CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

229 matches found

EUVD•added 2026/06/05 12:31 a.m.•9 views

EUVD-2026-34769

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension. Chromium security severity: Low...

5.8AI score0.00017EPSS

Exploits0References3

Redos•added 2026/06/05 12:0 a.m.•4 views

ROS-20260605-73-0094

The vulnerability in Firefox is related to insecure handling of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...

8.8CVSS5.4AI score0.00048EPSS

Exploits0

Debian CVE•added 2026/06/04 11:6 p.m.•8 views

CVE-2026-11308

6.3CVSS5.4AI score0.00017EPSS

Exploits0

NVD•added 2026/06/02 10:16 a.m.•8 views

CVE-2026-34907

Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting XSS due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a malicious URL with JavaScript embedded in the locale parameter and send it to a victim. When the victim opens the link, the...

5.1CVSS0.00062EPSS

Exploits0References2

Positive Technologies•added 2026/06/02 12:0 a.m.•6 views

PT-2026-45724

5.1CVSS5.7AI score0.00062EPSS

Exploits0References3

RedhatCVE•added 2026/01/24 3:17 a.m.•5 views

CVE-2025-67652

An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. The absence of robust encryption or secure handling mechanisms increases the likelihood of this type of exploitation, leavi...

6.1CVSS5.5AI score0.00006EPSS

Exploits0References1

ATTACKERKB•added 2026/01/22 10:17 p.m.•2 views

CVE-2025-67652

6.1CVSS5.4AI score0.00006EPSS

Exploits0References3

CNNVD•added 2026/01/12 12:0 a.m.•2 views

cpp-httplib 安全漏洞

cpp-httplib is an HTTP/HTTPS server and client library written in C++ by the individual developer yhirose. A security vulnerability exists in cpp-httplib versions prior to 0.30.1, which stems from insecure handling of compressed HTTP request bodies and could lead to a denial-of-service attack...

8.7CVSS6.4AI score0.00124EPSS

Exploits1References2

CNNVD•added 2026/01/08 12:0 a.m.•1 views

NiceGUI 跨站脚本漏洞

NiceGUI is an easy-to-use, Python-based UI framework from NiceGUI Open Source. A cross-site scripting vulnerability exists in NiceGUI versions 2.22.0 through 3.4.1, which stems from an insecure implementation of the click event listener and could lead to cross-site scripting attacks...

6.1CVSS5.8AI score0.00009EPSS

Exploits1References3

EUVD•added 2025/12/18 6:45 p.m.•3 views

EUVD-2025-204304

tinacms is vulnerable to arbitrary code execution...

8.6CVSS7.4AI score0.00069EPSS

Exploits1References3

OSV•added 2025/10/30 10:15 p.m.•2 views

CVE-2020-36868

Nagios XI versions prior to 5.7.3 contain a privilege escalation vulnerability in the getprofile.sh helper script. The script performed profile retrieval and initialization routines using insecure file/command handling and insufficient validation of attacker-controlled inputs, and in some...

7.8CVSS6AI score0.00053EPSS

Exploits0References2

Cvelist•added 2025/10/30 9:40 p.m.•4 views

CVE-2020-36868 Nagios XI < 5.7.3 Privilege escalation via Insecure getprofile.sh Script

8.5CVSS0.00053EPSS

Exploits0References2

CVE•added 2025/10/30 9:40 p.m.•12 views

CVE-2020-36868

Nagios XI prior to 5.7.3 has a privilege escalation in the getprofile.sh helper script. The script uses insecure file/command handling and insufficient validation of attacker-controlled inputs, and in some deployments can run with elevated privileges. A local attacker with low-level access could ...

8.5CVSS7.2AI score0.00053EPSS

Exploits0References2Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-30510

Malware in sbrugna...

7.8CVSS7.4AI score0.03883EPSS

Exploits0References2

CNNVD•added 2025/10/06 12:0 a.m.•1 views

Four-Faith Water Conservancy Informatization Platform 路径遍历漏洞

Four-Faith Water Conservancy Informatization Platform is a water conservancy informatization system from Four-Faith. A path traversal vulnerability exists in Four-Faith Water Conservancy Informatization Platform version 2.2 and prior versions, which stems from an incorrect manipulation of the...

6.9CVSS5.8AI score0.00077EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-2148

Malicious code in bioql PyPI...

4.4CVSS5AI score0.00369EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-1238

Malicious code in bioql PyPI...

9.8CVSS7.7AI score0.0085EPSS

Exploits0References8

Positive Technologies•added 2025/09/05 12:0 a.m.•3 views

PT-2025-36355

Name of the Vulnerable Software and Affected Versions Coder versions 2.22.0 through 2.24.3 Coder versions 2.25.0 and 2.25.1 Description Coder allows organizations to provision remote development environments via Terraform. In affected versions, Coder can be compromised through insecure session...

9.9CVSS6.7AI score0.50933EPSS

Exploits20References53

OSV•added 2025/07/28 7:57 p.m.•2 views

GO-2025-3812 File Browser’s insecure JWT handling can lead to session replay attacks after logout in github.com/filebrowser/filebrowser

File Browser’s insecure JWT handling can lead to session replay attacks after logout in github.com/filebrowser/filebrowser...

9.8CVSS6.1AI score0.0059EPSS

Exploits1References3

RedhatCVE•added 2025/05/22 6:0 a.m.•4 views

CVE-2010-3373

paxtest handles temporary files insecurely...

5.5CVSS7AI score0.00141EPSS

Exploits0References1