CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

RedhatCVE•added 2025/12/13 12:9 p.m.•2 views

CVE-2025-14159

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.2. This is due to missing nonce validation on the 'ayssccpresultsexportfile' AJAX action. This makes it possible for unauthenticated...

4.3CVSS4.8AI score0.00013EPSS

Exploits0References1

RedhatCVE•added 2025/04/17 11:22 p.m.•4 views

CVE-2025-24850

An attacker can export other users' plant information...

6.9CVSS6.9AI score0.00399EPSS

Exploits0References3

Vulnrichment•added 2025/04/15 9:33 p.m.•5 views

CVE-2025-24850 Growatt Cloud portal Authorization Bypass Through User-Controlled Key

An attacker can export other users' plant information...

6.9CVSS5.6AI score0.00399EPSS

Exploits0References1

RedhatCVE•added 2025/02/27 10:28 a.m.•20 views

CVE-2024-13693

The Enfold theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check in avia-export-class.php in all versions up to, and including, 6.0.9. This makes it possible for unauthenticated attackers to export all avia settings which may included sensitive...

5.3CVSS6.3AI score0.00353EPSS

Exploits0References1

OSV•added 2024/03/20 8:15 p.m.•0 views

CVE-2024-23721

A Directory Traversal issue was discovered in processpost on Draytek Vigor3910 4.3.2.5 devices. When sending a certain POST request, it calls the function and exports information...

7.5CVSS5.8AI score0.0117EPSS

Exploits0References2

Cvelist•added 2023/04/14 12:0 a.m.•11 views

CVE-2022-45180

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskDOMAIN/export endpoint. A malicious user, authenticated to the product without any specific privilege, can use the API for exporting information about all users of the system a...

6.5AI score0.00328EPSS

Exploits1References1

Prion•added 2018/04/27 4:29 p.m.•10 views

Code injection

Brookins Consulting BC Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data...

7.5CVSS7.4AI score0.03164EPSS

Exploits0References3Affected Software1

NVD•added 2018/04/27 4:29 p.m.•8 views

CVE-2014-2552

Brookins Consulting BC Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data...

9.8CVSS9.6AI score0.03164EPSS

Exploits0References3

Cvelist•added 2018/04/27 4:0 p.m.•9 views

CVE-2014-2552

Brookins Consulting BC Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data...

9.7AI score0.03164EPSS

Exploits0References3

CVE•added 2018/04/27 4:0 p.m.•32 views

CVE-2014-2552

The CVE-2014-2552 entry concerns Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0, which is described as not properly restricting access to sensitive data. The incident is exploitable remotely with network access and requires no authentication, enabling partial...

9.8CVSS9.4AI score0.03164EPSS

Exploits0References3Affected Software1

CNVD•added 2017/06/20 12:0 a.m.•2 views

Elasticsearch Logstash Denial of Service Vulnerability

Elasticsearch Logstash is a set of log analysis and monitoring tools from Elasticsearch Netherlands. The tool provides functions such as search, processing and management of logs or events. A security vulnerability exists in Elasticsearch Logstash versions prior to 2.3.3. A remote attacker can...

7.5CVSS6.7AI score0.00598EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by