CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

IBM Security Bulletins•added 2026/03/17 11:59 a.m.•11 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses fontTools dependency which is vulnerable to CVE-2025-66034.

Summary IBM Maximo Application Suite - Visual Inspection Component uses fontTools dependency which is vulnerable to CVE-2025-66034. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-66034 DESCRIPTION: fontTools is a library fo...

9.8CVSS6.4AI score0.00085EPSS

Exploits9Affected Software1

GithubExploit•added 2026/03/16 10:57 p.m.•147 views

Exploit for XML Injection (aka Blind XPath Injection) in Fonttools

No d...

9.8CVSS6.7AI score0.00085EPSS

Exploits9

IBM Security Bulletins•added 2026/02/02 4:22 a.m.•8 views

Security Bulletin: The IBM Maximo Application Suite AI-Service component uses multiple third-party dependencies that contain vulnerabilities associated with multiple CVEs.

Summary The IBM Maximo Application Suite AI-Service component uses"fonttools-4.44.3-cp311-cp311-manylinux217x8664.manylinux2014x8664.whl, fonttools-4.55.3-cp311-cp311-manylinux217x8664.manylinux2014x8664.whl, werkzeug-3.0.6-py3-none-any.whl, filelock-3.13.4-py3-none-any.whl,...

9.8CVSS6.7AI score0.00945EPSS

Exploits11Affected Software1

IBM Security Bulletins•added 2026/01/30 5:39 a.m.•13 views

Security Bulletin: IBM Maximo Application Suite uses werkzeug-3.1.3,fonttools-4.60.0-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl,lodash.clonedeep-4.5.0.tgz,js-yaml-4.1.0.tgz,mdast-util-towhich is vulnerable to multiple CVEs

Summary IBM Maximo Application Suite uses werkzeug-3.1.3-py3-none-any.whl, fonttools-4.60.0-cp311-cp311-manylinux2014x8664.manylinux217x8664.whl, lodash.clonedeep-4.5.0.tgz, js-yaml-4.1.0.tgz, mdast-util-towhich is vulnerable to CVE-2025-66221, CVE-2025-66034, CVE-2018-16487, CVE-2025-64718,...

9.8CVSS6.2AI score0.00468EPSS

Exploits11Affected Software1

Snyk•added 2025/11/29 1:40 a.m.•29 views

XML Injection

Overview fonttools is a Tools to manipulate font files Affected versions of this package are vulnerable to XML Injection via the main function in the fontTools/varLib/init.py file. An attacker can write files to the filesystem by supplying a specially crafted .designspace file. Remediation Upgrad...

9.8CVSS7.1AI score0.00085EPSS

Exploits9References2

Circl•added 2025/11/28 4:11 p.m.•10 views

CVE-2025-66034

creationtimestamp| type| source ---|---|--- 2025-11-28 16:11:02+00:00| published-proof-of-concept| https://github.com/fonttools/fonttools/security/advisories/GHSA-768j-98cg-p3fv 2025-11-29 17:58:20+00:00| seen|...

9.8CVSS7.1AI score0.00085EPSS

Exploits9References9

Tenable Nessus•added 2025/07/25 12:0 a.m.•2 views

NewStart CGSL MAIN 7.02 : fonttools Vulnerability (NS-SA-2025-0156)

The remote NewStart CGSL host, running version MAIN 7.02, has fonttools packages installed that are affected by a vulnerability: - fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker...

7.5CVSS7.5AI score0.00353EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by