CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2025/09/29 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2025-10923

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected...

7.8CVSS7.6AI score0.00371EPSS

Tenable Nessus•added 2025/09/29 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2025-60019

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - glib-networking's OpenSSL backend fails to properly check the return value of memory allocation routines. An out of memory condition could potentially result in...

3.7CVSS5.5AI score0.00331EPSS

Tenable Nessus•added 2025/09/29 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2025-59432

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication...

8.7CVSS6AI score0.00835EPSS

Exploits0References4

Patchstack•added 2025/09/26 12:0 a.m.•5 views

WordPress XStore Theme <= 9.5.3 is vulnerable to Content Injection

Software XStore Type Theme Vulnerable versions = 9.5.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2025-60100 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 55131c12c2eb Credits Rafie Muhammad Patchstack Required privilege...

5.3CVSS6.3AI score0.00273EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/09/25 5:47 p.m.•6 views

CVE-2025-48867

Horilla is a free and open source Human Resource Management System HRMS. A stored cross-site scripting XSS vulnerability in Horilla HRM 1.3.0 allows authenticated admin or privileged users to inject malicious JavaScript payloads into multiple fields in the Project and Task modules. These payloads...

4.8CVSS5.7AI score0.00223EPSS

RedhatCVE•added 2025/09/25 5:47 p.m.•6 views

CVE-2025-48869

Horilla is a free and open source Human Resource Management System HRMS. Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive...

7.5CVSS6.4AI score0.00407EPSS

RedhatCVE•added 2025/09/25 2:54 a.m.•7 views

CVE-2025-10548

The CleverControl employee monitoring software v11.5.1041.6 fails to validate TLS server certificates during the installation process. The installer downloads and executes external components using curl.exe --insecure, enabling a man-in-the-middle attacker to deliver malicious files that are...

6.5CVSS7.9AI score0.00351EPSS

Exploits0References1

Tenable Nessus•added 2025/09/25 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2025-39887

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix null-ptr-deref in bitmapparselist A crash was observed with the...

5.5CVSS5.8AI score0.00119EPSS

Exploits0References3

Tenable Nessus•added 2025/09/25 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2023-53428

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: powercap: armscmi: Remove recursion while parsing zones Powercap zones can be defined as...

5.5CVSS6.1AI score0.00147EPSS

Tenable Nessus•added 2025/09/25 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2025-59691

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside the VPN tunnel upon network events such as Wi-Fi reconnect or...

3.7CVSS5.8AI score0.00203EPSS

Tenable Nessus•added 2025/09/25 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2025-9905

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .h5/.hdf5 mod...

7.3CVSS7.8AI score0.00205EPSS

NVD•added 2025/09/24 6:15 p.m.•5 views

CVE-2025-48867

4.8CVSS0.00223EPSS

NVD•added 2025/09/24 6:15 p.m.•3 views

CVE-2025-48869

7.5CVSS0.00407EPSS

Vulnrichment•added 2025/09/24 5:25 p.m.•3 views

CVE-2025-48867 Horilla Stored Cross-Site Scripting (XSS) Vulnerability in Project and Task Modules

4.8CVSS5.3AI score0.00223EPSS

CVE•added 2025/09/24 5:25 p.m.•18 views

CVE-2025-48867

CVE-2025-48867 describes a stored cross-site scripting (XSS) vulnerability in Horilla HRM 1.3.0. The issue allows authenticated admin/privileged users to inject malicious JavaScript into multiple fields in the Project and Task modules; payloads are stored in the database and execute when viewed b...

4.8CVSS5.3AI score0.00223EPSS

Exploits1References1Affected Software1

OSV•added 2025/09/24 5:25 p.m.•6 views

CVE-2025-48867 Horilla Stored Cross-Site Scripting (XSS) Vulnerability in Project and Task Modules

4.8CVSS5.7AI score0.00223EPSS

OSV•added 2025/09/24 5:17 p.m.•4 views

CVE-2025-48869 Horilla Unauthorized Access to Candidate Resume Files Due to Broken Access Control

7.5CVSS6.5AI score0.00407EPSS