CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

424 matches found

RedhatCVE•added 2026/01/09 12:32 p.m.•1 views

CVE-2023-31043

EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...

7.5CVSS6.9AI score0.0014EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:34 a.m.•2 views

CVE-2017-18909

An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory...

7.5CVSS7AI score0.00148EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:46 a.m.•3 views

CVE-2025-15018

The Optional Email plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in all versions up to, and including, 1.3.11. This is due to the plugin not restricting its 'randompassword' filter to registration contexts, allowing the filter to affect password reset key...

9.8CVSS6.2AI score0.00155EPSS

Exploits0References1

NVD•added 2026/01/07 12:16 p.m.•1 views

CVE-2025-15018

9.8CVSS0.00155EPSS

Exploits0References2

Cvelist•added 2026/01/07 8:21 a.m.•22 views

CVE-2025-15018 Optional Email <= 1.3.11 - Unauthenticated Privilege Escalation to Account Takeover

9.8CVSS0.00155EPSS

Exploits0References2

Vulnrichment•added 2026/01/07 8:21 a.m.•1 views

CVE-2025-15018 Optional Email <= 1.3.11 - Unauthenticated Privilege Escalation to Account Takeover

9.8CVSS5.8AI score0.00155EPSS

Exploits0References2

CVE•added 2026/01/07 8:21 a.m.•17 views

CVE-2025-15018

CVE-2025-15018: Affects Optional Email plugin for WordPress. Root cause: the plugin does not restrict its 'random_password' filter to registration contexts, allowing it to influence password reset key generation. Impact: unauthenticated attackers can set a known password reset key during password...

9.8CVSS5.8AI score0.00155EPSS

Exploits0References2

Patchstack•added 2026/01/07 5:59 a.m.•5 views

WordPress Optional Email plugin <= 1.3.11 - Unauthenticated Privilege Escalation to Account Takeover vulnerability

Unauthenticated Privilege Escalation to Account Takeover vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Optional Email versions = 1.3.11...

9.8CVSS6.8AI score0.00155EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/01/07 12:0 a.m.•2 views

PT-2026-1599

Name of the Vulnerable Software and Affected Versions Optional Email versions prior to 1.3.12 Description The Optional Email plugin for WordPress is susceptible to a privilege escalation issue leading to account takeover. This occurs because the plugin does not limit the 'random password' filter ...

9.8CVSS7AI score0.00155EPSS

Exploits0References10

CNNVD•added 2026/01/07 12:0 a.m.•1 views

WordPress plugin Optional Email 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPre...

9.8CVSS6.7AI score0.00155EPSS

Exploits0References2

Hacker One•added 2025/12/20 11:55 a.m.•13 views

curl: Functional Regression in Digest Authentication: Failure to handle optional spaces and escaped quotes

Summary A recent migration of the Digest authentication parsing logic to the curlxstr strparse API introduced two functional parsing regressions in lib/vauth/digest.c. 1. Optional Whitespace OWS Handling The current implementation fails to skip optional whitespace after comma delimiters in...

7.2AI score

Exploits0

OSV•added 2025/12/12 12:19 p.m.•3 views

OESA-2025-2802 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in ncirxwork syzbot reported the following uninit-value access issue 1 ncirxwork parses received packet from ndev-rxq. It should be...

7.8CVSS6AI score0.00119EPSS

Exploits4References96

RedhatCVE•added 2025/12/12 1:6 a.m.•3 views

CVE-2025-59802

Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups OCG are supported, the state property of an OCG is runtime-only and not included in the digital signature computation buffer. An attacker can leverage JavaScript or PDF triggers to dynamical...

7.5CVSS6.7AI score0.0004EPSS

Exploits0References1

EUVD•added 2025/12/11 6:30 p.m.•4 views

EUVD-2025-202693

7.5CVSS6.2AI score0.0004EPSS

Exploits0References2

NVD•added 2025/12/11 4:16 p.m.•2 views

CVE-2025-59802

7.5CVSS0.0004EPSS

Exploits0References1

OSV•added 2025/12/11 4:16 p.m.•1 views

CVE-2025-59802

7.5CVSS5.8AI score

Exploits0References1

Vulnrichment•added 2025/12/11 12:0 a.m.•2 views

CVE-2025-59802

6.3AI score0.0004EPSS

Exploits0References1

CVE•added 2025/12/11 12:0 a.m.•10 views

CVE-2025-59802

Summary: CVE-2025-59802 affects Foxit PDF Editor/Reader prior to 2025.2.1. The issue is signature spoofing via Optional Content Groups (OCG): the OCG state is runtime-only and not included in the signature buffer, allowing an attacker to dynamically flip OCG visibility after signing (Post-Sign) u...

7.5CVSS6.2AI score0.0004EPSS

Exploits0References1Affected Software2

Cvelist•added 2025/12/11 12:0 a.m.•27 views

CVE-2025-59802

0.0004EPSS

Exploits0References1

Positive Technologies•added 2025/12/11 12:0 a.m.•4 views

PT-2025-50623

7.5CVSS6.7AI score0.0004EPSS

Exploits0References2

Rows per page