CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1495 matches found

OSV•added 2025/04/16 6:31 p.m.•3 views

GHSA-2689-CW26-6CPJ Whoogle allows attackers to execute arbitrary code via supplying a crafted search query

An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query...

9.3CVSS7.7AI score0.00465EPSS

Exploits1References5

OSV•added 2025/04/15 3:16 p.m.•6 views

CVE-2025-27980

cashbook v4.0.3 has an arbitrary file read vulnerability in /api/entry/flow/invoice/show?invoice=...

6.5CVSS6.9AI score

Exploits0References1

Positive Technologies•added 2025/04/15 12:0 a.m.•5 views

PT-2025-16303 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A code injection issue has been identified. No further details are available. Recommendations: At the moment, there is no information about a newer version that contains a fix for this issue...

6.8AI score

Exploits0References3

Citrix•added 2025/04/10 12:0 a.m.•10 views

Director is not showing correct number of active sessions

Director is not showing correct number of active sessions. Number of active session in Studio console does not match with Director - Filters -Sessions option...

7.1AI score

Exploits0

Patchstack•added 2025/04/09 5:28 p.m.•4 views

WordPress VKontakte Cross-Post plugin <= 0.3.2 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by johska in WordPress Plugin VKontakte Cross-Post versions = 0.3.2...

7.1CVSS7.5AI score0.00158EPSS

Exploits0Affected Software1

OSV•added 2025/04/09 5:5 p.m.•7 views

GO-2025-3594 MinIO performs incomplete signature validation for unsigned-trailer uploads in github.com/minio/minio

MinIO performs incomplete signature validation for unsigned-trailer uploads in github.com/minio/minio...

8.7CVSS7.2AI score0.02193EPSS

Exploits0References4

OSV•added 2025/04/09 1:26 p.m.•3 views

CGA-7QQ2-MJHR-3QGR

Bulletin has no description...

7.2AI score

Exploits0

OSV•added 2025/04/09 12:15 p.m.•4 views

CVE-2025-29189

Flowise = 2.2.3 is vulnerable to SQL Injection. via tableName parameter at PostgresVectorStores...

7.6CVSS7.3AI score

Exploits0References1

Positive Technologies•added 2025/04/09 12:0 a.m.•6 views

PT-2025-15885

Name of the Vulnerable Software and Affected Versions: OpenSSH versions prior to 10.0 Description: The issue arises from the DisableForwarding directive in sshd not following its documentation. Specifically, it does not properly disable X11 and agent forwarding as stated. Recommendations: For...

6.8CVSS7.6AI score0.06997EPSS

Exploits4References67

Citrix•added 2025/04/07 12:0 a.m.•10 views

LogonUI.exe process hanging after logoff from multi-session VDA

When utilizing multi-session VDA with the Duo Security agent installed, users may close out the applications in an attempt to log off of the VDA but the LogonUI.exe process will hang. This will result in multiple Terminal Services sessions showing active with the same session number, but no user...

7AI score

Exploits0

OSV•added 2025/04/04 5:57 a.m.•1 views

BELL-CVE-2025-22001

Bulletin has no description...

5.5CVSS7.3AI score0.00155EPSS

Exploits0References1

OSV•added 2025/04/04 5:57 a.m.•1 views

BELL-CVE-2025-31115

Bulletin has no description...

8.7CVSS7.5AI score0.00587EPSS

Exploits0References1

OSV•added 2025/04/03 9:15 p.m.•8 views

CVE-2024-47214

An issue was discovered in Iglu Server 0.13.0 and below. It is similar to CVE-2024-47212, but involves a different kind of malicious payload. As above, it can render Iglu Server completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would...

7.5CVSS7AI score

Exploits0References1

Github Security Blog•added 2025/04/03 6:30 p.m.•10 views

InternLM LMDeploy code injection vulnerability

A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit has...

7.8CVSS7.5AI score0.00288EPSS

Exploits1References7Affected Software1

OSV•added 2025/04/03 2:15 p.m.•13 views

BIT-JOOMLA-2023-23752 [20230201] - Core - Improper access check in webservice endpoints

An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints...

5.3CVSS5.5AI score0.99827EPSS

Exploits42References3

OSV•added 2025/04/03 2:13 p.m.•4 views

BIT-JOOMLA-2021-26033 [20210502] - Core - CSRF in AJAX reordering endpoint

An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint...

6.5CVSS6.4AI score0.00604EPSS

Exploits0References2

OSV•added 2025/04/03 2:12 p.m.•6 views

BIT-JOOMLA-2021-23127 [20210301] - Core - Insecure randomness within 2FA secret generation

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes...

9.1CVSS9.2AI score0.01567EPSS

Exploits0References2

OSV•added 2025/04/03 2:11 p.m.•5 views

BIT-JOOMLA-2020-35614 [20201105] - Core - User Enumeration in backend login

An issue was discovered in Joomla! 3.9.0 through 3.9.22. Improper handling of the username leads to a user enumeration attack vector in the backend login page...

5.3CVSS5.1AI score0.01079EPSS

Exploits0References2

OSV•added 2025/04/03 2:10 p.m.•13 views

BIT-JOOMLA-2020-24599

An issue was discovered in Joomla! before 3.9.21. Lack of escaping in modlatestactions allows XSS attacks...

6.1CVSS6.1AI score0.01162EPSS

Exploits0References2

OSV•added 2025/04/03 2:10 p.m.•8 views

BIT-JOOMLA-2020-15697

An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class could be modified by users...

4.3CVSS7.1AI score0.00998EPSS

Exploits0References2