Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

88729 matches found

Redos
Redosadded 2025/12/23 12:0 a.m.9 views

ROS-20251223-7321

A vulnerability in the urllib.parse.urlsplit and urlparse functions of the Python programming language interpreter is related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow an attacker acting remotely to affect data integrity...

6.3CVSS6.8AI score0.0067EPSS
Exploits0
Redos
Redosadded 2025/12/23 12:0 a.m.6 views

ROS-20251223-7323

A vulnerability in the urllib.parse.urlsplit and urlparse functions of the Python programming language interpreter is related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow an attacker acting remotely to affect data integrity...

6.3CVSS6.8AI score0.0067EPSS
Exploits0
Snyk
Snykadded 2025/12/22 9:36 p.m.5 views

Regular Expression Denial of Service (ReDoS)

Overview @fedify/fedify is an An ActivityPub server framework Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via docloader.ts. An attacker can cause the event loop to become unresponsive by supplying a specially crafted HTML payload that triggers...

7.5CVSS6.6AI score0.00481EPSS
Exploits1References2
OSV
OSVadded 2025/12/22 1:16 a.m.3 views

CVE-2025-15004

A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelistmain.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

8.8CVSS5.7AI score0.00302EPSS
Exploits1References4
EUVD
EUVDadded 2025/12/22 12:32 a.m.5 views

EUVD-2025-204679

A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument KRECAPTCHASITEKEY/KRECAPTCHASECRETKEY results in use of hard-coded cryptographic key . It is possibl...

6.3CVSS6.1AI score0.00397EPSS
Exploits1References6
Cvelist
Cvelistadded 2025/12/22 12:32 a.m.30 views

CVE-2025-15005 CouchCMS reCAPTCHA config.example.php hard-coded key

A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument KRECAPTCHASITEKEY/KRECAPTCHASECRETKEY results in use of hard-coded cryptographic key . It is possibl...

6.3CVSS0.00397EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2025/12/22 12:32 a.m.4 views

CVE-2025-15005 CouchCMS reCAPTCHA config.example.php hard-coded key

A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument KRECAPTCHASITEKEY/KRECAPTCHASECRETKEY results in use of hard-coded cryptographic key . It is possibl...

6.3CVSS4.2AI score0.00397EPSS
Exploits1References5
RedhatCVE
RedhatCVEadded 2025/12/22 12:16 a.m.10 views

CVE-2025-14989

A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/search-invoices.php. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit is publicly available and...

9.8CVSS7.1AI score0.00326EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2025/12/22 12:0 a.m.7 views

PT-2025-52618

Name of the Vulnerable Software and Affected Versions CouchCMS versions up to 2.4 Description A security issue exists in CouchCMS related to the reCAPTCHA Handler component. The issue resides in an unknown function within the couch/config.example.php file. Manipulation of the arguments K RECAPTCH...

6.3CVSS6AI score0.00397EPSS
Exploits1References12
RedhatCVE
RedhatCVEadded 2025/12/20 4:4 p.m.6 views

CVE-2025-14954

A vulnerability has been found in Open5GS up to 2.7.6. Affected is the function ogspfcppdrfindoradd/ogspfcpfarfindoradd/ogspfcpurrfindoradd/ogspfcpqerfindoradd in the library lib/pfcp/context.c of the component QER/FAR/URR/PDR. The manipulation leads to reachable assertion. It is possible to...

6.3CVSS4.5AI score0.00501EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/12/20 4:17 a.m.8 views

CVE-2025-14940

A vulnerability was determined in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /admin/deleteuser.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly...

9.8CVSS7.1AI score0.00333EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/12/19 10:13 p.m.5 views

CVE-2025-68381

Improper Bounds Check CWE-787 in Packetbeat can allow a remote unauthenticated attacker to exploit a Buffer Overflow CAPEC-100 and reliably crash the application or cause significant resource exhaustion via a single crafted UDP packet with an invalid fragment sequence number...

6.5CVSS7.1AI score0.00387EPSS
Exploits0References1
EUVD
EUVDadded 2025/12/19 9:30 p.m.4 views

EUVD-2025-204590

A vulnerability was detected in code-projects Simple Blood Donor Management System 1.0. The affected element is an unknown function of the file /editedcampaign.php. The manipulation of the argument campaignname results in sql injection. The attack can be executed remotely. The exploit is now publ...

7.5CVSS6.6AI score0.00323EPSS
Exploits1References6
Vulnrichment
Vulnrichmentadded 2025/12/19 7:32 p.m.4 views

CVE-2025-14966 FastAdmin Backend Controller Backend.php selectpage sql injection

A vulnerability was determined in FastAdmin up to 1.7.0.20250506. Affected is the function selectpage of the file application/common/controller/Backend.php of the component Backend Controller. Executing a manipulation of the argument custom/searchField can lead to sql injection. It is possible to...

5.8CVSS4.9AI score0.00314EPSS
Exploits1References6
OSV
OSVadded 2025/12/19 7:15 p.m.2 views

CVE-2025-14964

A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083B20200521. This affects the function sprintf of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument loginAuthUrl leads to stack-based buffer overflow. The attack may be performed from remote...

9.3CVSS6.4AI score0.00871EPSS
Exploits1References5
NVD
NVDadded 2025/12/19 7:15 p.m.9 views

CVE-2025-14964

A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083B20200521. This affects the function sprintf of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument loginAuthUrl leads to stack-based buffer overflow. The attack may be performed from remote...

10CVSS0.00871EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2025/12/19 7:2 p.m.2 views

CVE-2025-14964 TOTOLINK T10 cstecgi.cgi sprintf stack-based overflow

A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083B20200521. This affects the function sprintf of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument loginAuthUrl leads to stack-based buffer overflow. The attack may be performed from remote...

10CVSS9.4AI score0.00871EPSS
Exploits1References5
OSV
OSVadded 2025/12/19 6:15 p.m.2 views

CVE-2025-14959

A weakness has been identified in code-projects Simple Stock System 1.0. This issue affects some unknown processing of the file /market/signup.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available...

9.8CVSS5.8AI score0.00323EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2025/12/19 6:2 p.m.2 views

CVE-2025-14959 code-projects Simple Stock System signup.php sql injection

A weakness has been identified in code-projects Simple Stock System 1.0. This issue affects some unknown processing of the file /market/signup.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available...

7.5CVSS7.2AI score0.00323EPSS
Exploits1References5
OSV
OSVadded 2025/12/19 5:15 p.m.4 views

CVE-2025-14955

A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ogspfcphandlecreatepdr in the library lib/pfcp/handler.c of the component PFCP. The manipulation results in improper initialization. It is possible to launch the attack remotely. This attack is...

6.3CVSS6.6AI score
Exploits0References8
Rows per page
Query Builder