CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2025/07/17 8:15 p.m.•3 views

CVE-2025-1729

A DLL hijacking vulnerability was reported in TrackPoint Quick Menu software that, under certain conditions, could allow a local attacker to escalate privileges...

6.7CVSS0.00052EPSS

Vulnrichment•added 2025/07/17 7:17 p.m.•3 views

CVE-2025-1729

A DLL hijacking vulnerability was reported in TrackPoint Quick Menu software that, under certain conditions, could allow a local attacker to escalate privileges...

6.7CVSS7.1AI score0.00052EPSS

Cvelist•added 2025/07/17 7:17 p.m.•9 views

CVE-2025-1729

A DLL hijacking vulnerability was reported in TrackPoint Quick Menu software that, under certain conditions, could allow a local attacker to escalate privileges...

6.7CVSS0.00052EPSS

CVE•added 2025/07/17 7:17 p.m.•45 views

CVE-2025-1729

CVE-2025-1729 affects Lenovo TrackPoint Quick Menu (TPQMAssistant.exe). A DLL hijacking flaw allows a local attacker to escalate privileges by placing a malicious hostfxr.dll in the TPQM directory where the binary is launched; the TPQM folder is writable by standard users, enabling this. The issu...

6.7CVSS6.9AI score0.00052EPSS

CNNVD•added 2025/07/17 12:0 a.m.•1 views

Lenovo TrackPoint Quick Menu 安全漏洞

Lenovo TrackPoint Quick Menu is a shortcut menu program from the Chinese company Lenovo. A security vulnerability exists in Lenovo TrackPoint Quick Menu, which stems from the presence of a DLL hijacking vulnerability that could lead to elevation of privilege by a local attacker...

6.7CVSS6.8AI score0.00052EPSS

Microsoft CVE•added 2025/07/11 7:0 a.m.•0 views

net_sched: qfq: Fix double list add in class with netem as child qdisc

...

7.8CVSS7.2AI score0.00085EPSS

Exploits0

Microsoft CVE•added 2025/07/11 7:0 a.m.•4 views

QUIC certificate check skip with wolfSSL

...

6.5CVSS7.7AI score0.00075EPSS

Exploits1

OSV•added 2025/07/10 8:15 a.m.•1 views

UBUNTU-CVE-2025-38282

In the Linux kernel, the following vulnerability has been resolved: kernfs: Relax constraint in draining guard The active reference lifecycle provides the break/unbreak mechanism but the active reference is not truly active after unbreak -- callers don't use it afterwards but it's important for...

5.5CVSS5.8AI score0.0007EPSS

Exploits0References31

RedhatCVE•added 2025/06/29 2:26 p.m.•3 views

CVE-2025-53287

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Robert Cummings Quick Favicon quick-favicon allows Stored XSS.This issue affects Quick Favicon: from n/a through = 0.22.8...

5.9CVSS5.9AI score0.0017EPSS

NVD•added 2025/06/27 2:15 p.m.•2 views

CVE-2025-53287

5.9CVSS0.0017EPSS

Vulnrichment•added 2025/06/27 1:21 p.m.•3 views

CVE-2025-53287 WordPress Quick Favicon plugin <= 0.22.8 - Cross Site Scripting (XSS) Vulnerability

5.9CVSS5.9AI score0.0017EPSS

CVE•added 2025/06/27 1:21 p.m.•15 views

CVE-2025-53287

CVE-2025-53287 affects the WordPress Quick Favicon plugin. It is a stored XSS due to improper input neutralization during web-page generation, impacting versions up to 0.22.8. Exploitation details or exact patched version are not provided in the documents; remediation is to upgrade to a version t...

5.9CVSS5.9AI score0.0017EPSS

Cvelist•added 2025/06/27 1:21 p.m.•9 views

CVE-2025-53287 WordPress Quick Favicon plugin <= 0.22.8 - Cross Site Scripting (XSS) Vulnerability

5.9CVSS0.0017EPSS

CNNVD•added 2025/06/27 12:0 a.m.•1 views

WordPress plugin Quick Favicon 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...

5.9CVSS5.8AI score0.0017EPSS

Positive Technologies•added 2025/06/27 12:0 a.m.•4 views

PT-2025-27192 · Unknown · Quick Favicon

Name of the Vulnerable Software and Affected Versions: Quick Favicon versions through 0.22.8 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This enables an attacker to inject malicious...

5.9CVSS5.7AI score0.0017EPSS

Exploits0References3

Github Security Blog•added 2025/06/11 3:30 p.m.•6 views

Drupal Quick Node Block Missing Authorization vulnerability

Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing. This issue affects Quick Node Block: from 0.0.0 before 2.0.0...

Exploits0References3Affected Software1

OSV•added 2025/06/11 3:30 p.m.•7 views

GHSA-R6XJ-43CF-9F88 Drupal Quick Node Block Missing Authorization vulnerability

Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing. This issue affects Quick Node Block: from 0.0.0 before 2.0.0...

Github Security Blog•added 2025/06/11 3:30 p.m.•5 views

Drupal Quick Node Block Missing Authorization vulnerability

Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing. This issue affects Quick Node Block: from 0.0.0 before 2.0.0...

Exploits0References3Affected Software1

OSV•added 2025/06/11 3:30 p.m.•4 views

GHSA-C424-HGG9-9C4W Drupal Quick Node Block Missing Authorization vulnerability

Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing. This issue affects Quick Node Block: from 0.0.0 before 2.0.0...