CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25 matches found

EUVD•added 2026/06/15 8:19 p.m.•5 views

EUVD-2026-36887

Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot = 1.3.7 versions...

9.8CVSS5.3AI score0.00383EPSS

Exploits0References1

Cvelist•added 2026/04/13 7:15 a.m.•28 views

CVE-2026-0234 Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources...

9.2CVSS0.00236EPSS

Exploits0References1

CNNVD•added 2026/04/10 12:0 a.m.•7 views

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained security vulnerabilities. These vulnerabilities stemmed from the MCP integration, which inherited complete environment variables when executing commands provid...

5.5CVSS5.8AI score0.00182EPSS

Exploits0References2

OSV•added 2026/03/26 6:41 p.m.•1 views

GHSA-MR6Q-RP88-FX84 Astro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path`

Summary The @astrojs/vercel serverless entrypoint reads the x-astro-path header and xastropath query parameter to rewrite the internal request path, with no authentication whatsoever. On deployments without Edge Middleware, this lets anyone bypass Vercel's platform-level path restrictions entirel...

6.5CVSS6.7AI score0.00331EPSS

Exploits1References7

CVE•added 2025/10/23 3:38 a.m.•10 views

CVE-2025-47699

CVE-2025-47699 affects Gallagher Command Centre Server via the Morpho integration. Root cause: Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497). Affected versions: 9.30 before 9.30.2482 (MR2), 9.20 before 9.20.2819 (MR4), 9.10 before 9.10.3672 (MR7), 9.00 befor...

9.9CVSS6AI score0.00309EPSS

Exploits0References1

Cvelist•added 2025/10/23 3:38 a.m.•9 views

CVE-2025-47699

Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-497 in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre Server: 9.30 prior to...

9.9CVSS0.00309EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-0284

Malware in sbrugna...

9.3CVSS8.1AI score0.01682EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-8355

Malware in sbrugna...

9.8CVSS9.2AI score0.00765EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-15337

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.00974EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2025-7828

Malicious code in bioql PyPI...

7.1CVSS9.2AI score0.00143EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-35026

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00191EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2024-34029

Malicious code in bioql PyPI...

6.4CVSS8.8AI score0.004EPSS

Exploits0References3

Cvelist•added 2025/07/19 4:23 a.m.•8 views

CVE-2025-7696 Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.2.3 - Unauthenticated PHP Object Injection via verify_field_val Function

The Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.3 via deserialization of untrusted input within the verifyfieldval function. This makes it possible for...

9.8CVSS0.01033EPSS

Exploits0References4

NVD•added 2025/07/17 11:15 a.m.•6 views

CVE-2025-3415

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01,...

4.3CVSS0.0089EPSS

Exploits0References1

RedhatCVE•added 2025/06/01 5:35 a.m.•6 views

CVE-2025-4659

The Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to retrieve the full path of the web...

5.3CVSS6.6AI score0.00273EPSS

Exploits0References1

RedhatCVE•added 2025/02/05 8:16 a.m.•9 views

CVE-2024-47881

OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the database extension, the "enableloadextension" property can be set for the SQLite integration, enabling an attacker to load local or remote extension DLLs and so run...

8.8CVSS7.2AI score0.00658EPSS

Exploits1References1

Microsoft CVE•added 2025/01/14 8:0 a.m.•26 views

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

...

7.8CVSS7.1AI score0.0153EPSS

Exploits0

Vulnrichment•added 2024/09/12 12:57 p.m.•13 views

CVE-2024-45847

An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration...

8.8CVSS7.6AI score0.00851EPSS

Exploits1References1

CNVD•added 2024/07/02 12:0 a.m.•8 views

IBM InfoSphere Information Server Server Side Request Forgery Vulnerability

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. IBM InfoSphere Information Server has a server-side request forgery vulnerability that can be...

5.4CVSS6.2AI score0.00235EPSS

Exploits0References1