CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

53635 matches found

Relevanssi <= 4.24.4 (Free) - Unauthenticated SQL Injection

The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 Free and = 2.27.4 Premium due to insufficient escaping on the user supplied parameter and lack of sufficient...

7.5CVSS7.3AI score0.02536EPSS

Exploits2References5

Nuclei•added 16 hours ago•62 views

Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover

The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to chan...

9.8CVSS7.7AI score0.16826EPSS

Exploits3References4

Nuclei•added 16 hours ago•47 views

eyoucms v.1.6.5 - Cross-Site Scripting

Cross Site Scripting XSS vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. id: CVE-2024-22927 info: name: eyoucms v.1.6.5 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross Site Scripting XSS...

6.1CVSS6.7AI score0.01028EPSS

Exploits1References2

Nuclei•added 16 hours ago•18 views

Mage AI - Insecure Default Authentication Setup

A vulnerability was found in Mage AI 0.9.75. It has been classified as problematic. This affects an unknown part. The manipulation leads to insecure default initialization of resource. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability i...

6.3CVSS4.8AI score0.01045EPSS

Exploits1References5

Nuclei•added 16 hours ago•935 views

Roundcube Webmail - Remote Code Execution

Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization. id: CVE-2025-49113 info: name: Roundcube Webmail - Remote...

9.9CVSS8AI score0.89462EPSS

Exploits29References8

OSV•added yesterday•6 views

ROOT-OS-UBUNTU-2404-CVE-2025-39826 CVE-2025-39826 in rootio-linux - Patched by Root

Root has patched CVE-2025-39826 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

7CVSS5.4AI score0.00132EPSS

Exploits0

OSV•added yesterday•6 views

ROOT-OS-UBUNTU-2404-CVE-2025-38500 CVE-2025-38500 in rootio-linux - Patched by Root

Root has patched CVE-2025-38500 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

7.8CVSS8.1AI score0.0014EPSS

Exploits0

OSV•added yesterday•5 views

ROOT-OS-UBUNTU-2404-CVE-2025-23148 CVE-2025-23148 in rootio-linux - Patched by Root

Root has patched CVE-2025-23148 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

5.5CVSS7.2AI score0.00169EPSS

Exploits0

OSV•added yesterday•6 views

ROOT-OS-UBUNTU-2204-CVE-2025-38345 CVE-2025-38345 in rootio-linux - Patched by Root

Root has patched CVE-2025-38345 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

5.5CVSS7.2AI score0.00163EPSS

Exploits0

OSV•added yesterday•9 views

ROOT-OS-DEBIAN-13-CVE-2026-31516 CVE-2026-31516 in rootio-linux - Patched by Root

Root has patched CVE-2026-31516 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

7CVSS5.2AI score0.00099EPSS

Exploits0

SUSE CVE•added 2 days ago•9 views

SUSE CVE-2026-48619

unknown...

5.8AI score

Exploits0References3

AstraLinux•added 4 days ago•3 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus – Track the decryption status in vmbusgpadl. In CoCo VMs, it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail, resulting in an error and the shared memory being...

8.1CVSS5.8AI score0.00915EPSS

Exploits0References2

IBM Security Bulletins•added 5 days ago•51 views

Security Bulletin: OpenSSH client bug (CVE-2016-0777 and CVE-2016-0778)

Question Security Bulletin: OpenSSH client bug CVE-2016-0777 and CVE-2016-0778 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All...

8.1CVSS7.3AI score0.63468EPSS

Exploits3Affected Software1

OSV•added 5 days ago•8 views

ROOT-OS-DEBIAN-12-CVE-2026-23038 CVE-2026-23038 in rootio-linux - Patched by Root

Root has patched CVE-2026-23038 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...

5.5CVSS5.4AI score0.00222EPSS

Exploits0

OSV•added 5 days ago•11 views

ROOT-OS-DEBIAN-11-CVE-2022-49167 CVE-2022-49167 in rootio-linux - Patched by Root

Root has patched CVE-2022-49167 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

5.5CVSS5.4AI score0.00237EPSS

Exploits0

NVD•added 6 days ago•8 views

CVE-2026-48979

PHP Standard Library PSL is set of APIs covering async, collections, networking, I/O, cryptography, terminal UI, etc. In versions 6.1.0, 6.1.1 and 6.2.0, the Psl\H2\ServerConnection does not validate that the total bytes received in DATA frames match the content-length header declared in the...

7.5CVSS0.00267EPSS

Exploits0References3