CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8850 matches found

CNNVD•added 2025/10/22 12:0 a.m.•4 views

WordPress plugin SmilePure 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

8.1CVSS6.7AI score0.00488EPSS

Exploits0References1

CNNVD•added 2025/10/22 12:0 a.m.•5 views

WordPress plugin Medizin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

8.1CVSS6.7AI score0.00488EPSS

Exploits0References1

Positive Technologies•added 2025/10/22 12:0 a.m.•6 views

PT-2025-43280

Name of the Vulnerable Software and Affected Versions ThemeMove Businext versions prior to 2.4.4 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local...

8.2CVSS6.4AI score0.00488EPSS

Exploits0References4

Positive Technologies•added 2025/10/22 12:0 a.m.•3 views

PT-2025-43274

Name of the Vulnerable Software and Affected Versions Karzo versions prior to 2.6 Description The software contains a flaw related to improper control of filenames used in include/require statements, potentially leading to PHP Local File Inclusion. This allows for the inclusion of local files...

8.1CVSS6.4AI score0.00473EPSS

Exploits0References4

OSV•added 2025/10/17 5:40 p.m.•5 views

JLSEC-2025-83 An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

7.5CVSS7AI score0.01375EPSS

Exploits3References2

Veracode•added 2025/10/14 7:3 a.m.•5 views

Regular Expression Denial Of Service (ReDoS)

transformers is vulnerable to a Regular Expression Denial Of Service ReDoS. The vulnerability is due to the douseweightdecay method in the AdamWeightDecay optimizer processing user-controlled regular expressions in the includeinweightdecay and excludefromweightdecay lists, which allows an attacke...

7.5CVSS6.9AI score0.00467EPSS

Exploits1References5Affected Software1

Vulnrichment•added 2025/10/10 8:55 a.m.•2 views

CVE-2025-52655 HCL MyXalytics is affected by a Cross-Domain Script Include vulnerability.

Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6 allows Loading third-party scripts without integrity checks or validation can allow external code run in the application's context, risking data exposure...

3.1CVSS6.8AI score0.00171EPSS

Exploits0References1

CVE•added 2025/10/10 8:55 a.m.•8 views

CVE-2025-52655

CVE-2025-52655 affects HCL MyXalytics 6.6. The flaw is inclusion of functionality from an untrusted control sphere, allowing loading of third‑party scripts without integrity checks or validation. This can cause external code to run in the application's context, risking data exposure. Exploitation...

3.1CVSS6.8AI score0.00171EPSS

Exploits0References1