CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5243 matches found

Vulnrichment•added 2025/11/07 5:47 p.m.•4 views

CVE-2025-64347 Apollo Router Improperly Enforces Renamed Access Control Directives

Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Versions 1.61.12-rc.0 and below and 2.8.1-rc.0 allow unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes...

7.5CVSS6.3AI score0.00272EPSS

Exploits0References2

CVE•added 2025/11/07 5:47 p.m.•18 views

CVE-2025-64347

CVE-2025-64347 concerns Apollo Router Core. Affected: Router Core with Apollo Federation 2, specifically versions 1.61.12-rc.0 and below, and 2.8.1-rc.0 and below. Root cause: access control directives renamed via @link imports were not enforced on renamed schema elements (e.g., fields and types)...

7.5CVSS6.3AI score0.00272EPSS

Exploits0References2

RedhatCVE•added 2025/11/07 5:32 p.m.•5 views

CVE-2025-62044

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodexThemes TheGem Theme Elements for WPBakery thegem-elements.This issue affects TheGem Theme Elements for WPBakery: from n/a through = 5.10.5.1...

6.5CVSS6.4AI score0.00218EPSS

Exploits0References1

RedhatCVE•added 2025/11/07 5:32 p.m.•4 views

CVE-2025-62045

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CodexThemes TheGem Theme Elements for WPBakery thegem-elements.This issue affects TheGem Theme Elements for WPBakery: from n/a through = 5.10.5.1...

8.1CVSS7.1AI score0.00443EPSS

Exploits0References1

EUVD•added 2025/11/06 6:32 p.m.•3 views

EUVD-2025-38066

A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...

7.1CVSS5.9AI score0.00288EPSS

Exploits1References3

EUVD•added 2025/11/06 6:32 p.m.•4 views

EUVD-2025-38079

6.5CVSS5.9AI score0.00218EPSS

Exploits0References2

EUVD•added 2025/11/06 6:32 p.m.•4 views

EUVD-2025-38078

8.1CVSS6.6AI score0.00443EPSS

Exploits0References2

NVD•added 2025/11/06 4:16 p.m.•18 views

CVE-2025-62044

6.5CVSS0.00218EPSS

Exploits0References1

NVD•added 2025/11/06 4:16 p.m.•9 views

CVE-2025-62045

8.1CVSS0.00443EPSS

Exploits0References1

Cvelist•added 2025/11/06 3:55 p.m.•10 views

CVE-2025-62045 WordPress TheGem Theme Elements (for WPBakery) plugin <= 5.10.5.1 - Local File Inclusion vulnerability

8.1CVSS0.00443EPSS

Exploits0References1

CVE•added 2025/11/06 3:55 p.m.•22 views

CVE-2025-62045

CVE-2025-62045 is a Local File Inclusion vulnerability in the WordPress plugin TheGem Theme Elements (for WPBakery) — TheGem Elements (thegem-elements). Affected versions are up to 5.10.5.1. Root cause: improper control of the filename used in include/require statements in PHP, enabling LFI. Impa...

8.1CVSS6.7AI score0.00443EPSS

Exploits0References1

Vulnrichment•added 2025/11/06 3:55 p.m.•4 views

CVE-2025-62044 WordPress TheGem Theme Elements (for WPBakery) plugin <= 5.10.5.1 - Cross Site Scripting (XSS) vulnerability

6.5CVSS6AI score0.00218EPSS

Exploits0References1

Cvelist•added 2025/11/06 3:55 p.m.•12 views

CVE-2025-62044 WordPress TheGem Theme Elements (for WPBakery) plugin <= 5.10.5.1 - Cross Site Scripting (XSS) vulnerability

6.5CVSS0.00218EPSS

Exploits0References1

CVE•added 2025/11/06 3:55 p.m.•19 views

CVE-2025-62044

CVE-2025-62044 corresponds to a cross-site scripting (XSS) vulnerability in TheGem Theme Elements (for WPBakery) by CodexThemes. Multiple connected sources (NVD/Red Hat/EUVD/Wordfence/PATCHSTACK) confirm the issue affects TheGem Theme Elements (for WPBakery): input neutralization during web page ...

6.5CVSS6AI score0.00218EPSS

Exploits0References1

EUVD•added 2025/11/06 3:53 p.m.•3 views

EUVD-2025-38004

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hiecor HieCOR Payment Gateway Plugin hcv4-payment-gateway allows SQL Injection.This issue affects HieCOR Payment Gateway Plugin: from n/a through = 1.5.11...

7.1AI score0.003EPSS

Exploits0References2

Github Security Blog•added 2025/11/06 3:45 p.m.•10 views

Apollo Router Improperly Enforces Renamed Access Control Directives

Summary A vulnerability in Apollo Router allowed for unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes, and @policy that were renamed via @link imports. Router did not enforce renamed access control directives on schema...

7.5CVSS6.9AI score0.00272EPSS

Exploits0References4Affected Software1

CNNVD•added 2025/11/06 12:0 a.m.•4 views

WordPress plugin TheGem Theme Elements 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

8.1CVSS6.7AI score0.00443EPSS

Exploits0References1

CNNVD•added 2025/11/06 12:0 a.m.•3 views

WordPress plugin TheGem Theme Elements 安全漏洞

6.5CVSS6AI score0.00218EPSS

Exploits0References1

Positive Technologies•added 2025/11/06 12:0 a.m.•6 views

PT-2025-45309

6.5CVSS6.4AI score0.00218EPSS

Exploits0References2

Tenable Nessus•added 2025/11/06 12:0 a.m.•7 views

Oracle Linux 10 : qt6-qtsvg (ELSA-2025-19772)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-19772 advisory. 6.8.1-1.1 - Fix CVE-2025-10729: Prevent dangling pointers from misplaced elements Resolves: RHEL-119697 Tenable has extracted the preceding description block...

9.4CVSS8.2AI score0.00199EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by