CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1163 matches found

OSSF Malicious Packages•added 2025/11/11 12:41 a.m.•3 views

Malicious code in massive-salmon-baboon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3246680bbd074dc58285a221f35e5d20727fd2ba14b9f06103a2ed14592e824b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

Exploits0

OSV•added 2025/11/11 12:17 a.m.•3 views

MAL-2025-66015 Malicious code in vina-rawon69-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf68db031223ab7bd9b45177d2a58855fad6dff0a92bc8d0421b620dc4ce115a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score

Exploits0

OSV•added 2025/11/10 3:15 a.m.•3 views

CVE-2025-12865

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents...

8.7CVSS6AI score

Exploits0References2

EUVD•added 2025/11/10 2:19 a.m.•3 views

EUVD-2025-38732

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents...

8.8CVSS7.6AI score0.00314EPSS

Exploits0References3

EUVD•added 2025/11/10 2:15 a.m.•3 views

EUVD-2025-38733

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents...

8.8CVSS7.6AI score0.00314EPSS

Exploits0References3

Vulnrichment•added 2025/11/10 2:15 a.m.•4 views

CVE-2025-12864 e-Excellence｜U-Office Force - SQL Injection

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents...

8.8CVSS7.8AI score0.00314EPSS

Exploits0References2

RedhatCVE•added 2025/11/07 8:56 p.m.•3 views

CVE-2022-50590

SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of t...

8.8CVSS7AI score0.00317EPSS

Exploits0References1

NVD•added 2025/10/30 10:15 p.m.•5 views

CVE-2023-7322

Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in unintended access to data and actions exposed via the API. This incorrect authorization check coul...

8.7CVSS0.0087EPSS

Exploits0References2

Cvelist•added 2025/10/27 10:11 a.m.•6 views

CVE-2025-59461 API does not require authentication

A remote unauthenticated attacker may use the unauthenticated C++ API to access or modify sensitive data and disrupt services...

7.6CVSS0.00402EPSS

Exploits0References6

RedhatCVE•added 2025/10/22 8:18 p.m.•3 views

CVE-2025-53055

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: PIA Core Technology. Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

6.1CVSS5.5AI score0.002EPSS

Exploits0References1

RedhatCVE•added 2025/10/22 8:18 p.m.•4 views

CVE-2025-53058

Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite component: Application Logging Interfaces. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...

6.1CVSS5.5AI score0.0019EPSS

Exploits0References1

NVD•added 2025/10/21 8:20 p.m.•3 views

CVE-2025-53065

5.4CVSS0.002EPSS

Exploits0References1

NVD•added 2025/10/21 8:20 p.m.•3 views

CVE-2025-53060

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are 9.2.0.0-9.2.9.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseO...

6.1CVSS0.0019EPSS

Exploits0References1

NVD•added 2025/10/21 8:20 p.m.•2 views

CVE-2025-53055

6.1CVSS0.002EPSS

Exploits0References1

OSV•added 2025/10/21 8:20 p.m.•2 views

CVE-2025-53034

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: Platform. Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with...

5.4CVSS5.8AI score

Exploits0References1

EUVD•added 2025/10/21 8:2 p.m.•3 views

EUVD-2025-35282

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Workflow Notification Mailer. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow...

6.1CVSS5.1AI score0.0019EPSS

Exploits0References1

NVD•added 2025/10/08 1:15 a.m.•1 views

CVE-2025-48981

An insecure implementation of the proprietary protocol DNET in Product CGM MEDICO allows attackers within the intranet to eavesdrop and manipulate data on the protocol because encryption is optional for this connection...

8.6CVSS0.00109EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2014-0869

Malware in sbrugna...

4CVSS6.4AI score0.00842EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-1999-0656

Malware in sbrugna...

7.2CVSS6.4AI score0.00801EPSS

Exploits1References3