CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1252 matches found

NVD•added 2026/01/08 7:16 p.m.•8 views

CVE-2026-22257

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generates a file view of a folder without sanitizing the files or folders names, this may potentially lead to XSS in cases where a website allow the access to public files using this feature and anyone can uploa...

8.8CVSS0.003EPSS

Exploits1References2

RedhatCVE•added 2025/12/31 11:5 a.m.•6 views

CVE-2025-69034

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Lekker lekker allows PHP Local File Inclusion.This issue affects Lekker: from n/a through = 1.8...

8.1CVSS7.1AI score0.00327EPSS

Exploits0References1

Cvelist•added 2025/12/18 7:21 a.m.•23 views

CVE-2025-58706 WordPress Woo Hoo theme <= 1.25 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Woo Hoo woohoo allows PHP Local File Inclusion.This issue affects Woo Hoo: from n/a through = 1.25...

8.1CVSS0.00415EPSS

Exploits0References1

CNNVD•added 2025/12/03 12:0 a.m.•5 views

Pepper Programming Language 安全漏洞

Pepper Programming Language is an interpreted programming language from the Dutch individual developer Danny van Kooten. A security vulnerability exists in Pepper Programming Language version 0.1.1commit, which originates from a heap buffer overflow and could lead to the execution of arbitrary co...

8.4CVSS7.5AI score0.00206EPSS

Exploits1References3

Fedora•added 2025/11/29 5:7 p.m.•9 views

[SECURITY] Fedora 42 Update: drupal7-7.103-1.fc42

Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure...

9.8CVSS9AI score0.00956EPSS

Exploits0

Fedora•added 2025/11/29 4:49 p.m.•6 views

[SECURITY] Fedora 43 Update: drupal7-7.103-1.fc43

6.1CVSS9AI score0.00308EPSS

Exploits0

Redos•added 2025/11/24 12:0 a.m.•4 views

ROS-20251124-04

Go programming language vulnerability is related to unrestricted resource allocation. Exploitation The vulnerability could allow an attacker acting remotely to cause a denial of service...

5.3CVSS6.8AI score0.00385EPSS

Exploits0

Redos•added 2025/11/24 12:0 a.m.•6 views

ROS-20251124-03

A vulnerability in the PHP programming language is related to the execution of a loop with an unreachable exit condition. Exploitation of the vulnerability allows an attacker to cause a denial of service...

5.5CVSS6.9AI score0.00565EPSS

Exploits0

RedhatCVE•added 2025/11/21 7:37 p.m.•5 views

CVE-2025-52671

Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use...

4.3CVSS5AI score0.00307EPSS

Exploits1References1

Tenable Nessus•added 2025/11/20 12:0 a.m.•3 views

RHEL 10 : golang (RHSA-2025:21779)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21779 advisory. The golang packages provide the Go programming language compiler. Security Fixes: golang: archive/tar: Unbounded allocation when parsing GNU sparse...

4.3CVSS7.7AI score0.00382EPSS

Exploits0References5

Redos•added 2025/10/30 12:0 a.m.•6 views

ROS-20251030-05

Vulnerability of Erlang programming language OTP library set is related to incorrect checking of ZIP archives in "zip:unzip/1,2" and "zip:extract/1,2" procedures of Erlang/OTP standard library ZIP archives in the "zip:unzip/1,2" and "zip:extract/1,2" procedures of the Erlang/OTP standard library...

7.1CVSS7.3AI score0.00442EPSS

Exploits0

RedhatCVE•added 2025/10/28 9:1 p.m.•5 views

CVE-2025-62524

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP’s...

5.3CVSS6.6AI score0.00238EPSS

Exploits0References1

Tenable Nessus•added 2025/10/21 12:0 a.m.•6 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.24 (SUSE-SU-2025:3682-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3682-1 advisory. go1.24.9 released 2025-10-13 includes fixes to the crypto/x509 package. bsc1236217 crypto/x509:...

7.5CVSS7.2AI score0.00586EPSS

Exploits0References32

Redos•added 2025/10/14 12:0 a.m.•4 views

ROS-20251014-11

Go programming language vulnerability is related to improper input validation. Exploitation The vulnerability could allow a remote attacker to bypass existing security restrictions. security...

5.4CVSS7AI score0.00308EPSS

Exploits0

Redos•added 2025/10/08 12:0 a.m.•4 views

ROS-20251008-07

Vulnerabilities The Go programming language vulnerability is related to synchronization errors when using a of a shared resource. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...

7CVSS6.8AI score0.00331EPSS

Exploits0