CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/04/08 8:52 a.m.•14 views

CVE-2026-25776

Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script...

9.8CVSS0.00066EPSS

Exploits0References3

Cvelist•added 2026/04/08 8:51 a.m.•14 views

CVE-2026-33088

Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability which may allow an attacker to execute an arbitrary SQL statement...

7.3CVSS0.00039EPSS

Exploits0References3

CNNVD•added 2026/04/08 12:0 a.m.•2 views

parseusbs 操作系统命令注入漏洞

Parseusbs is a USB connection recording and forensic analysis tool developed by Khyrenz Ltd. Versions of Parseusbs prior to 1.9 contained an operating system command injection vulnerability. This vulnerability stemmed from the LNK file path being passed to the os.popen shell command without prope...

8.5CVSS6AI score0.00027EPSS

Exploits0References4

vulnersOsv•added 2026/03/19 12:0 a.m.•10 views

acegisecurity:acegi-security (=0.7.0), acegisecurity:acegi-security-cas (=0.7.0) +5 more potentially affected by CVE-2026-22735 via springframework:spring-web (>=1.0.1 <=1.2.1)

springframework:spring-web MAVEN version =1.0.1, =1.0-rc2, =1.0-rc3 Source cves: CVE-2026-22735 Source advisory: SNYK:JAVA-SPRINGFRAMEWORK-15701758...

2.6CVSS5.8AI score0.00092EPSS

CVE•added 2026/02/19 11:55 a.m.•7 views

CVE-2025-9953

CVE-2025-9953 affects Databank Accreditation Software from DATABASE Software Training Consulting Ltd. The issue is an Authorization Bypass Through User-Controlled SQL Primary Key that enables SQL Injection. According to the description, the vulnerability involves SQL Injection via a user-controll...

9.8CVSS5.8AI score0.00016EPSS

Positive Technologies•added 2026/02/19 12:0 a.m.•3 views

PT-2026-20834

Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Training Consulting Ltd. Databank Accreditation Software allows SQL Injection.This issue affects Databank Accreditation Software: through 19022026. NOTE: The vendor was contacted early about this...

9.8CVSS5.8AI score0.00016EPSS

CVE•added 2026/02/18 5:2 p.m.•6 views

CVE-2026-2658

The CVE affects the newbee-ltd newbee-mall project (up to a069069b07027613bf0e7f571736be86f431faee) with an issue in the Unknown function of the Multiple Endpoints component. The described impact is cross-site request forgery (CSRF) arising from a manipulation of that function, with remote exploi...

5.3CVSS4.9AI score0.00012EPSS

Exploits0References15

RedhatCVE•added 2026/01/09 9:24 a.m.•3 views

CVE-2023-40197

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Devaldi Ltd flowpaper plugin = 1.9.9 versions...

6.5CVSS5.6AI score0.00105EPSS

RedhatCVE•added 2026/01/09 9:18 a.m.•3 views

CVE-2025-23777

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in willowsconsulting GDPR Personal Data Reports gdpr-personal-data-reports allows Stored XSS.This issue affects GDPR Personal Data Reports: from n/a through = 1.0.5...

6.5CVSS7.2AI score0.00335EPSS

RedhatCVE•added 2026/01/09 8:47 a.m.•2 views

CVE-2025-23701

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in limesquare Lime Developer Login lime-developer-login allows Reflected XSS.This issue affects Lime Developer Login: from n/a through = 1.4.0...

7.1CVSS7.2AI score0.00232EPSS

Positive Technologies•added 2025/11/28 12:0 a.m.•4 views

PT-2025-48337

Name of the Vulnerable Software and Affected Versions HCL Technologies Ltd. Unica version 12.0.0 Description A CSV formula injection issue exists in HCL Technologies Ltd. Unica. The issue allows for potential manipulation through crafted CSV files. Recommendations At the moment, there is no...

7.5CVSS6.8AI score0.00052EPSS

Exploits0References5

Vulnrichment•added 2025/11/28 12:0 a.m.•3 views

CVE-2025-51734

Cross-site scripting XSS vulnerability in HCL Technologies Ltd. Unica 12.0.0...

5.8AI score0.00032EPSS

EUVD•added 2025/11/12 3:4 a.m.•1 views

EUVD-2025-117254

Malicious code in ltd-blush-mockingbird npm...

OSSF Malicious Packages•added 2025/11/12 3:4 a.m.•2 views

Malicious code in ltd-blush-mockingbird (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74cc555f8cf4468a685484aef73571c94a18537eb2873f52557eee485c1a5907 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

EUVD•added 2025/11/12 3:4 a.m.•1 views

EUVD-2025-117253

Malicious code in ltd-sapphire-cat npm...

OSSF Malicious Packages•added 2025/11/11 8:46 p.m.•3 views

Malicious code in ltd_lamprey_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37bb4cb07fdc280c3172a47139f39058eca0dda24f22b5fc1657ad23d4d4cf19 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

EUVD•added 2025/11/11 8:46 p.m.•1 views

EUVD-2025-104065

Malicious code in ltdlampreyz3n npm...

EUVD•added 2025/11/11 8:11 p.m.•1 views

EUVD-2025-96696

Malicious code in ltdpenguinz3n npm...

OSSF Malicious Packages•added 2025/11/11 8:11 p.m.•2 views

Malicious code in ltd_penguin_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48bc99332f3f3df09e91908d3dcd1226631f31a3523d5fe9452a5c88dbbf4f34 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score