CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9289 matches found

IBM Security Bulletins•added 2025/01/28 10:8 p.m.•16 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to Google Protocol Buffers (CVE-2024-7254).

Summary IBM App Connect Enterprise and IBM App Connect Enterprise Toolkit are vulnerable to a denial of service due to Google Protocol Buffers CVE-2024-7254. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Google...

8.7CVSS7AI score0.00134EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/01/28 10:8 p.m.•18 views

Security Bulletin: IBM Maximo Application Suite - Predict Component component uses cryptography-43.0.0-cp39-abi3-manylinux_2_28_x86_64.whl which is vulnerable to this CVE-2024-6119

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component component uses cryptography-43.0.0-cp39-abi3-manylinux228x8664.whl which is vulnerable to this CVE-2024-6119. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

7.5CVSS6.5AI score0.10778EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/01/28 10:8 p.m.•17 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to stored cross-site scripting (CVE-2024-45071)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

5.5CVSS5.3AI score0.00302EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/01/28 10:8 p.m.•16 views

Security Bulletin: Vulnerabilities in Apache Commons IO library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2024-47554)

Summary Apache Commons IO library is used by Tivoli Netcool/OMNIbus WebGUI as part of Apache POI dependency for Seasonal Event Graphs export feature. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Apache Commons IO is vulnerable to a denial of service, caused by an uncontrolled resource...

4.3CVSS7AI score0.00127EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/01/28 10:8 p.m.•24 views

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure under specific conditions (CVE-2024-40679)

Summary IBM® Db2® is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions. Vulnerability Details CVEID:CVE-2024-40679 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to an...

5.5CVSS6AI score0.00063EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/01/28 10:8 p.m.•20 views

Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-context-6.1.13.jar which is vulnerable to this CVE-2024-38820

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-context-6.1.13.jar which is vulnerable to this CVE-2024-38820. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION...

5.3CVSS6AI score0.01473EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/01/28 10:8 p.m.•18 views

Security Bulletin: IBM Maximo Application Suite - Predict Component component uses werkzeug-3.0.4-py3-none-any.whl which is vulnerable to this CVE-2024-49767 and CVE-2024-49766

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component component uses werkzeug-3.0.4-py3-none-any.whl which is vulnerable to this CVE-2024-49767 and CVE-2024-49766. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

7.5CVSS7.2AI score0.01392EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/01/28 10:8 p.m.•22 views

Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-webmvc-6.1.12.jar which is vulnerable to this CVE-2024-38816

Summary Security Bulletin:IBM Maximo Application Suite - AI Broker Component component uses spring-webmvc-6.1.12.jar which is vulnerable to this CVE-2024-38816. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38816 DESCRIPTION:...

7.5CVSS6.1AI score0.9389EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/01/28 10:8 p.m.•15 views

Security Bulletin: IBM Match 360 is vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354)

Summary IBM Match 360 is vulnerable to an XML External Entity XXE injection because of a vulnerable found in IBM Websphere Application Server Liberty. IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External...

7CVSS6.9AI score0.00019EPSS

Exploits0Affected Software1

RedHat Linux•added 2025/01/23 9:34 a.m.•1 views

go-git: argument injection via the URL field

An argument injection vulnerability was found in go-git. This flaw allows an attacker to set arbitrary values to git-upload-pack flags, leading to command or code execution, exposure of sensitive data, or other unintended behavior. This is only possible in configurations where the file transport...

9.8CVSS7.4AI score0.03834EPSS

Exploits0References6

NVD•added 2025/01/22 3:15 p.m.•2 views

CVE-2025-23874

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FalconTheme Team WP Block Pack wp-block-pack allows Reflected XSS.This issue affects WP Block Pack: from n/a through = 1.1.6...

7.1CVSS0.00232EPSS

Exploits0References1

Vulnrichment•added 2025/01/22 2:29 p.m.•7 views

CVE-2025-23874 WordPress WP Block Pack plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability

7.1CVSS7.2AI score0.00232EPSS

Exploits0References1

Cvelist•added 2025/01/22 2:29 p.m.•12 views

CVE-2025-23874 WordPress WP Block Pack plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability

7.1CVSS0.00232EPSS

Exploits0References1

CVE•added 2025/01/22 2:29 p.m.•40 views

CVE-2025-23874

CVE-2025-23874 – Reflected Cross‑Site Scripting in NotFound WP Block Pack (WP Block Pack). Affected: WP Block Pack versions up to 1.1.6 (noted as NotFound Block Pack). Public references in the data set include Red Hat’s RH:CVE-2025-23874 and Wordfence vulnerability listings for Block Pack under C...

7.1CVSS7.2AI score0.00232EPSS

Exploits0References1

OSV•added 2025/01/22 8:15 a.m.•1 views

CVE-2025-0428

The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportprompts function. This allows authenticated attackers, with...

7.2CVSS7.5AI score0.00486EPSS

Exploits0References2

CNNVD•added 2025/01/22 12:0 a.m.•2 views

WordPress plugin WP Block Pack 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS7.8AI score0.00232EPSS

Exploits0References2

CNNVD•added 2025/01/22 12:0 a.m.•3 views

Thermo Fisher Scientific Xcalibur 安全漏洞

Thermo Fisher Scientific Xcalibur is a data acquisition and interpretation software from Thermo Fisher Scientific USA. A security vulnerability exists in Thermo Fisher Scientific Xcalibur versions prior to 4.7 SP1 and Thermo Foundation Instrument Control Software ICSW versions prior to 3.1 SP10,...

7.8CVSS6.7AI score0.00083EPSS

Exploits0References3

Positive Technologies•added 2025/01/22 12:0 a.m.•4 views

PT-2025-2132 · WordPress · Ai Power: Complete Ai Pack

Name of the Vulnerable Software and Affected Versions: AI Power: Complete AI Pack plugin for WordPress versions up to, and including, 1.8.96 Description: The issue allows authenticated attackers with subscriber-level access and above to make web requests to arbitrary locations originating from th...

5.4CVSS7.1AI score0.00222EPSS

Exploits0References8

Patchstack•added 2025/01/21 10:47 p.m.•2 views

WordPress AI Power: Complete AI Pack plugin <= 1.8.96 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by shaman0x01 in WordPress Plugin GPT3 AI Content Writer versions = 1.8.96...

5.4CVSS7AI score0.00222EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/01/21 10:44 p.m.•3 views

WordPress AI Power: Complete AI Pack plugin <= 1.8.96 - Authenticated (Admin+) PHP Object Injection vulnerability

Authenticated Admin+ PHP Object Injection vulnerability discovered by Tran Anh Duc in WordPress Plugin GPT3 AI Content Writer versions = 1.8.96...

7.2CVSS7.3AI score0.00486EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by