CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5093 matches found

NVD•added 2025/11/12 7:15 p.m.•2 views

CVE-2025-63929

A null pointer dereference vulnerability exists in airpig2011 IEC104 thru Commit be6d841 2019-07-08. When multiple threads enqueue elements concurrently via IEC10XPrioEnQueue, the function may dereference a null or freed queue pointer, resulting in a segmentation fault and potential...

7.5CVSS0.00085EPSS

Exploits1References2

OSV•added 2025/11/12 7:15 p.m.•0 views

CVE-2025-63929

7.5CVSS5.8AI score0.00085EPSS

Exploits1References2

Cvelist•added 2025/11/12 12:0 a.m.•5 views

CVE-2025-63929

0.00085EPSS

Exploits1References2

Vulnrichment•added 2025/11/11 4:51 p.m.•2 views

CVE-2025-32449

Unquoted search path for some PRI Driver software before version 03.03.1002 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may...

6.7CVSS6.2AI score0.00015EPSS

Exploits0References1

Patchstack•added 2025/11/11 12:46 a.m.•8 views

WordPress Geopost plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Geopost versions = 1.2...

6.4CVSS5.6AI score0.00034EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/11/11 12:39 a.m.•6 views

WordPress Add Multiple Marker plugin <= 1.2 - Missing Authorization to Unauthenticated Settings Update vulnerability

Missing Authorization to Unauthenticated Settings Update vulnerability discovered by Bhayanak Atma in WordPress Plugin Add Multiple Marker versions = 1.2...

5.3CVSS6.7AI score0.00114EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/11/10 10:49 p.m.•4 views

WordPress Holiday class post calendar plugin <= 7.1 - Unauthenticated Remote Code Execution via 'contents' vulnerability

Unauthenticated Remote Code Execution via 'contents' vulnerability discovered by kr0d in WordPress Plugin Holiday class post calendar versions = 7.1...

9.8CVSS7.2AI score0.0031EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/11/10 10:42 p.m.•4 views

WordPress Fleet Manager plugin <= 2.5.1 - Authenticated (Editor+) Stored Cross-Site Scripting vulnerability

Authenticated Editor+ Stored Cross-Site Scripting vulnerability discovered by Ivan Cese in WordPress Plugin Fleet Manager versions = 2.5.1...

4.4CVSS5.5AI score0.00022EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/11/10 10:20 p.m.•3 views

WordPress Live Photos on WordPress plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Live Photos on WordPress versions = 0.1...

6.4CVSS5.5AI score0.00034EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/11/07 1:45 a.m.•6 views

WordPress Gravity Forms plugin <= 2.9.20 - Unauthenticated Arbitrary File Upload via 'copy_post_image' vulnerability

Unauthenticated Arbitrary File Upload via 'copypostimage' vulnerability discovered by Talal Nasraddeen in WordPress Plugin Gravity Forms versions = 2.9.20...

9.8CVSS6.7AI score0.00366EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/11/07 1:43 a.m.•5 views

WordPress IDonate plugin 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_password Function vulnerability

WordPress IDonate plugin 2.1.5 - 2.1.9 - Missing Authorization to Authenticated Subscriber+ Account Takeover/Privilege Escalation via idonatedonorpassword Function vulnerability discovered by kr0d in WordPress Plugin IDonate versions 2.1.5-2.1.9...

8.8CVSS6.7AI score0.00082EPSS

Exploits0References1Affected Software1

Microsoft CVE•added 2025/11/06 1:1 a.m.•6 views

drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV

...

4.7CVSS8.8AI score0.00017EPSS

Exploits0

Patchstack•added 2025/11/05 1:32 a.m.•5 views

WordPress KiotViet Sync plugin <= 1.8.5 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin KiotViet Sync versions = 1.8.5...

9.8CVSS6.7AI score0.00974EPSS

Exploits2References1Affected Software1

Tenable Nessus•added 2025/11/05 12:0 a.m.•1 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988797)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988797 advisory. In the Linux kernel, the following vulnerability has been resolved: ip: Fix data-races around sysctlipfwdupdatepriority. While reading sysctlipfwdupdatepriority, it...

4.7CVSS5.7AI score0.0001EPSS

Exploits0References4

Patchstack•added 2025/11/04 1:25 p.m.•4 views

WordPress Top Bar Notification plugin <= 1.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Top Bar Notification versions = 1.12...

6.1CVSS5.8AI score0.00012EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/11/03 10:38 p.m.•7 views

WordPress Doccure Core plugin < 1.5.4 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Alyudin Nafiie in WordPress Plugin Doccure Core versions 1.5.4...

9.8CVSS6.7AI score0.00198EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/11/03 10:34 p.m.•7 views

WordPress Tablesome plugin <= 1.1.32 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Talal Nasraddeen in WordPress Plugin Tablesome versions = 1.1.32...

9.8CVSS8.3AI score0.0057EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/11/03 12:0 a.m.•9 views

WordPress Kallyas Theme <= 4.24.0 is vulnerable to Remote Code Execution (RCE)

Software Kallyas Type Theme Vulnerable versions = 4.24.0 Fixed in N/A OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2025-6990 Patch priority Medium CVSS severity Medium 8.8 Developer EPC PSID fef69fa1779b Credits stealthcopter Required privilege Contributor Published...

8.8CVSS7.6AI score0.00522EPSS

Exploits0References2Affected Software1

Tenable Nessus•added 2025/10/27 12:0 a.m.•2 views

Siemens SIMATIC Devices Reachable Assertion (CVE-2024-26937)

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Reset queuepriorityhint on parking This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

5.5CVSS6.3AI score0.00006EPSS

Exploits0References2

Patchstack•added 2025/10/27 12:0 a.m.•4 views

WordPress Sahifa Theme < 5.8.6 is vulnerable to Cross Site Scripting (XSS)

Software Sahifa Type Theme Vulnerable versions 5.8.6 Fixed in 5.8.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-64202 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 32bb45fc3f37 Credits João Pedro S Alcântara Kinorth Required privilege...

6.5CVSS5.9AI score0.0003EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by