CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-12356

Malicious code in bioql PyPI...

9.1CVSS6.5AI score0.00164EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-12360

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.0012EPSS

Exploits0References3

RedhatCVE•added 2025/04/26 5:29 a.m.•6 views

CVE-2025-28103

Incorrect access control in laskBlog v2.6.1 allows attackers to arbitrarily delete user accounts via a crafted request...

6.4CVSS6.8AI score0.0012EPSS

Exploits0References1

RedhatCVE•added 2025/04/26 5:5 a.m.•12 views

CVE-2025-28104

Incorrect access control in laskBlog v2.6.1 allows attackers to access all usernames via a crafted input...

9.1CVSS6.8AI score0.00164EPSS

Exploits1References1

NVD•added 2025/04/21 6:15 p.m.•6 views

CVE-2025-28103

Incorrect access control in laskBlog v2.6.1 allows attackers to arbitrarily delete user accounts via a crafted request...

6.4CVSS0.0012EPSS

Exploits0References2

OSV•added 2025/04/21 6:15 p.m.•2 views

CVE-2025-28104

Incorrect access control in laskBlog v2.6.1 allows attackers to access all usernames via a crafted input...

9.1CVSS7AI score

Exploits0References2

OSV•added 2025/04/21 6:15 p.m.•1 views

CVE-2025-28103

Incorrect access control in laskBlog v2.6.1 allows attackers to arbitrarily delete user accounts via a crafted request...

6.4CVSS7AI score

Exploits0References2

NVD•added 2025/04/21 6:15 p.m.•7 views

CVE-2025-28104

Incorrect access control in laskBlog v2.6.1 allows attackers to access all usernames via a crafted input...

9.1CVSS0.00164EPSS

Exploits1References2

Vulnrichment•added 2025/04/21 12:0 a.m.•8 views

CVE-2025-28104

Incorrect access control in laskBlog v2.6.1 allows attackers to access all usernames via a crafted input...

9AI score0.00164EPSS

Exploits1References2

CVE•added 2025/04/21 12:0 a.m.•47 views

CVE-2025-28104

The CVE-2025-28104 entry concerns FlaskBlog (laskBlog) v2.6.1 with an incorrect access control flaw that lets an attacker retrieve all usernames through a crafted input. Multiple connected sources (Red Hat, NVD, CVE lists, PT Security, CNNVD, OSV, CIRCL, and others) corroborate the issue, describ...

9.1CVSS6.7AI score0.00164EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2025/04/21 12:0 a.m.•4 views

CVE-2025-28103

Incorrect access control in laskBlog v2.6.1 allows attackers to arbitrarily delete user accounts via a crafted request...

6.8AI score0.0012EPSS

Exploits0References2

CVE•added 2025/04/21 12:0 a.m.•50 views

CVE-2025-28103

CVE-2025-28103 affects laskBlog v2.6.1. The root cause is incorrect access control, enabling attackers to arbitrarily delete user accounts via a crafted request. The CVE entry notes a medium severity (CVSS v3.1: 6.4; Network exposure, Low confidentiality/integrity impact, no availability impact)....

6.4CVSS6.8AI score0.0012EPSS

Exploits0References2Affected Software1