CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9157 matches found

CNNVD•added 2025/12/14 12:0 a.m.•1 views

SnailJob 安全漏洞

SnailJob is a flexible, reliable and efficient distributed task retrying and task scheduling platform from aizuda open source. A security vulnerability exists in SnailJob 1.6.0 and earlier versions, which stems from a change to the file...

6.5CVSS6.5AI score0.00015EPSS

Exploits0References6

CNNVD•added 2025/12/12 12:0 a.m.•1 views

WordPress plugin NewStatPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripti...

6.4CVSS5.8AI score0.00031EPSS

Exploits0References2

Mageia•added 2025/12/04 11:29 p.m.•3 views

Updated xkbcomp packages fix security vulnerabilities

Endless recursion in xkbcomp/expr.c resulting in a crash. CVE-2018-15853 NULL pointer dereference when parsing invalid atoms in ExprResolveLhs resulting in a crash. CVE-2018-15859 NULL pointer dereference in ExprResolveLhs resulting in a crash. CVE-2018-15861 NULL pointer dereference in...

5.5CVSS7AI score0.0008EPSS

Exploits0References2

OSV•added 2025/12/04 11:29 p.m.•2 views

MGASA-2025-0321 Updated xkbcomp packages fix security vulnerabilities

5.5CVSS6.8AI score0.0008EPSS

Exploits0References3

IBM Security Bulletins•added 2025/12/04 7:2 a.m.•6 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-5197.

Summary IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-5197. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-5197 DESCRIPTION: A Regular Expression Deni...

5.3CVSS6.4AI score0.00096EPSS

Exploits1Affected Software1

OSV•added 2025/12/03 9:5 a.m.•5 views

RLSA-2023:2654 Moderate: nodejs:18 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18.14.2. Security Fixes: glob-parent: Regular Expression Denial of Service...

8.6CVSS7.5AI score0.00416EPSS

Exploits5References9

CNVD•added 2025/12/03 12:0 a.m.•8 views

Grav Code Execution Vulnerability

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a code execution vulnerability that stems from malicious Twig expression injection, which can be exploited by an attacker to cause...

8.8CVSS8.8AI score0.00475EPSS

Exploits1References1

Snyk•added 2025/12/02 6:39 a.m.•3 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the validatequery routine used for FTS5 query validation. The regular expression used to tokenize user-supplied search strings contains nested repetition, allowing crafted input to trigger...

6.9CVSS6.6AI score

Exploits0References3

EUVD•added 2025/12/02 12:46 a.m.•1 views

EUVD-2025-200105

Grav vulnerable to Denial of Service via Improper Input Handling in 'Supported' Parameter...

6.9CVSS6.3AI score0.00065EPSS

Exploits1References3

Github Security Blog•added 2025/12/02 12:46 a.m.•5 views

Grav vulnerable to Denial of Service via Improper Input Handling in 'Supported' Parameter

Endpoint: admin/config/system Submenu: Languages Parameter: Supported Application: Grav v 1.7.48 --- Summary A Denial of Service DoS vulnerability was identified in the "Languages" submenu of the Grav admin configuration panel /admin/config/system. Specifically, the Supported parameter fails to...

6.9CVSS6.2AI score0.00065EPSS

Exploits1References4Affected Software1

OSV•added 2025/12/02 12:36 a.m.•2 views

GHSA-X62Q-P736-3997 Grav is vulnerable to a DOS on the admin panel

DOS on the admin panel Severity Rating: Medium Vector: Denial Of Service CVE: XXX CWE: 400 - Uncontrolled Resource Consumption CVSS Score: 4.9 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Analysis A Denial of Service DoS vulnerability has been identified in the application related to...

4.9CVSS6.8AI score0.00138EPSS

Exploits1References4

EUVD•added 2025/12/02 12:36 a.m.•3 views

EUVD-2025-200107

Grav is vulnerable to a DOS on the admin panel...

4.9CVSS6.4AI score0.00138EPSS

Exploits1References3

Snyk•added 2025/12/01 11:2 p.m.•1 views

Denial of Service (DoS)

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Denial of Service DoS via improper handling of the scheduledat parameter. An attacker can cause the admin panel to become non-functional by...

6.9CVSS7AI score0.00138EPSS

Exploits1References2

NVD•added 2025/12/01 10:15 p.m.•1 views

CVE-2025-66305

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Denial of Service DoS vulnerability was identified in the "Languages" submenu of the Grav admin configuration panel /admin/config/system. Specifically, the Supported parameter fails to properly validate user input. If a malformed value ...

6.9CVSS0.00065EPSS

Exploits1References2

NVD•added 2025/12/01 10:15 p.m.•2 views

CVE-2025-66303

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A Denial of Service DoS vulnerability has been identified in Grav related to the handling of scheduledat parameters. Specifically, the application fails to properly sanitize input for cron expressions. By manipulating the scheduledat...

4.9CVSS0.00138EPSS

Exploits1References2