CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's SCTP Socket Control Transport Protocol implementation. Specifically, a null dereference can occur within the sctp disposition function, specifically...

3.8CVSS7.3AI score0.00066EPSS

Exploits0

RedhatCVE•added 2025/09/24 6:31 p.m.•3 views

CVE-2025-59592

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fernando Acosta Make Column Clickable Elementor make-column-clickable-elementor allows Stored XSS.This issue affects Make Column Clickable Elementor: from n/a through = 1.6.0...

6.5CVSS5.9AI score0.00042EPSS

Exploits0References1

RedhatCVE•added 2025/09/24 6:30 p.m.•2 views

CVE-2025-57984

Server-Side Request Forgery SSRF vulnerability in Pratik Ghela MakeStories for Google Web Stories makestories-helper allows Server Side Request Forgery.This issue affects MakeStories for Google Web Stories: from n/a through = 3.0.4...

4.4CVSS5.9AI score0.00072EPSS

Exploits0References1

NVD•added 2025/09/22 7:16 p.m.•2 views

CVE-2025-59592

6.5CVSS0.00042EPSS

Exploits0References1

Cvelist•added 2025/09/22 6:25 p.m.•15 views

CVE-2025-59592 WordPress Make Column Clickable Elementor Plugin <= 1.6.0 - Cross Site Scripting (XSS) Vulnerability

6.5CVSS0.00042EPSS

Exploits0References1

Vulnrichment•added 2025/09/22 6:25 p.m.•3 views

CVE-2025-59592 WordPress Make Column Clickable Elementor Plugin <= 1.6.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fernando Acosta Make Column Clickable Elementor allows Stored XSS. This issue affects Make Column Clickable Elementor: from n/a through 1.6.0...

6.5CVSS5.6AI score0.00042EPSS

Exploits0References1

CVE•added 2025/09/22 6:25 p.m.•17 views

CVE-2025-59592

CVE-2025-59592 corresponds to a stored XSS in the WordPress plugin Make Column Clickable for Elementor (≤1.6.0). The vulnerability arises from improper input neutralization during web page generation, enabling stored cross-site scripting when data is persisted. The entry indicates the issue is pr...

6.5CVSS5.9AI score0.00042EPSS

Exploits0References1

Patchstack•added 2025/09/22 6:23 p.m.•3 views

WordPress Make Column Clickable Elementor Plugin <= 1.6.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Ritsuy in WordPress Plugin Make Column Clickable Elementor versions = 1.6.0...

6.5CVSS6AI score0.00042EPSS

Exploits0Affected Software1

Positive Technologies•added 2025/09/22 12:0 a.m.•3 views

PT-2025-39062

Name of the Vulnerable Software and Affected Versions Make Column Clickable Elementor versions through 1.6.0 Description The software contains a flaw related to improper handling of user-supplied data when creating web pages, potentially leading to Cross-site Scripting XSS. This allows for the...

6.5CVSS6.3AI score0.00042EPSS

Exploits0References3

CVE•added 2025/09/19 3:26 p.m.•19 views

CVE-2025-39846

CVE-2025-39846 : In the Linux kernel, a NULL pointer dereference could occur in PCMCIΑ code during resource allocation. Specifically, __iodyn_find_io_region() assigns pcmcia_make_resource() to res and uses it in pci_bus_alloc_resource(); if pcmcia_make_resource() fails, a dereference of res could...

5.5CVSS6AI score0.00021EPSS

Exploits0References12Affected Software1

CNNVD•added 2025/09/19 12:0 a.m.•1 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unchecked pcmciamakeresource return value, which could result in a null pointer dereference...

5.5CVSS5.9AI score0.00021EPSS

Exploits0References9

Vulnrichment•added 2025/09/17 7:41 p.m.•1 views

CVE-2025-59349 Directories created via os.MkdirAll are not checked for permissions

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, DragonFly2 uses the os.MkdirAll function to create certain directory paths with specific access permissions. This function does not perform any permission checks when a given directory path...

5.1CVSS6AI score0.00031EPSS

Exploits0References2

RedhatCVE•added 2025/09/06 9:27 a.m.•5 views

CVE-2025-6085

The Make Connector plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'uploadmedia' function in all versions up to, and including, 1.5.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to...

7.2CVSS7.4AI score0.01338EPSS

Exploits1References1

Tenable Nessus•added 2025/09/06 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2025-38710

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gfs2: Validate idepth for exhash directories A fuzzer test introduced corruption that ends up with a depth of 0 in direread, causing an undefined shift by 32 a...

5.5CVSS6AI score0.00019EPSS

Exploits0References4

CVE•added 2025/09/04 3:33 p.m.•29 views

CVE-2025-38710

CVE-2025-38710 (gfs2 depth validation) : Linux kernel fix for exhash directories in GFS2. A fuzzer caused a depth of 0 in dir_e_read(), triggering an undefined shift by 32 in index = hash >> (32 - dip->i_depth). The minimum exhash depth is ilog2(sdp->sd_hash_ptrs) and 0 is invalid sin...

5.5CVSS5.9AI score0.00019EPSS

Exploits0References8Affected Software1