CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

399 matches found

PerkinElmer ProcessPlus <= 1.11.6507.0 - Local File Inclusion

Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus through 1.11.6507.0. id: CVE-2024-6911 info: name: PerkinElmer ProcessPlus = 1.11.6507.0 - Local File Inclusion author:...

8.7CVSS7.3AI score0.93322EPSS

Exploits2References4

Microsoft CVE•added 2026/05/12 2:0 p.m.•10 views

Microsoft Word Information Disclosure Vulnerability

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally...

5.5CVSS5.8AI score0.00042EPSS

Exploits0

CNNVD•added 2026/05/07 12:0 a.m.•4 views

Microsoft Partner Center 安全漏洞

The Microsoft Partner Center is an online platform operated by Microsoft Corporation in the United States. There is a security vulnerability in the Microsoft Partner Center, which stems from cross-domain resource references controlled by external parties. This vulnerability could allow unauthoriz...

8.2CVSS5.8AI score0.00217EPSS

Exploits0References2

Packet Storm News•added 2026/04/21 12:0 a.m.•2 views

I2P 2.12.0

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version...

5.8AI score

Exploits0

Packet Storm News•added 2026/04/03 12:0 a.m.•2 views

Apple Live Caller ID Privacy Concerns

Apple's oblivious HTTP relay for Live Caller ID Lookup iOS 18+ routes traffic through 14 third-party endpoints across six countries. These include an anonymous Delaware LLC sharing data with OpenAI, a Russian endpoint Yandex, and a Swiss GmbH whose privacy policy names "The Legal Entity to be...

5.9AI score

Exploits0

Snyk•added 2026/03/16 6:47 p.m.•2 views

Files or Directories Accessible to External Parties

Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties through the importStdMd import process in kernel/api/import.go. An attacker can import data from sensitive or unintended local paths and potentially access or expose local files by...

8.2CVSS5.8AI score0.00061EPSS

Exploits1References3

CNNVD•added 2026/02/19 12:0 a.m.•3 views

WordPress plugin rtMedia for WordPress, BuddyPress and bbPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.8AI score0.00041EPSS

Exploits0References1

Packet Storm News•added 2026/02/10 12:0 a.m.•2 views

I2P 2.11.0

5.6AI score

Exploits0

Snyk•added 2026/01/20 12:30 a.m.•1 views

Files or Directories Accessible to External Parties

Overview mineadmin/mineadmin is a Quickly build a background management system for web applications Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the Swagger component. An attacker can access sensitive information by sending crafted...

7.5CVSS5.6AI score0.00068EPSS

Exploits1References2

CNNVD•added 2026/01/19 12:0 a.m.•4 views

Tandoor Recipes: Security Vulnerabilities

Tandoor Recipes is an open-source application designed for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes from 23.05 to 26.05 contained security vulnerabilities. These vulnerabilities stemmed from the default configuration, where database files...

8.7CVSS5.8AI score0.00164EPSS

Exploits0References5

Packet Storm News•added 2026/01/02 12:0 a.m.•2 views

Impersonating Quantum Secrets over Classical Channels

We show that a simple eavesdropper listening in on classical communication between potentially entangled quantum parties will eventually be able to impersonate any of the parties. Furthermore, the attack is efficient if one-way puzzles do not exist. As a direct consequence, one-way puzzles are...

6.9AI score

Exploits0

Vulnrichment•added 2025/12/08 4:57 p.m.•2 views

CVE-2025-48536

In grantAllowlistedPackagePermissions of SettingsSliceProvider.java, there is a possible way for a third party app to modify secure settings due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...

6.4AI score0.00006EPSS

Exploits0References2

Vulnrichment•added 2025/11/11 2:11 p.m.•2 views

CVE-2025-11959 Improper Access Control in Premierturk's Excavation Management Information System

Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information Technologies Inc. Excavation Management Information System allows Footprinting, Functionality Misuse. This issue affects Excavation...

8.1CVSS5.8AI score0.00041EPSS

Exploits0References2

CNVD•added 2025/10/21 12:0 a.m.•2 views

WordPress Ally plugin stack buffer overflow vulnerability

WordPress Ally plugin is a free and open source WordPress plugin, mainly used to improve the accessibility of the website Accessibility, to help users simplify the website accessibility process. A stack buffer overflow vulnerability exists in the WordPress Ally plugin, which originates from the...

4.3CVSS7.2AI score0.00019EPSS

Exploits0References1