CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

572 matches found

Cvelist•added 2025/11/10 9:56 p.m.•3 views

CVE-2025-64507 Incus vulnerable to local privilege escalation through custom storage volumes

Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true...

8.6CVSS0.00027EPSS

Exploits1References3

CVE•added 2025/11/10 8:55 a.m.•3 views

CVE-2025-12397

CVE-2025-12397 is a SQL injection vulnerability in Looker Studio that affects reports using BigQuery as the data source. A Looker Studio user with report view access could inject malicious SQL that runs with the report owner’s permissions. The issue’s impact is tied to the data source and report ...

7.6CVSS7.5AI score0.00032EPSS

Exploits0References2

OSV•added 2025/11/05 7:52 p.m.•1 views

GHSA-CPF4-PMR4-W6CX IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering

Summary ZITADEL's Organization V2Beta API contains Insecure Direct Object Reference IDOR vulnerabilities that allow authenticated users with specific administrator roles within one organization to access and modify data belonging to other organizations. Impact ZITADEL's Organization V2Beta API,...

8.7CVSS6.7AI score0.00056EPSS

Exploits0References5

OSV•added 2025/10/28 5:45 p.m.•2 views

GHSA-QCPR-679Q-RHM2 Astro's bypass of image proxy domain validation leads to SSRF and potential XSS

Summary This is a patch bypass of CVE-2025-58179 in commit 9ecf359. The fix blocks http://, https:// and //, but can be bypassed using backslashes \ - the endpoint still issues a server-side fetch. PoC...

7.2CVSS6.8AI score0.00044EPSS

Exploits1References5

Information Security Automation•added 2025/10/26 9:35 p.m.•7 views

About Cross Site Scripting – Zimbra Collaboration (CVE-2025-27915) vulnerability

About Cross Site Scripting - Zimbra Collaboration CVE-2025-27915 vulnerability. Zimbra Collaboration is a collaboration software suite, somewhat similar to Microsoft Exchange. Exploiting this vulnerability in the web mail client Classic Web Client allows an unauthenticated attacker to execute...

5.4CVSS7.2AI score0.26053EPSS

Exploits1

CVE•added 2025/10/22 3:11 p.m.•9 views

CVE-2025-62606

CVE-2025-62606 affects My Little Forum (PHP/MySQL). Before version 2.5.12, an authenticated SQL injection vulnerability exists in the bookmark reordering feature, allowing any logged-in user to execute arbitrary SQL commands. This can lead to a full compromise of the application’s database (read,...

8.8CVSS7.8AI score0.00038EPSS

Exploits0References2

Debian CVE•added 2025/10/22 1:23 p.m.•2 views

CVE-2023-53731

In the Linux kernel, the following vulnerability has been resolved: netlink: fix potential deadlock in netlinkseterr syzbot reported a possible deadlock in netlinkseterr 1 A similar issue was fixed in commit 1d482e666b8e "netlink: disable IRQs for netlinklocktable" in netlinklocktable This patch...

5.4AI score0.00067EPSS

Exploits0

Patchstack•added 2025/10/22 12:4 a.m.•7 views

WordPress All in One Time Clock Lite plugin <= 2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Clocking In/Out vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary Clocking In/Out vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin All in One Time Clock Lite versions = 2.0...

4.3CVSS6.7AI score0.00036EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/10/09 8:57 p.m.•13 views

CVE-2025-61783 Python Social Auth - Django has unsafe account association

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service doe...

6.3CVSS0.00081EPSS

Exploits0References6

Cvelist•added 2025/10/09 5:1 p.m.•6 views

CVE-2017-20203 NetSarang v5.0 Malicious Backdoor Supply Chain Compromise

NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322, Xftp 5.0 Build 1218, and Xlpd 5.0 Build 1220 contain a malicious nssock2.dll that implements a multi-stage, DNS-based backdoor. The dormant library contacts a C2 DNS server via a specially crafted TXT...

9.3CVSS0.00895EPSS

Exploits0References4

CVE•added 2025/10/09 3:2 a.m.•10 views

CVE-2025-11529

This CVE affects ChurchCRM up to version 5.18.0 in the API Endpoint’s AuthMiddleware (src/ChurchCRM/Slim/Middleware/AuthMiddleware.php). The vulnerability is an authentication bypass: the AuthMiddleware function allows missing authentication, enabling remote exploitation. Public exploits exist, a...

9.8CVSS6.9AI score0.00162EPSS

Exploits1References6Affected Software1