CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nextcloud Server is a self hosted personal cloud system. After storing "Global credentials" on the server, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active session of a user. It is recommended that the...

5.9CVSS6.7AI score0.00746EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 8:55 a.m.•5 views

CVE-2024-29027

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulatio...

9CVSS7.6AI score0.01895EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 7:14 a.m.•6 views

CVE-2024-25723

ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/usernameorid/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. These are also patched...

8.8CVSS9AI score0.89644EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 3:47 p.m.•3 views

CVE-2020-1099

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1100, CVE-2020-1101, CVE-2020-1106...

6.1CVSS5.1AI score0.0219EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 7:55 a.m.•10 views

CVE-2019-5476

An SQL Injection in the Nextcloud Lookup-Server v0.3.0 running on https://lookup.nextcloud.com caused unauthenticated users to be able to execute arbitrary SQL commands...

9.8CVSS8.4AI score0.00564EPSS

Exploits0References1

NVD•added 2025/05/18 8:15 p.m.•13 views

CVE-2025-4894

A vulnerability classified as problematic was found in calmkart Django-sso-server up to 057247929a94ffc358788a37ab99e391379a4d15. This vulnerability affects the function genrsakeys of the file common/crypto.py. The manipulation leads to inadequate encryption strength. The attack can be initiated...

6.3CVSS0.00063EPSS

Exploits1References3

Cvelist•added 2025/05/09 8:59 p.m.•17 views

CVE-2025-47269 code-server session cookie can be extracted by having user visit specially crafted proxy URL

code-server runs VS Code on any machine anywhere through browser access. Prior to version 4.99.4, a maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the session token. Failure to properly validate the port for a proxy request can result in proxying to a...

8.3CVSS0.00331EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by