CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

516 matches found

Vulnrichment•added 2025/11/10 9:27 p.m.•1 views

CVE-2025-64182 OpenEXR has buffer overflow in PyOpenEXR_old's channels() and channel()

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, a memory safety bug in the legacy OpenEXR Python adapter the deprecated...

7CVSS7.7AI score0.00205EPSS

Exploits1References2

IBM Security Bulletins•added 2025/11/07 7:31 p.m.•7 views

Security Bulletin: IBM Cognos Analytics Certified Containers is affected by security vulnerabilities

Summary IBM Cognos Analytics Certified Containers is affected by vulnerabilities in the PostgreSQL JDBC Driver. Additionally , IBM Cognos Certified Containers is affected by an Information Disclosure vulnerability. Vulnerability Details CVEID:CVE-2022-31197 DESCRIPTION: PostgreSQL JDBC Driver...

10CVSS7.4AI score0.0481EPSS

Exploits2Affected Software1

RedhatCVE•added 2025/10/21 8:8 p.m.•3 views

CVE-2025-62522

Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0 to before 6.4.1, 7.0.0 to before 7.0.8, and 7.1.0 to before 7.1.11, files denied by server.fs.deny were sent if the URL ended...

6.5CVSS6.3AI score0.00965EPSS

Exploits0References5

EUVD•added 2025/10/14 7:30 p.m.•28 views

EUVD-2025-34454

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...

8.6CVSS7.8AI score0.3896EPSS

Exploits6References1

OSV•added 2025/10/13 9:4 p.m.•4 views

CVE-2025-62176 Mastadon streaming server allows OAuth clients without the `read` scope to subscribe to public channels

Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...

4.3CVSS6.9AI score0.00254EPSS

Exploits0References4

OSV•added 2025/10/13 8:9 p.m.•2 views

GHSA-77R9-W39M-9XH5 Omni vulnerable to information leak via API

Impact Omni might leak sensitive information via an API. Patches v1.1.5, v1.0.2 and v1.2.0 contain the patch. Workarounds None. References None...

8.6CVSS6.7AI score0.00284EPSS

Exploits0References4

Tenable Nessus•added 2025/10/09 12:0 a.m.•1 views

Zimbra Collaboration Server 9.x < 9.0.0 Patch 39, 10.0.x < 10.0.13, 10.1.x < 10.1.5 XSS

According to its self-reported version number, Zimbra Collaboration Server is affected by the following vulnerability including:A stored cross-site scripting XSS vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML. Using a specifically crafted email, a attacker...

5.4CVSS7.4AI score0.04241EPSS

Exploits1References6

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2016-10275

Malware in sbrugna...

8.2CVSS8.2AI score0.02403EPSS

Exploits1References9

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2021-2137

Malware in sbrugna...

7.5CVSS7.5AI score0.01493EPSS

Exploits0References6