CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2025/11/06 8:11 p.m.•13 views

CVE-2025-12488

The CVE-2025-12488 issue affects oobabooga text-generation-webui. The vulnerability is caused by improper validation of the trust_remote_code argument in the /load endpoint, allowing an attacker to load a model with untrusted input and execute arbitrary code in the service account context. Auth i...

9.8CVSS7.5AI score0.01364EPSS

Malwarebytes•added 2025/11/06 7:39 p.m.•4 views

Hackers commit highway robbery, stealing cargo and goods

There’s a modern-day train heist happening across America, and this time, some of the bandana-masked robbers are sitting behind screens. According to new research, a group of cybercriminals has been attacking trucking, freight, and logistics companies for months, impersonating brands and even...

7.1AI score

Exploits0

EUVD•added 2025/11/06 6:32 p.m.•2 views

EUVD-2025-38129

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Processby Lazy Load Optimizer lazy-load-optimizer allows PHP Local File Inclusion.This issue affects Lazy Load Optimizer: from n/a through = 1.4.7...

7.5CVSS6.6AI score0.00113EPSS

NVD•added 2025/11/06 4:16 p.m.•1 views

CVE-2025-60074

7.5CVSS0.00113EPSS

Vulnrichment•added 2025/11/06 3:54 p.m.•1 views

CVE-2025-60074 WordPress Lazy Load Optimizer plugin <= 1.4.7 - Local File Inclusion vulnerability

7.5CVSS6.7AI score0.00113EPSS

CVE•added 2025/11/06 3:54 p.m.•5 views

CVE-2025-60074

CVE-2025-60074 affects the WordPress Lazy Load Optimizer plugin (

7.5CVSS6.7AI score0.00113EPSS

Cvelist•added 2025/11/06 3:54 p.m.•5 views

CVE-2025-60074 WordPress Lazy Load Optimizer plugin <= 1.4.7 - Local File Inclusion vulnerability

7.5CVSS0.00113EPSS

CNNVD•added 2025/11/06 12:0 a.m.•1 views

WordPress plugin Lazy Load Optimizer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A security...

7.5CVSS6.7AI score0.00113EPSS

CNNVD•added 2025/11/06 12:0 a.m.•1 views

Text Generation Web UI 安全漏洞

Text Generation Web UI is a UI interface for native AI by oobabooga individual developers. A security vulnerability exists in Text Generation Web UI that stems from improper handling of the trustremotecode parameter in the load endpoint, which could lead to remote code execution...

9.8CVSS9.5AI score0.01364EPSS

Positive Technologies•added 2025/11/06 12:0 a.m.•3 views

PT-2025-45259

7.5CVSS7.1AI score0.00113EPSS

RedhatCVE•added 2025/11/05 2:14 a.m.•3 views

CVE-2025-43496

The issue was addressed by adding additional logic. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Remote content may be loaded even when the 'Load Remote Images' setting is turned off...

7.5CVSS6.5AI score0.00073EPSS

Tenable Nessus•added 2025/11/05 12:0 a.m.•1 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989195)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989195 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Fix kvmarchvcpuioctl vcpuload leak vcpuput is not called if the user copy fails. This c...

5.5CVSS6.1AI score0.00011EPSS

Tenable Nessus•added 2025/11/05 12:0 a.m.•2 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990150)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990150 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: emux: improve patch ioctl data validation In loaddata, make the validation of and skipping...

5.5CVSS6AI score0.0002EPSS

Tenable Nessus•added 2025/11/05 12:0 a.m.•1 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988699)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988699 advisory. In the Linux kernel, the following vulnerability has been resolved: dmaengine: imx-sdma: Fix a possible memory leak in sdmatransferinit If the function sdmaloadconte...

5.5CVSS5.9AI score0.00016EPSS

Tenable Nessus•added 2025/11/05 12:0 a.m.•2 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990330)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990330 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: emux: improve patch ioctl data validation In loaddata, make the validation of and skipping...

5.5CVSS6AI score0.0002EPSS

NVD•added 2025/11/04 12:15 p.m.•3 views

CVE-2025-12493

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.2.5 via the 'loadtemplate' function. This makes it possible for unauthenticated...

9.8CVSS0.00449EPSS

Vulnrichment•added 2025/11/04 11:19 a.m.•3 views

CVE-2025-12493 ShopLentor <= 3.2.5 - Unauthenticated Local PHP File Inclusion via 'load_template'

9.8CVSS6.9AI score0.00449EPSS

NVD•added 2025/11/04 2:15 a.m.•1 views

CVE-2025-43496

7.5CVSS0.00073EPSS

OSV•added 2025/11/04 2:15 a.m.•1 views

CVE-2025-43496

The issue was addressed by adding additional logic. This issue is fixed in watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, visionOS 26.1. Remote content may be loaded even when the 'Load Remote Images' setting is turned off...

7.5CVSS5.8AI score0.00073EPSS