CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3132 matches found

Cvelist•added 2025/10/16 12:0 a.m.•6 views

CVE-2025-61541

Webmin 2.510 is vulnerable to a Host Header Injection in the password reset functionality forgotsend.cgi. The reset link sent to users is constructed using the HTTP Host header via getwebminemailurl. An attacker can manipulate the Host header to inject a malicious domain into the reset email. If ...

0.00057EPSS

Exploits1References3

EUVD•added 2025/10/15 9:31 p.m.•3 views

EUVD-2025-34693

Improper certificate validation when connecting to gateways in Devolutions Server 2025.3.2 and earlier allows attackers in MitM position to intercept traffic...

8.8CVSS6.3AI score0.00026EPSS

Exploits0References2

Snyk•added 2025/10/15 5:39 p.m.•1 views

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength via the SMTP process. An attacker can intercept sensitive information by performing a man-in-the-middle attack that prevents the use of TLS, causing data to be sent over an unencrypted connection...

8.2CVSS8.6AI score0.0003EPSS

Exploits0References2

NVD•added 2025/10/15 3:16 p.m.•1 views

CVE-2025-6026

An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client UDC that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data...

3.1CVSS0.0001EPSS

Exploits0References1

EUVD•added 2025/10/15 2:25 p.m.•1 views

EUVD-2025-34617

An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client UDC that could allow a user capable of intercepting network traffic to obtain encrypted application metadata, including device information, geolocation, and telemetry data...

3.1CVSS6.2AI score0.0001EPSS

Exploits0References2

RedhatCVE•added 2025/10/15 1:45 p.m.•3 views

CVE-2025-41705

An unauthenticated remote attacker MITM can intercept the websocket messages to gain access to the login credentials for the Webfrontend...

6.8CVSS7.3AI score0.00038EPSS

Exploits0References1

Vulnrichment•added 2025/10/14 8:5 a.m.•2 views

CVE-2025-41705 Phoenix Contact: WebSocket Message Interception Leaks Webfrontend Credentials

An unauthenticated remote attacker MITM can intercept the websocket messages to gain access to the login credentials for the Webfrontend...

6.8CVSS6.9AI score0.00038EPSS

Exploits0References1

Cvelist•added 2025/10/14 8:5 a.m.•7 views

CVE-2025-41705 Phoenix Contact: WebSocket Message Interception Leaks Webfrontend Credentials

An unauthenticated remote attacker MITM can intercept the websocket messages to gain access to the login credentials for the Webfrontend...

6.8CVSS0.00038EPSS

Exploits0References1

CNNVD•added 2025/10/14 12:0 a.m.•2 views

Phoenix Contact QUINT4-UPS/24DC/24DC/10/EIP 安全漏洞

The Phoenix Contact QUINT4-UPS/24DC/24DC/10/EIP is an industrial grade DC uninterruptible power supply module from Phoenix Contact, Germany. A security vulnerability exists in the Phoenix Contact QUINT4-UPS/24DC/24DC/10/EIP that originates from an unauthenticated, remote attacker who can obtain...

6.8CVSS6.8AI score0.00038EPSS

Exploits0References2

Vulnrichment•added 2025/10/08 12:49 a.m.•1 views

CVE-2025-48981

An insecure implementation of the proprietary protocol DNET in Product CGM MEDICO allows attackers within the intranet to eavesdrop and manipulate data on the protocol because encryption is optional for this connection...

6.5AI score0.00023EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-12264

Malware in sbrugna...

7.5CVSS7.6AI score0.00137EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-6777

Malware in sbrugna...

4.3CVSS4.6AI score0.00111EPSS

Exploits0References2