CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

107 matches found

CNNVD•added 2026/06/08 12:0 a.m.•10 views

NLnet Labs Routinator 安全漏洞

NLnet Labs Routinator is an open-source RPKI routing origin verification service developed by NLnet Labs. There is a security vulnerability in NLnet Labs Routinator, which may lead to crashes when encountering files defined using a special document type via RRDP...

8.7CVSS5.3AI score0.00357EPSS

Exploits0References1

CNNVD•added 2026/05/08 12:0 a.m.•7 views

locize 跨站脚本漏洞

Locize is an open-source browser text editing tool developed by Locize. Versions of Locize prior to 4.0.21 contained a cross-site scripting vulnerability. This vulnerability stemmed from the window.addEventListenermessage, … handler not verifying the event.origin, which could lead to cross-site...

7.5CVSS5.6AI score0.00101EPSS

Exploits0References1

Github Security Blog•added 2026/03/19 4:42 p.m.•5 views

Cross-Site Tool Execution for HTTP Servers without Authorizatrion in github.com/modelcontextprotocol/go-sdk

The Go SDK's Streamable HTTP transport accepted browser-generated cross-site POST requests without validating the Origin header and without requiring Content-Type: application/json. In deployments without Authorization, especially stateless or sessionless configurations, this allows an arbitrary...

7.1CVSS5.8AI score0.00178EPSS

Exploits0References4Affected Software1

EUVD•added 2026/03/09 12:31 p.m.•2 views

EUVD-2026-10319

In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances. You...

5.4CVSS5.7AI score0.00359EPSS

Exploits1References3

EUVD•added 2026/03/09 12:31 p.m.•5 views

EUVD-2026-10318

5.4CVSS5.7AI score0.00359EPSS

Exploits1References3

OSV•added 2026/03/09 11:16 a.m.•3 views

CVE-2026-25604

5.4CVSS5.7AI score

Exploits0References3

NVD•added 2026/03/09 11:16 a.m.•4 views

CVE-2026-25604

5.4CVSS0.00359EPSS

Exploits1References3

ATTACKERKB•added 2026/03/09 10:39 a.m.•5 views

CVE-2026-25604

5.4CVSS5.7AI score0.00359EPSS

Exploits1References3Affected Software1

OSV•added 2026/02/27 6:16 p.m.•2 views

CVE-2026-26862

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting XSS via window.postMessage in the Visual Builder module. The origin validation in src/modules/visualBuilder/pageBuilder.js lines 56-60 uses the includes method to verify the originUrl contains...

8.3CVSS5.8AI score

Exploits0References3

RedhatCVE•added 2026/02/12 7:29 p.m.•6 views

CVE-2026-2345

Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener'message', ... handlers that do not properly validate the origin of incoming messages. Specifically, an internal messaging bridge processes messages based solely on...

3.6CVSS5.5AI score0.00064EPSS

Exploits0References1

ATTACKERKB•added 2026/02/11 2:49 p.m.•5 views

CVE-2026-2345

3.6CVSS5.5AI score0.00064EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/02/04 12:0 a.m.•8 views

PT-2026-5879

Name of the Vulnerable Software and Affected Versions Xendit Payment plugin for WordPress versions up to and including 6.0.2 Description The Xendit Payment plugin for WordPress is susceptible to unauthorized modification of order statuses. This occurs because the plugin exposes a publicly...

5.3CVSS5.5AI score0.00345EPSS

Exploits0References6

RedHat Linux•added 2025/12/22 1:45 a.m.•6 views

webkit: WebKitGTK: Remote user-assisted information disclosure via file drag-and-drop

A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser...

7.4CVSS5.8AI score0.00277EPSS

Exploits0References5

RedHat Linux•added 2025/12/17 4:58 a.m.•4 views

webkit: WebKitGTK: Remote user-assisted information disclosure via file drag-and-drop

7.4CVSS5.8AI score0.00277EPSS

Exploits0References5

RedHat Linux•added 2025/12/11 11:41 a.m.•5 views

webkit: WebKitGTK: Remote user-assisted information disclosure via file drag-and-drop

7.4CVSS5.8AI score0.00277EPSS

Exploits0References5

Cvelist•added 2025/12/03 9:45 a.m.•16 views

CVE-2025-13947 Webkit: webkitgtk: remote user-assisted information disclosure via file drag-and-drop

7.4CVSS0.00277EPSS

Exploits0References14

EUVD•added 2025/12/03 9:45 a.m.•4 views

EUVD-2025-200738

7.4CVSS5.4AI score0.00277EPSS

Exploits0References3

RedhatCVE•added 2025/12/03 9:45 a.m.•2 views

CVE-2025-13947

7.4CVSS5.5AI score0.00277EPSS

Exploits0References3

OSV•added 2025/11/27 6:30 p.m.•7 views

GHSA-MP6X-97XJ-9X62 Mattermost fails to to verify the token used during code exchange

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email...

9.9CVSS7.1AI score0.00304EPSS

Exploits0References7

CVE•added 2025/11/27 5:47 p.m.•128 views

CVE-2025-12421

Mattermost suffers an authentication-tampering vulnerability (CVE-2025-12421) where the token used during code exchange is not verified to originate from the same authentication flow. Affected versions include 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, and 10.5.x

9.9CVSS6.8AI score0.00304EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by