CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24701 matches found

Joomla! Component Love Factory 1.3.4 - Local File Inclusion

A directory traversal vulnerability in the Love Factory comlovefactory component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1957 info: name: Joomla! Component Love Factory 1.3.4 - Local File Inclusion...

7.5CVSS6AI score0.14847EPSS

Exploits1References5

Nuclei•added 16 hours ago•23 views

WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 - Cross-Site Scripting

WordPress Anti-Malware Security and Brute-Force Firewall plugin before 4.21.83 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in an admin dashboard. id: CVE-2022-2599 info: name: WordPress Anti-Malware Security an...

6.1CVSS6.2AI score0.00982EPSS

Exploits2References4

IBM Security Bulletins•added 2 days ago•26 views

Security Bulletin: Multiple Vulnerabilities identified in IBM Cloud Pak System

Summary Vulnerabilities identified in Cloud Pak System. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-38716 DESCRIPTION: IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the...

7.5CVSS6.1AI score0.00478EPSS

Exploits0Affected Software1

EUVD•added 2 days ago•7 views

EUVD-2026-38239

AIL did not restrict repeated failed attempts to verify a two-factor authentication OTP code. An attacker who had reached the 2FA verification step, such as after successfully completing the password-authentication stage, could submit an unlimited number of OTP guesses. This could enable...

5.1CVSS5.9AI score0.0033EPSS

Exploits0References1

Cvelist•added 2 days ago•31 views

CVE-2026-56450 AIL Framework - Missing Rate Limiting Enables Brute-Force Attacks Against Two-Factor Authentication Codes

5.1CVSS0.0033EPSS

Exploits0References1

The Hacker News•added 2 days ago•13 views

⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More

It’s Monday again. This week’s threat list looks painfully familiar: abused integrations, fake tools, poisoned websites, ransomware crews trying to shut down security tools, and mobile malware asking for way too much control. The annoying part is how little of this feels new. Weak credentials,...

7.2AI score

Exploits0

NVD•added 5 days ago•11 views

CVE-2017-20256

Joomla Survey Force Deluxe 3.2.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the invite parameter. Attackers can send GET requests to the component with crafted SQL payloads in the invite...

8.8CVSS0.00334EPSS

Exploits0References4

EUVD•added 5 days ago•5 views

EUVD-2017-18983

8.8CVSS6.2AI score0.00334EPSS

Exploits0References4

Cvelist•added 5 days ago•28 views

CVE-2017-20256 Joomla Survey Force Deluxe 3.2.4 SQL Injection via invite Parameter

8.8CVSS0.00334EPSS

Exploits0References4

CVE•added 5 days ago•10 views

CVE-2017-20256

Joomla Survey Force Deluxe 3.2.4 is affected by an SQL injection via the invite parameter, allowing unauthenticated attackers to run arbitrary SQL through crafted GET requests and potentially read sensitive database information. Impact is high (unauthenticated, network access, data confidentialit...

8.8CVSS6.2AI score0.00334EPSS

Exploits0References4

AstraLinux•added 5 days ago•1 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: acpi: typec: ucsi: Introduced a -pollcci method For the ACPI backend of UCSI, the UCSI “registers” are merely a memory copy of the register values in an opregion. The ACPI implementation in the BIOS ensures that the contents of t...

5.5CVSS6.2AI score0.00177EPSS

Exploits0References2

AstraLinux•added 5 days ago•6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/gup: Fixed the FOLLFORCE COW security issue and removed FOLLCOW. Since the Dirty COW CVE-2016-5195 security issue occurred, we know that FOLLFORCE can potentially be dangerous, especially if there are races that can be exploit...

7CVSS5.1AI score0.00142EPSS

Exploits0References2

AstraLinux•added 5 days ago•1 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: add a force flush to delay work when radeon Although radeon card fence and wait for gpu to finish processing current batch rings, there is still a corner case that radeon lockup work queue may not be fully flushed, an...

5.5CVSS6.1AI score0.00238EPSS

Exploits0References2

Tenable Nessus•added 6 days ago•5 views

Siemens SIPROTEC 5 Small Space of Random Values (CVE-2024-54017)

Affected devices do not use sufficiently random values to create session identifiers. This could allow an unauthenticated remote attacker to brute force a session identifier and gain read access to limited information from the web server without authorization. This plugin only works with...

6.9CVSS7.2AI score0.00306EPSS

Exploits0References6

NVD•added 2026/06/17 2:17 p.m.•6 views

CVE-2026-54813

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a through 1.8.0...

8.5CVSS0.00211EPSS

Exploits0References1

NVD•added 2026/06/17 1:20 p.m.•6 views

CVE-2026-48782

Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. In versions 1.56.0 through 1.101.0, 2.0.0b1, and 2.0.0b2, the cloud-metadata blocklist could be bypassed by encoding the metadata IP in an IPv6 transition form that the previous fix, CVE-2026-46678...

6.8CVSS0.00332EPSS

Exploits0References4