CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string with relocation of later dat...

5.8CVSS5.8AI score0.00042EPSS

Exploits0References3

Positive Technologies•added 2025/07/24 12:0 a.m.•0 views

PT-2025-30676 · Wwbn +1 · Avideo +1

Name of the Vulnerable Software and Affected Versions: WWBN AVideo version 14.4 WWBN AVideo dev master commit 8a8954ff Description: A cross-site scripting xss issue exists in the LoginWordPress loginForm cancelUri parameter functionality. A crafted HTTP request can lead to arbitrary Javascript...

9.6CVSS6.2AI score0.00703EPSS

Exploits1References6

CNNVD•added 2025/07/20 12:0 a.m.•2 views

Thinkgem JeeSite 代码注入漏洞

Thinkgem JeeSite is an open source Java EE enterprise-class rapid development platform for China Zhuo Yuan Thinkgem company . The platform includes system permissions components , data permissions components , data dictionary components , core tools components , view manipulation components ,...

5.4CVSS4.5AI score0.00198EPSS

Exploits1References7

OSV•added 2025/07/08 2:15 p.m.•2 views

AZL-65048 CVE-2025-7345 affecting package gdk-pixbuf2 for versions less than 2.40.0-8

A flaw exists in gdk‑pixbuf within the gdkpixbufjpegimageloadincrement function io-jpeg.c and in glib’s gbase64encodestep glib/gbase64.c. When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory,...

7.5CVSS7.2AI score0.00938EPSS

Exploits0References1

OSV•added 2025/07/07 1:15 p.m.•2 views

CVE-2025-6209

A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...

7.5CVSS7.3AI score

Exploits0References2

Snyk•added 2025/07/07 12:44 p.m.•1 views

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the encodeimage function. An attacker can access arbitrary files on the server by supplying crafted imagepath values...

9.3CVSS7.9AI score0.00443EPSS

Exploits1References2

Snyk•added 2025/07/01 7:41 p.m.•1 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the ImagingBcnEncode function. An attacker can cause memory corruption or potentially execute arbitrary code by saving a specially crafted, large DDS image file as compressed data. Note: This is only...

8.3CVSS8AI score0.00103EPSS

Exploits1References2

SUSE CVE•added 2025/06/30 11:42 p.m.•1 views

SUSE CVE-2025-6816

A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5Ofsinfoencode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to...

4.8CVSS3.4AI score0.00145EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by