CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/13 12:0 a.m.•5 views

ShellHub 安全漏洞

ShellHub is an open-source remote device access and management platform developed by ShellHub. Versions of ShellHub prior to 0.24.2 contained security vulnerabilities. These vulnerabilities stemmed from the GET /api/devices/:uid request, which returned the complete device object for any...

6.5CVSS5.9AI score0.00035EPSS

Exploits1References1

Snyk•added 2026/04/03 5:21 p.m.•4 views

Use of GET Request Method With Sensitive Query Strings

Overview @immich/sdk is an Auto-generated TypeScript SDK for the Immich API Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings via the transmission of authentication credentials in the password parameter within the HTTP request query string...

7.5CVSS5.9AI score0.00056EPSS

Snyk•added 2026/04/01 11:36 p.m.•1 views

Use of GET Request Method With Sensitive Query Strings

Overview Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings in the OAuth provider callback flow. An attacker can gain unauthorized access to sensitive information by intercepting refresh tokens exposed in URL query parameters through browser...

7.5CVSS5.8AI score0.00063EPSS

Snyk•added 2026/03/05 9:13 p.m.•2 views

Use of GET Request Method With Sensitive Query Strings

Overview Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings in the c.IsTokenAuth checks in API routes. An attacker can obtain sensitive access tokens by inspecting URL parameters in logs, browser history, or referrer headers. Remediation...

7.2CVSS5.8AI score0.00045EPSS

Exploits0References2

Drupal•added 2026/02/25 12:0 a.m.•8 views

Theme Negotiation by Rules - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-012

This module allows site builders to create so-called "themerule" config entities. These theme rules can render pages with different themes than the default when certain conditions match. The module uses simple GET request to disable or enable theme rules, which allows attackers to disable or enab...

4.3CVSS5.4AI score0.00021EPSS

Positive Technologies•added 2025/10/28 12:0 a.m.•3 views

PT-2025-44195

Name of the Vulnerable Software and Affected Versions jshERP versions prior to commit 90c411a Description An access control issue exists in the /jshERP-boot/user/info interface of jshERP. An attacker can obtain sensitive information by sending a specially crafted GET request to this interface. Th...

7.5CVSS6.5AI score0.00067EPSS

Exploits1References5

RedhatCVE•added 2025/10/10 1:57 a.m.•2 views

CVE-2025-11166

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to, and including, 9.0.46. This is due to the plugin exposing state-changing REST actions through an AJAX bridge without proper CSRF token validation, and having...

5.4CVSS5.9AI score0.00017EPSS

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2013-5329

Malware in sbrugna...

5CVSS6.4AI score0.0026EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-3185

Malware in sbrugna...

7.1CVSS6.9AI score0.00085EPSS

Exploits0References4

7.5CVSS6.6AI score0.00517EPSS

EUVD-2024-53624

Malicious code in bioql PyPI...

8.8CVSS8.8AI score0.00139EPSS

EUVD-2022-27697

Malicious code in bioql PyPI...

7.5CVSS6.8AI score0.00422EPSS

EUVD-2025-16143

Malicious code in bioql PyPI...

Exploits0References3

4.3CVSS4.8AI score0.00031EPSS

EUVD-2022-1929

Malicious code in bioql PyPI...

Exploits0References2

Tenable Nessus•added 2025/08/26 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2020-35381

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jsonparser 1.0.0 allows attackers to cause a denial of service panic: runtime error: slice bounds out of range via a GET call. CVE-2020-35381 Note that Nessus...

7.8CVSS7.2AI score0.00243EPSS

RedhatCVE•added 2025/05/23 10:6 a.m.•4 views

CVE-2024-28734

Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter...

6.1CVSS6.8AI score0.08596EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 9:13 p.m.•5 views

CVE-2021-36351

SQL Injection Vulnerability in Care2x Open Source Hospital Information Management 2.7 Alpha via the 1 pday, 2 pmonth, and 3 pyear parameters in GET requests sent to /modules/nursing/nursing-station.php...

9.8CVSS8.2AI score0.00477EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 5:0 p.m.•3 views

CVE-2020-15337

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests...

5.3CVSS7.1AI score0.00209EPSS

Exploits1

NVD•added 2025/04/30 7:15 p.m.•7 views

CVE-2024-9877

: Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4...

5.3CVSS0.00107EPSS