CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4570 matches found

Vulnrichment•added 2025/11/26 1:28 a.m.•2 views

CVE-2025-12848 XSS vulnerability when rendering filename in Webform Multiform

Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting XSS vulnerability in the file name renderer. An unauthenticated attacker can exploit this vulnerability by uploading a file with a malicious filename containing JavaScript code e.g., "" to a Webform node with a...

7CVSS6AI score0.00304EPSS

Exploits0References4

ATTACKERKB•added 2025/11/26 1:28 a.m.•2 views

CVE-2025-12848

7CVSS5.9AI score0.00304EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2025/11/26 12:0 a.m.•7 views

PT-2025-48120

Name of the Vulnerable Software and Affected Versions Drupal Webform Multiple File Upload module versions 7.x affected versions not specified Description The Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting XSS issue in the file name renderer. An unauthenticated...

7CVSS6.1AI score0.00304EPSS

Exploits0References9

OSV•added 2025/11/25 10:18 p.m.•4 views

JLSEC-2025-318 A vulnerability was found in LibTIFF up to 4.7.0

A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It...

7.8CVSS6.8AI score0.0026EPSS

Exploits1References7

OSV•added 2025/11/25 10:18 p.m.•2 views

JLSEC-2025-288 A vulnerability was found in LibTIFF

A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tifgetimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and m...

8.8CVSS7.4AI score0.01237EPSS

Exploits1References8

Tenable Nessus•added 2025/11/25 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2022-50557

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: pinctrl: thunderbay: fix possible memory leak in thunderbaybuildfunctions The...

5.2AI score0.00193EPSS

Exploits0References2

Tenable Nessus•added 2025/11/25 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2025-53042

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and...

4.9CVSS6.3AI score0.00533EPSS

Exploits0References2

Tenable Nessus•added 2025/11/24 12:0 a.m.•2 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: libtiff (UTSA-2025-990944)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990944 advisory. A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function gethistogram of the file...

7.8CVSS5.5AI score0.00228EPSS

Exploits1References4

NVD•added 2025/11/23 8:15 p.m.•3 views

CVE-2025-13566

A security vulnerability has been detected in jarun nnn up to 5.1. The impacted element is the function showcontentinfloatingwindow/runcmdasplugin of the file nnn/src/nnn.c. The manipulation leads to double free. An attack has to be approached locally. The identifier of the patch is...

4.8CVSS0.00117EPSS

Exploits0References6

Tenable Nessus•added 2025/11/20 12:0 a.m.•4 views

TencentOS Server 4: cmake (TSSA-2025:0738)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0738 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

4.8CVSS5.5AI score0.00135EPSS

Exploits0References2

Tenable Nessus•added 2025/11/20 12:0 a.m.•4 views

TencentOS Server 4: ghostscript (TSSA-2024:0902)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0902 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.5CVSS7.5AI score0.01543EPSS

Exploits0References2

Tenable Nessus•added 2025/11/20 12:0 a.m.•5 views

TencentOS Server 4: jq (TSSA-2025:0406)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0406 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

6.5CVSS6.4AI score0.00351EPSS

Exploits1References2

Tenable Nessus•added 2025/11/20 12:0 a.m.•4 views

TencentOS Server 3: .NET 7.0 (TSSA-2023:0175)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0175 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

7.8CVSS8.7AI score0.15519EPSS

Exploits0References3

Vulnrichment•added 2025/11/19 3:32 p.m.•3 views

CVE-2025-13397 mrubyc alloc.c mrbc_raw_realloc null pointer dereference

A security vulnerability has been detected in mrubyc up to 3.4. This impacts the function mrbcrawrealloc of the file src/alloc.c. Such manipulation of the argument ptr leads to null pointer dereference. An attack has to be approached locally. The name of the patch is...

4.8CVSS6.4AI score0.00125EPSS

Exploits0References6

NCSC•added 2025/11/19 8:34 a.m.•9 views

Vulnerability fixed in Fortinet FortiWeb

Fortinet has fixed a vulnerability in FortiWeb. The vulnerability is in the way Fortinet FortiWeb handles HTTP requests and CLI commands. Authenticated attackers can exploit this vulnerability to execute unauthorized code via carefully crafted HTTP requests or CLI commands. Fortinet has confirmed...

7.2CVSS7.2AI score0.54376EPSS

Exploits9References2

CBLMariner•added 2025/11/17 8:45 p.m.•3 views

CVE-2024-25621 affecting package moby-containerd-cc for versions less than 1.7.7-13

CVE-2024-25621 affecting package moby-containerd-cc for versions less than 1.7.7-13. A patched version of the package is available...

7.8CVSS6.9AI score0.00145EPSS

Exploits1

EUVD•added 2025/11/15 12:30 a.m.•7 views

EUVD-2024-26050

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing...

9.8CVSS6.8AI score0.36619EPSS

Exploits0References3

CBLMariner•added 2025/11/14 10:3 p.m.•3 views

CVE-2025-39839 affecting package kernel for versions less than 6.6.112.1-1

CVE-2025-39839 affecting package kernel for versions less than 6.6.112.1-1. A patched version of the package is available...

7.1CVSS6.8AI score0.00164EPSS

Exploits0

CBLMariner•added 2025/11/14 10:3 p.m.•4 views

CVE-2025-8277 affecting package libssh for versions less than 0.10.6-4

CVE-2025-8277 affecting package libssh for versions less than 0.10.6-4. A patched version of the package is available...

3.1CVSS6.9AI score0.00375EPSS

Exploits0