CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

558 matches found

CVE•added 2025/10/15 8:25 a.m.•30 views

CVE-2025-10041

The CVE-2025-10041 entry concerns the Flex QR Code Generator WordPress plugin. Affected versions include all up to and including 1.2.5, where missing file type validation in the save_qr_code_to_db() function allows unauthenticated arbitrary file uploads, potentially enabling remote code execution...

9.8CVSS7.2AI score0.00304EPSS

Exploits3References4

EUVD•added 2025/10/15 8:25 a.m.•15 views

EUVD-2025-34561

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesaveqrcodetodb function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS7.1AI score0.00304EPSS

Exploits3References4

CNVD•added 2025/10/15 12:0 a.m.•3 views

Online Job Search Engine postjob.php File SQL Injection Vulnerability

Online Job Search Engine is an online job search engine. Online Job Search Engine suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter txtjobID in the file /postjob.php. An attacker can exploit this...

9.8CVSS8.3AI score0.00042EPSS

Exploits1References1

RedhatCVE•added 2025/10/12 9:23 a.m.•10 views

CVE-2025-6553

The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the processcheckout function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS7.6AI score0.00499EPSS

Exploits0References1

CNNVD•added 2025/10/10 12:0 a.m.•1 views

FreeRTOS-Plus-TCP 安全漏洞

FreeRTOS-Plus-TCP is an extensible open source and thread-safe TCP/IP stack for FreeRTOS. A security vulnerability exists in FreeRTOS-Plus-TCP that stems from a lack of validation checks in the IPv6 packet processing code, which could lead to out-of-bounds reads...

5.4CVSS6.6AI score0.00056EPSS

Exploits0References3

EUVD•added 2025/10/07 12:37 p.m.•2 views

EUVD-2025-32870

A path traversal vulnerability was discovered in the Time Machine functionality due to missing validation of two input parameters. An authenticated user with limited privileges, by issuing a specifically-crafted request, can potentially alter the structure and content of files in the /data folder...

8.1CVSS6.2AI score0.00095EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-1670

Malware in sbrugna...

7.8CVSS7.7AI score0.00015EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-13231

Malware in sbrugna...

7.5CVSS7.8AI score0.0057EPSS

Exploits0References8

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-4938

Malware in sbrugna...

9.8CVSS9.2AI score0.0022EPSS

Exploits0References2

RedhatCVE•added 2025/10/04 11:53 a.m.•9 views

CVE-2025-9212

The WP Dispatcher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpdispatcherprocessupload function in all versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

7.5CVSS7.3AI score0.00276EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-30877

Malicious code in bioql PyPI...

9.8CVSS6.4AI score0.0076EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•9 views

EUVD-2025-28707

Malicious code in bioql PyPI...

7.2CVSS6.4AI score0.03592EPSS

Exploits2References5