CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3856 matches found

CVE•added 2025/12/02 6:32 p.m.•11 views

CVE-2025-66459

CVE-2025-66459 affects Lookyloo prior to version 1.35.3. The vulnerability is an XSS caused by unescaped/error message content that is propagated to innerHTML when a capture fails and the list of URLs includes an HTML element. Multiple connected sources (NVD, Red Hat, CVE list, OSV, CNNVD, etc.) ...

6.1CVSS5.6AI score0.00253EPSS

Exploits0References4Affected Software1

CNNVD•added 2025/12/02 12:0 a.m.•3 views

Lookyloo 跨站脚本漏洞

Lookyloo is a website capture tool from Lookyloo open source. A cross-site scripting vulnerability exists in Lookyloo versions prior to 1.35.3, which stems from an unfiltered URL in an error message and could lead to a cross-site scripting attack...

6.1CVSS6AI score0.00253EPSS

Exploits0References5

Positive Technologies•added 2025/12/02 12:0 a.m.•4 views

PT-2025-48752

Name of the Vulnerable Software and Affected Versions Lookyloo versions prior to 1.35.3 Description Lookyloo is a web interface used to capture website pages and display a tree of domains that interact with each other. A cross-site scripting XSS issue can occur when a user submits URLs for captur...

6.1CVSS5.3AI score0.00253EPSS

Exploits0References7

OSV•added 2025/11/20 8:16 p.m.•4 views

CVE-2025-52671

Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use...

4.3CVSS6.8AI score

Exploits0References1

Positive Technologies•added 2025/11/20 12:0 a.m.•8 views

PT-2025-47621

4.3CVSS6.8AI score0.00307EPSS

Exploits1References1

CNNVD•added 2025/11/13 12:0 a.m.•3 views

Directus 安全漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 11.13.0 that stems from a REST API error message discrepancy that could lead to the disclosure of unauthorized...

4.3CVSS6.1AI score0.00302EPSS

Exploits1References3

Tenable Nessus•added 2025/11/13 12:0 a.m.•4 views

Siemens SIMATIC S7-1500 Generation of Error Message Containing Sensitive Information (CVE-2022-0563)

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an INPUTRC environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the...

5.5CVSS6.3AI score0.0043EPSS

Exploits0References4

Snyk•added 2025/11/07 1:41 a.m.•3 views

Cross-site Scripting (XSS)

Overview @nuxt/devtools is a Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper sanitization of error messages on DevTools authentication page. An attacker can extract authentication tokens by tricking a user into interacting with maliciously crafted...

6.9CVSS5.5AI score0.002EPSS

Exploits1References2

EUVD•added 2025/10/30 12:31 a.m.•4 views

EUVD-2025-36737

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

5.3CVSS6.2AI score0.00414EPSS

Exploits0References5

CNNVD•added 2025/10/29 12:0 a.m.•3 views

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google USA. A security vulnerability exists in Google Go that stems from an error message not escaping attacker-controlled data when ALPN negotiation fails, which could lead to informatio...

5.3CVSS6.1AI score0.00414EPSS

Exploits0References5

EUVD•added 2025/10/16 9:31 p.m.•4 views

EUVD-2025-34831

D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Login' endpoint returns distinct JSON responses depending on whether the supplied username is associated with an existing account. Because the responses differ in the...

6.9CVSS6.6AI score0.00954EPSS

Exploits0References4

Vulnrichment•added 2025/10/16 6:52 p.m.•3 views

CVE-2025-34254 D-Link Nuclias Connect <= v1.3.1.4 Login Account Enumeration

6.9CVSS6.8AI score0.00954EPSS

Exploits0References3

ATTACKERKB•added 2025/10/16 6:52 p.m.•3 views

CVE-2025-34254

6.9CVSS5.8AI score0.00954EPSS

Exploits0References4

RedhatCVE•added 2025/10/15 5:44 p.m.•2 views

CVE-2025-55676

Generation of error message containing sensitive information in Windows USB Video Driver allows an authorized attacker to disclose information locally...

5.5CVSS6.4AI score0.00599EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•7 views

EUVD-2015-8546

Malware in sbrugna...

5.3CVSS5.7AI score0.02197EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2012-0097

Malware in sbrugna...

4.3CVSS6.1AI score0.01642EPSS

Exploits0References6