CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

38 matches found

Clustering Local File Inclusion

Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. id: CVE-2021-43496 inf...

7.5CVSS7.8AI score0.40172EPSS

Exploits1References5

Positive Technologies•added 5 days ago•8 views

PT-2026-45183

A vulnerability was identified in Aider-AI Aider 0.86.3. Affected is an unknown function of the file aider/args.py of the component Pre-commit Hook Handler. Such manipulation of the argument git-commit-verify leads to protection mechanism failure. The attack may be launched remotely. The exploit ...

6.5CVSS6.3AI score0.00061EPSS

Exploits0References7

Nuclei•added 2026/05/29 3:59 a.m.•24 views

Ruby Dragonfly <1.4.0 - Remote Code Execution

Ruby Dragonfly before 1.4.0 contains an argument injection vulnerability that allows remote attackers to read and write to arbitrary files via a crafted URL when the verifyurl option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishand...

9.8CVSS7.6AI score0.93359EPSS

Exploits4References5

ATTACKERKB•added 2026/04/20 3:12 p.m.•0 views

CVE-2026-40896

OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with manageagendas permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target...

6.5CVSS5.8AI score0.00033EPSS

Exploits1References3Affected Software1

GithubExploit•added 2026/01/11 6:5 p.m.•131 views

Exploit for SQL Injection in Vishalmathur Cloudclassroom-Php_Project

...

9.8CVSS7AI score0.00994EPSS

Exploits4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-2151

Malware in sbrugna...

5.5CVSS5.9AI score0.00128EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-6667

Malware in sbrugna...

4.3CVSS4.8AI score0.00543EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-6656

Malware in sbrugna...

4.3CVSS4.8AI score0.00487EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2016-3093

Malware in sbrugna...

9.8CVSS9.2AI score0.00363EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-5110

Malicious code in bioql PyPI...

8.7CVSS6.5AI score0.00269EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-12810

Malicious code in bioql PyPI...

8.1CVSS7.9AI score0.00357EPSS

Exploits0References3

OSV•added 2025/07/23 8:38 p.m.•4 views

CVE-2025-32019 Harbor's repository description page allows for XSS

Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Versions 2.11.2 and below, as well as versions 2.12.0-rc1 and 2.13.0-rc1, contain a vulnerability where the markdown field in the info tab page can be exploited to inject XSS code. This is fixed ...

4.1CVSS6AI score0.0016EPSS

Exploits0References6

Positive Technologies•added 2025/06/30 12:0 a.m.•1 views

PT-2025-27496 · Gluu Flex +1 · Gluu Flex +1

Name of the Vulnerable Software and Affected Versions: Janssen Project versions prior to 1.8.0 Gluu Flex versions prior to 5.8.0 Description: The Janssen Project is an open-source identity and access management IAM platform. Prior to version 1.8.0, the Config API returns results without scope...

8.2CVSS5.9AI score0.00435EPSS

Exploits0References14

RedhatCVE•added 2025/05/22 3:13 p.m.•4 views

CVE-2020-1449

A remote code execution vulnerability exists in Microsoft Project software when the software fails to check the source markup of a file, aka 'Microsoft Project Remote Code Execution Vulnerability'...

9.3CVSS8AI score0.14767EPSS

Exploits0

RedhatCVE•added 2025/05/22 4:24 a.m.•9 views

CVE-2019-12180

An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code Java scripting language on the victim machine by inducing it ...

9.3CVSS7AI score0.08637EPSS

Exploits2References1

RedhatCVE•added 2025/05/21 9:50 p.m.•2 views

CVE-2005-4296

AppServ Open Project 2.5.3 allows remote attackers to cause a denial of service via a large HTTP request...

7.8CVSS7AI score0.03207EPSS

Exploits1References1

OSV•added 2025/03/20 10:15 a.m.•1 views

CVE-2024-11041

vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue API function. The function uses pickle.loads to parse received sockets directly, leading to a remote code execution vulnerability. An attacker can exploit this by sending a malicious payload to the MessageQueue,...

9.8CVSS7.4AI score

Exploits0References1

Cvelist•added 2025/03/20 10:10 a.m.•7 views

CVE-2024-11041 Remote Code Execution in vllm-project/vllm

9.8CVSS0.05599EPSS

Exploits1References1

Veracode•added 2025/03/12 8:14 a.m.•3 views

Double-signing Attack

github.com/strangelove-ventures/horcrux is vulnerable to a double-signing attack. The vulnerability is due to a race condition in signature state handling when two independent events occurring within the same microsecond, allowing unintended duplicate signatures and leads to unintended...

6.9AI score

Exploits0

RedhatCVE•added 2025/02/20 7:20 p.m.•2 views

CVE-2025-25284

The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. A vulnerability in ZOO-Project's WPS Web Processing Service implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the GdalTranslate service, whe...

8.7CVSS6.7AI score0.00269EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by