CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2025/10/27 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2025-40020

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - can: peakusb: fix shift-out-of-bounds issue Explicitly uses a 64-bit constant when the number of bits used for its shifting is 32 which is the case for PC CAN F...

7.3AI score0.00063EPSS

Positive Technologies•added 2025/10/27 12:0 a.m.•1 views

PT-2025-44004

Name of the Vulnerable Software and Affected Versions BLU-IC2 versions through 1.19.5 BLU-IC4 versions through 1.19.5 Description The software allows for the disclosure of email passwords. The issue affects Azure Access Tech BLU-IC2 and BLU-IC4. It is recommended to restrict access and enable...

10CVSS6.5AI score0.00047EPSS

Exploits0References4

Positive Technologies•added 2025/10/27 12:0 a.m.•3 views

PT-2025-43893

Name of the Vulnerable Software and Affected Versions projectworlds Advanced Library Management System version 1.0 Description A flaw exists in projectworlds Advanced Library Management System that allows for remote code execution through SQL injection. Manipulation of the keywords argument withi...

9.8CVSS7.9AI score0.00034EPSS

Exploits1References7

Tenable Nessus•added 2025/10/27 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2025-40002

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - thunderbolt: Fix use-after-free in tbdpdprxwork The original code relies on canceldelayedwork in tbdpdprxstop, which does not ensure that the delayed work item...

5.9AI score0.00032EPSS

Positive Technologies•added 2025/10/27 12:0 a.m.•3 views

PT-2025-43968

Name of the Vulnerable Software and Affected Versions Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System version 1.0 Description A flaw exists in the system that allows for cross site scripting. Manipulation of the category id argument in the file...

5.3CVSS5.2AI score0.0003EPSS

Exploits0References6

Tenable Nessus•added 2025/10/27 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2025-58148

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Some Viridian hypercalls can...

7.5CVSS5.8AI score0.0003EPSS

Positive Technologies•added 2025/10/22 12:0 a.m.•2 views

PT-2025-46556

Name of the Vulnerable Software and Affected Versions Ceph affected versions not specified Description A denial-of-service issue exists in Ceph’s RGW component due to improper input validation. Specifically, providing an empty string as the content for the x-amz-copy-source argument when putting ...

7.8CVSS6.4AI score0.00179EPSS

Exploits1References31

Tenable Nessus•added 2025/10/17 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2025-62491

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Use-After-Free UAF vulnerability exists in the QuickJS engine's standard library when iterating over the global list of unhandled rejected promises...

8.8CVSS6AI score0.00028EPSS

Exploits1References3

Patchstack•added 2025/10/15 12:56 a.m.•4 views

WordPress External Login plugin <= 1.11.2 - Authenticated (Subscriber+) Sensitive Data Exposure via Test Connection vulnerability

Authenticated Subscriber+ Sensitive Data Exposure via Test Connection vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin External Login versions = 1.11.2...

4.3CVSS6.8AI score0.00047EPSS

Exploits0References1Affected Software1

Tenable Nessus•added 2025/10/14 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2018-1335

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line o...

9.3CVSS7.2AI score0.93876EPSS

Exploits10References2

Positive Technologies•added 2025/10/11 12:0 a.m.•3 views

PT-2025-42477

Name of the Vulnerable Software and Affected Versions Webmin version 2.510 Description Webmin version 2.510 has a flaw in the password reset functionality forgot send.cgi. The reset link sent to users is created using the HTTP Host header through the get webmin email url function. An attacker can...

8.5CVSS6.6AI score0.00057EPSS

Exploits1References13

OSV•added 2025/10/10 8:1 p.m.•3 views

CVE-2025-61930 Emlog Pro has CSRF issue that Enables Admin Password Reset

Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery CSRF on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the admin password without...

8.1CVSS7AI score0.00027EPSS

Exploits1References3

7.1CVSS7.2AI score0.00012EPSS

Linux Distros Unpatched Vulnerability : CVE-2022-50442

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/ntfs3: Validate buffer length while parsing index indxread is called when we have some NTFS directory operations that need more information from the index...

5.5CVSS6.1AI score0.00021EPSS

Linux Distros Unpatched Vulnerability : CVE-2023-53667

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: cdcncm: Deal with too low values of dwNtbOutMaxSize Currently in cdcncmchecktxmax, if dwNtbOutMaxSize is lower than the calculated min value, but greater...

Tenable Nessus•added 2025/10/08 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2025-11146

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Reflected Cross-site scripting XSS in Apt-Cacher-NG v3.2.1. The vulnerability allows an attacker to execute malicious scripts XSS in the web management...

5.4CVSS5.8AI score0.00026EPSS

Tenable Nessus•added 2025/10/08 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2025-59149

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In version 8.0.0, rules usi...

6.2CVSS6AI score0.00032EPSS

5.5CVSS6.1AI score0.00017EPSS

Linux Distros Unpatched Vulnerability : CVE-2023-53517

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tipc: do not update mtu if msgmax is too small in mtu negotiation When doing link mtu negotiation, a malicious peer may send Activate msg with a very small mtu,...

5.5CVSS6.1AI score0.00013EPSS

Linux Distros Unpatched Vulnerability : CVE-2023-53593

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cifs: Release folio lock on fscache read hit. Under the current code, when cifsreadpageworker is called, the call contract is that the callee should unlock the...