CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

775 matches found

Packet Storm News•added 2026/01/01 12:0 a.m.•3 views

Advanced Vulnerability Scanning for Open Source Software: Detection and Mitigation of Log4j Vulnerabilities

Automated detection of software vulnerabilities remains a critical challenge in software security. Log4j is an industrial-grade Java logging framework listed as one of the top 100 critical open source projects. On Dec. 10, 2021 a severe vulnerability Log4Shell was disclosed before being fully...

7.2AI score

Exploits0

NVD•added 2025/12/27 1:15 p.m.•1 views

CVE-2025-15107

A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic key . The attack is...

8.1CVSS0.00014EPSS

Exploits1References5

Vulnrichment•added 2025/12/19 4:2 p.m.•1 views

CVE-2025-14954 Open5GS QER/FAR/URR/PDR context.c ogs_pfcp_qer_find_or_add assertion

A vulnerability has been found in Open5GS up to 2.7.6. Affected is the function ogspfcppdrfindoradd/ogspfcpfarfindoradd/ogspfcpurrfindoradd/ogspfcpqerfindoradd in the library lib/pfcp/context.c of the component QER/FAR/URR/PDR. The manipulation leads to reachable assertion. It is possible to...

6.3CVSS4.3AI score0.00063EPSS

Exploits1References8

Hive Pro Threat Advisories•added 2025/11/13 6:8 p.m.•2 views

6 Best CTEM Vendors: A Head-to-Head Comparison

Your team just ran a vulnerability scan and now you’re staring at a list of thousands of CVEs. The big question is, what do you fix first? Relying on CVSS scores alone doesn’t tell you which of these vulnerabilities are actually exploitable in your environment or which ones protect your most...

6.4AI score

Exploits0

Vulnrichment•added 2025/10/27 2:2 p.m.•1 views

CVE-2025-12286 VeePN AVService avservice.exe unquoted search path

A weakness has been identified in VeePN up to 1.6.2. This affects an unknown function of the file C:\Program Files x86\VeePN\avservice\avservice.exe of the component AVService. This manipulation causes unquoted search path. The attack requires local access. A high degree of complexity is needed f...

7.3CVSS5.7AI score0.00006EPSS

Exploits0References5

MSRC•added 2025/10/22 12:0 a.m.•4 views

Toward greater transparency: Introducing machine-readable Vulnerability Exploitability Xchange (VEX) for Azure Linux and beyond

Microsoft is now publishing standard attestations about third-party CVEs through the Vulnerability Exploitability eXchange VEX standard including vulnerabilities in embedded open-source software in Microsoft products and services and starting with the Azure Linux Distribution formerly CBL-Mariner...

6.9AI score

Exploits0

Cvelist•added 2025/10/19 8:32 a.m.•8 views

CVE-2025-11940 LibreWolf Installer setup.nsi uncontrolled search path

A security vulnerability has been detected in LibreWolf up to 143.0.4-1 on Windows. This affects an unknown function of the file assets/setup.nsi of the component Installer. Such manipulation leads to uncontrolled search path. The attack must be carried out locally. Attacks of this nature are...

7.3CVSS0.00013EPSS

Exploits0References6

Qualys Blog•added 2025/10/15 2:15 p.m.•2 views

Bringing the Power of Agentic AI for Identity Risk, Adaptive Threat Prioritization, and Exposure Exploitability Validation

Qualys Enterprise TruRisk Management ETM extends the power of risk operations with agentic AI — Introducing ETM Identity, TruLens for industry-based threat prioritization, and TruConfirm exposure exploitability validation to accelerate your remediation. Every year at our yearly conference, now...

6.7AI score

Exploits0

Qualys Blog•added 2025/10/15 2:10 p.m.•6 views

Introducing TruConfirm for Enterprise TruRisk™ Management: Automated Exposure Validation

Enterprise security leaders and their teams face an impossible challenge: drowning in thousands of critical exposures in an ever-expanding attack surface while simultaneously trying to determine which ones pose a genuine risk of exploitation in their organizational environment. Traditional CVSS...

6.4AI score

Exploits0

Vulnrichment•added 2025/10/12 10:2 p.m.•1 views

CVE-2025-11648 Tomofun Furbo 360/Furbo Mini GATT Interface URL TF_FQDN.json server-side request forgery

A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. Impacted is an unknown function of the file TFFQDN.json of the component GATT Interface URL Handler. Such manipulation leads to server-side request forgery. The attack may be performed from remote. Attacks of this nature are high...

6.3CVSS5.4AI score0.00086EPSS

Exploits1References4

OSV•added 2025/10/12 7:15 p.m.•2 views

CVE-2025-11641

A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. This impacts an unknown function of the component Trial Restriction Handler. This manipulation causes improper access controls. It is feasible to perform the attack on the physical device. The attack is considered to have high...

6.4CVSS5.4AI score

Exploits0References3

Cvelist•added 2025/10/12 3:2 p.m.•6 views

CVE-2025-11636 Tomofun Furbo 360 Account server-side request forgery

A security vulnerability has been detected in Tomofun Furbo 360 up to FB0035FW036. This issue affects some unknown processing of the component Account Handler. Such manipulation leads to server-side request forgery. The attack can be executed remotely. This attack is characterized by high...

6.3CVSS0.00041EPSS

Exploits0References3