CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

OSV•added 2026/02/21 9:32 p.m.•3 views

ECHO-32C7-8A8F-5DF3

Bulletin has no description...

4.3CVSS5.1AI score0.00374EPSS

Exploits0References1

EUVD•added 2026/01/24 9:8 a.m.•6 views

EUVD-2026-4545

The LeadBI Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formid' parameter of the 'leadbiform' shortcode in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

6.4CVSS5.8AI score0.00192EPSS

Exploits0References6

EUVD•added 2026/01/16 7:9 p.m.•2 views

EUVD-2026-2899

WebSSH for iOS 14.16.10 contains a denial of service vulnerability in the mashREPL tool that allows attackers to crash the application by pasting malformed input. Attackers can trigger the vulnerability by copying a 300-character buffer of repeated 'A' characters into the mashREPL input field,...

7.5CVSS6.3AI score0.00402EPSS

Exploits0References4

EUVD•added 2026/01/01 3:30 a.m.•1 views

EUVD-2025-206110

To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used...

6.5AI score

Exploits0References1

OSV•added 2025/11/18 10:27 a.m.•1 views

MINI-H87X-V789-82W4

Bulletin has no description...

7.8CVSS6.9AI score0.00161EPSS

Exploits0

RedhatCVE•added 2025/05/22 9:35 p.m.•6 views

CVE-2021-43781

Invenio-Drafts-Resources is a submission/deposit module for Invenio, a software framework for research data management. Invenio-Drafts-Resources prior to versions 0.13.7 and 0.14.6 does not properly check permissions when a record is published. The vulnerability is exploitable in a default...

6.4CVSS6.6AI score0.00662EPSS

Exploits1

Circl•added 2025/03/02 1:31 a.m.•16 views

CVE-2025-1808

creationtimestamp| type| source ---|---|--- 2025-03-02 01:31:01+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6084 2025-03-02 02:30:38+00:00| published-proof-of-concept| Telegram/yqhHHpTMJThvOnMP9KSTnP0VqA7-wzWy3afb6m7cmgNDxD4 2025-03-02 04:23:54+00:00| seen|...

7.5CVSS7.3AI score0.00536EPSS

Exploits0References2

Circl•added 2024/10/30 8:3 p.m.•4 views

CVE-2024-48647

creationtimestamp| type| source ---|---|--- 2024-10-30 20:03:01+00:00| seen| https://t.me/cvedetector/9450 2025-10-01 18:11:56+00:00| seen| MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6 2025-10-08 21:59:27+00:00| seen| MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6...

7.2CVSS4.8AI score0.00757EPSS

Exploits2References1

OSV•added 2024/07/11 1:19 p.m.•10 views

GHSA-GH9F-6XM2-C4J2 SurrealDB vulnerable to Improper Authentication when Changing Databases as Scope User

Authentication would not be properly validated when an already authenticated scope user would use the use method or USE clause to switch working databases in a session. If there was a user record in the new database with identical record identifier as the original record that the user authenticat...

6.3CVSS7.2AI score

Exploits0References4

BDU FSTEC•added 2019/12/17 12:0 a.m.•3 views

The vulnerability of the Web Time and Expense interface of the integrated enterprise management system Microsoft Dynamics NAV allows a malicious individual to gain unauthorized access to arbitrary reports.

The vulnerability of the Web Time and Expense interface of the integrated enterprise management system Microsoft Dynamics NAV is related to the insecure direct object reference IDOR. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to arbitrar...

4.3CVSS5.6AI score0.00683EPSS

Exploits0References4Affected Software1

OSV•added 2017/09/14 1:29 p.m.•3 views

CVE-2017-1002009

Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function...

9.8CVSS5.9AI score0.02277EPSS

Exploits1References2