26 2:15 p.m.•12 views

Input validation

5CVSS7.3AI score0.0047EPSS

Exploits0References1Affected Software1

UbuntuCve•added 2023/04/26 2:15 p.m.•24 views

CVE-2022-25273

7.5CVSS7AI score0.0047EPSS

Exploits0References2

Vulnrichment•added 2023/04/26 12:0 a.m.•5 views

CVE-2022-25278

6.3AI score0.00479EPSS

Exploits0References1

Vulnrichment•added 2023/04/26 12:0 a.m.•4 views

CVE-2022-25273

7.4AI score0.0047EPSS

Exploits0References1

Drupal•added 2022/05/25 12:0 a.m.•47 views

Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-010

Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released a security update which does not affect Drupal core, but may affect some contributed projects or custom code on Drupal sites. We are issuing this security advisory outside...

8.1CVSS0.4AI score0.00637EPSS

Exploits0References14

Github Security Blog•added 2022/05/14 3:36 a.m.•15 views

Drupal external link injection vulnerability

Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an externa...

5.8CVSS6.8AI score0.00383EPSS

Exploits0References7Affected Software2

OSV•added 2022/05/14 3:36 a.m.•15 views

GHSA-WM86-W3CF-H6VM Drupal external link injection vulnerability

4.7CVSS5.5AI score0.00383EPSS

Exploits0References7

Prion•added 2022/02/16 11:15 p.m.•14 views

Input validation

4.3CVSS7.2AI score0.00355EPSS

Exploits0References3Affected Software2