CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

36 matches found

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-12096

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.0236EPSS

Exploits1References3

CNNVD•added 2025/06/24 12:0 a.m.•2 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. An open redirect vulnerability exists in Mozilla Firefox for Android, which can be exploited by an attacker to conduct a phishing attack by opening a link to the URL specified in the query string...

4.3CVSS6.5AI score0.00177EPSS

Exploits1References3

Veracode•added 2024/05/20 9:43 a.m.•7 views

Open Redirect

drupal/drupal is vulnerable to Open Redirect. The vulnerability is due to the insecure handling of the "destination" query string parameter in Drupal core and contributed modules. This allows malicious users to craft URLs that redirect unsuspecting users to third-party websites...

7AI score

Exploits0

UbuntuCve•added 2023/12/25 9:15 a.m.•27 views

CVE-2023-38321

OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service NULL pointer dereference, daemon crash, and Captive Portal outage via a GET request to /openndsauth/ that lacks a custom query string parameter and client-token...

7.5CVSS7.1AI score0.00053EPSS

Exploits0References4

Prion•added 2023/12/25 9:15 a.m.•14 views

Null pointer dereference

5CVSS7.1AI score0.00053EPSS

Exploits0References3Affected Software1

CNNVD•added 2023/12/04 12:0 a.m.•4 views

Vite Cross-Site Scripting Vulnerability

Vite is a new front-end builder tool open-sourced by Vite. Vite suffers from a cross-site scripting vulnerability that stems from the ability to inject arbitrary HTML into the output by providing a malicious URL query string...

6.1CVSS6.1AI score0.07321EPSS

Exploits1References3

CNVD•added 2023/01/30 12:0 a.m.•2 views

TOTOLINK A830R QUERY_STRING Command Injection Vulnerability

The TOTOLINK A830R is a dual-band wireless router that supports both 2.4GHz and 5GHz bands with a maximum wireless transfer rate of 1200Mbps, making it suitable for home network coverage needs. The TOTOLINK A830R suffers from a command injection vulnerability that stems from its QUERYSTRING...

7.5CVSS7.7AI score0.11165EPSS

Exploits1References1

OSV•added 2023/01/27 3:15 p.m.•0 views

CVE-2022-48069

Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter...

7.5CVSS5.8AI score0.11165EPSS

Exploits1References1

CNNVD•added 2023/01/27 12:0 a.m.•3 views

TOTOLINK A830R 操作系统命令注入漏洞

7.5CVSS7.5AI score0.11165EPSS

Exploits1References3

Veracode•added 2022/11/23 10:37 a.m.•18 views

Cross-Site Scripting (XSS)

silverstripe/admin is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in vendor.js due to an outdated jquery which allows an attacker to inject and execute arbitrary javascript using a specially crafted proto query string parameter...

5.4CVSS5.5AI score0.00322EPSS

Exploits0References7Affected Software1

Prion•added 2022/07/12 3:15 p.m.•13 views

Cross site scripting

The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting XSS via the query string parameter q. In the case where it does not contain the http string, it is used to build the errormessage that is then rendered in the error.html template, using the flask.rendertemplate functio...

4.3CVSS5.9AI score0.00301EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 2022/06/27 10:15 p.m.•0 views

CVE-2022-32092

D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter at ajaxexplorer.sgi...

9.8CVSS5.5AI score0.2247EPSS

Exploits1References3

OSV•added 2022/06/27 10:15 p.m.•0 views

CVE-2022-32092

D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter at ajaxexplorer.sgi...

9.8CVSS6.9AI score0.2247EPSS

Exploits1References2

VulnCheck KEV•added 2022/04/01 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-25079

TOTOLink A810R V4.1.2cu.5182B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS7.5AI score0.05664EPSS

Exploits1References1

VulnCheck KEV•added 2022/04/01 12:0 a.m.•1 views

VulnCheck KEV: CVE-2022-25076

TOTOLink A800R V4.1.2cu.5137B20200730 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS7.5AI score0.05664EPSS

Exploits1References1

VulnCheck KEV•added 2022/04/01 12:0 a.m.•1 views

VulnCheck KEV: CVE-2022-25077

TOTOLink A3100R V4.1.2cu.5050B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS7.5AI score0.51028EPSS

Exploits1References1

OSV•added 2022/02/24 3:15 p.m.•1 views

CVE-2022-25079

9.8CVSS7.5AI score0.05664EPSS

Exploits1References1

ATTACKERKB•added 2022/02/24 3:15 p.m.•77 views

CVE-2022-25076

9.8CVSS7.6AI score0.05664EPSS

In wildExploits1References2

OSV•added 2022/02/24 3:15 p.m.•0 views

CVE-2022-25076

9.8CVSS6AI score0.05664EPSS

Exploits1References1

OSV•added 2022/02/24 3:15 p.m.•0 views

CVE-2022-25082

TOTOLink A950RG V5.9c.4050B20190424 and V4.1.2cu.5204B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS7.5AI score0.89573EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by