CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

368 matches found

Positive Technologies•added 2025/06/13 12:0 a.m.•2 views

PT-2025-25377 · WordPress · Wp Sliding Login/Dashboard Panel

Name of the Vulnerable Software and Affected Versions: WP Sliding Login/Dashboard Panel plugin versions up to, and including, 2.1.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the wp sliding panel user options function. This allo...

4.3CVSS4.3AI score0.00046EPSS

Exploits0References6

Positive Technologies•added 2025/06/04 12:0 a.m.•4 views

PT-2025-23854 · Listmonk · Listmonk

Name of the Vulnerable Software and Affected Versions: Listmonk versions 2.4.0 through 4.1.0 Description: The issue allows attackers to escalate privileges through SQL Injection in the QuerySubscribers function. Recommendations: For versions 2.4.0 through 4.1.0, consider disabling the...

6.5CVSS7.8AI score0.00292EPSS

Exploits0References9

RedhatCVE•added 2025/05/31 3:52 p.m.•9 views

CVE-2025-48472

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, there is no check to ensure that the user is disabling notifications for the mailbox to which they already have access. Moreover, the code explicitly implements functionality that if the user does not have...

8.1CVSS7.2AI score0.00236EPSS

Exploits1References1

Positive Technologies•added 2025/05/25 12:0 a.m.•2 views

PT-2025-23510 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6500 versions 1.0.013.001 through 1.2.07.001 Linksys RE6250 versions 1.0.013.001 through 1.2.07.001 Linksys RE6300 versions 1.0.013.001 through 1.2.07.001 Linksys RE6350 versions 1.0.013.001 through 1.2.07.001 Linksys RE7000 version...

9.8CVSS6.6AI score0.0843EPSS

Exploits1References11

RedhatCVE•added 2025/05/23 10:34 a.m.•3 views

CVE-2024-45298

Wiki.js is an open source wiki app built on Node.js. A disabled user can still gain access to a wiki by abusing the password reset function. While setting up SMTP e-mail's on my server, I tested said e-mails by performing a password reset with my test user. To my shock, not only did it let me res...

4.3CVSS7.1AI score0.00048EPSS

Exploits0

RedhatCVE•added 2025/05/22 11:6 p.m.•9 views

CVE-2022-34817

A cross-site request forgery CSRF vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs...

4.3CVSS6.7AI score0.00083EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 8:47 p.m.•1 views

CVE-2021-22511

Improper Certificate Validation vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow unconditionally disabling of SSL/TLS certificates...

6.5CVSS6.8AI score0.00091EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 9:15 a.m.•7 views

CVE-2019-15685

Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product's security features as private browsing and...

4.3CVSS6.9AI score0.00327EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 9:15 a.m.•5 views

CVE-2019-15686

Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable various anti-virus protection features. DoS, Bypass...

5.8CVSS6.9AI score0.00255EPSS

Exploits0References1

Positive Technologies•added 2025/05/15 12:0 a.m.•2 views

PT-2025-21512 · WordPress · Javascript Logic

Name of the Vulnerable Software and Affected Versions: JavaScript Logic WordPress plugin versions 0.1 and earlier Description: The issue concerns a lack of CSRF check in some areas of the plugin, along with missing sanitization and escaping. This could allow attackers to make logged-in admins add...

6.1CVSS5.9AI score0.00109EPSS

Exploits1References3

Positive Technologies•added 2025/05/14 12:0 a.m.•2 views

PT-2025-22646 · Openssl +1 · Openssl +1

Name of the Vulnerable Software and Affected Versions: openssl-3 affected versions not specified Description: The issue concerns a timing side channel vulnerability in the P-384 implementation when used with ECDSA in the PPC architecture. Additionally, there is a missing null pointer check before...

5.3CVSS5.8AI score0.00224EPSS

Exploits0References34

CNNVD•added 2025/05/14 12:0 a.m.•2 views

Palo Alto Networks Cortex XDR Broker VM 访问控制错误漏洞

Palo Alto Networks Cortex XDR Broker VM is a secure virtual machine from Palo Alto Networks, Inc. that integrates with Cortex XDR to bridge the network and Cortex XDR. A security vulnerability exists in the Palo Alto Networks Cortex XDR Broker VM that stems from a lack of authentication that coul...

6.9CVSS6.8AI score0.00364EPSS

Exploits0References2

CNNVD•added 2025/05/14 12:0 a.m.•1 views

Palo Alto Networks GlobalProtect 安全漏洞

Palo Alto Networks GlobalProtect is a suite of network protection software from Palo Alto Networks, USA. The software provides features such as firewall monitoring and threat prevention. A security vulnerability exists in Palo Alto Networks GlobalProtect that stems from an improper assignment of...

5.2CVSS6.6AI score0.00228EPSS

Exploits0References2

Positive Technologies•added 2025/05/09 12:0 a.m.•1 views

PT-2025-20560

Name of the Vulnerable Software and Affected Versions: Avira Prime version 1.1.96.2 Description: The issue allows local attackers to gain system-level privileges via arbitrary file deletion. This is a local privilege escalation issue in Avira.Spotlight.Service.exe. Recommendations: For Avira Prim...

7.8CVSS6.8AI score0.00075EPSS

Exploits0References6

RedhatCVE•added 2025/05/04 4:9 p.m.•3 views

CVE-2022-49933

No description is available for this CVE...

5.5CVSS6.5AI score

Exploits0References4