CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

26 matches found

Snyk•added 2026/05/22 9:0 p.m.•9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a remote code execution backdoor and an advanced credential stealer. A malicious actor exploited remapped historical tags to commit malicious commits, retroactively compromising over 700 versions of...

9.8CVSS6.5AI score

Exploits0References2

RedhatCVE•added 2025/11/25 3:8 p.m.•1 views

CVE-2025-12978

Fluent Bit inhttp, insplunk, and inelasticsearch input plugins contain a flaw in the tagkey validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed acces...

5.4CVSS7.1AI score0.00196EPSS

Exploits0References1

EUVD•added 2025/11/24 3:30 p.m.•1 views

EUVD-2025-198807

5.4CVSS6.6AI score0.00196EPSS

Exploits0References2

The Hacker News•added 2025/11/24 3:3 p.m.•5 views

New Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure Intrusions

Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit, an open-source and lightweight telemetry agent, that could be chained to compromise and take over cloud infrastructures. The security defects "allow attackers to bypass authentication, perform path traversal, achieve...

9.8CVSS8.7AI score0.86343EPSS

Exploits3

Cvelist•added 2025/11/24 2:42 p.m.•4 views

CVE-2025-12978 CVE-2025-12978

0.00196EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2006-0806

Malware in sbrugna...

2.6CVSS6.4AI score0.07475EPSS

Exploits1References8

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-53141

Malicious code in bioql PyPI...

6.5CVSS7.8AI score0.00498EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-2703

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.0062EPSS

Exploits0References5

RedhatCVE•added 2025/05/22 7:35 a.m.•5 views

CVE-2018-13423

admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag...

6.1CVSS6.1AI score0.0024EPSS

Exploits0References1

AlpineLinux•added 2024/06/11 1:15 p.m.•19 views

CVE-2024-5696

By manipulating the text in an input tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...

8.6CVSS6.3AI score0.02069EPSS

Exploits0

UbuntuCve•added 2024/06/11 12:0 a.m.•19 views

CVE-2024-5696

8.6CVSS6.9AI score0.02069EPSS

Exploits0References6

CVE•added 2024/02/07 5:17 p.m.•185 views

CVE-2024-24822

Pimcore Admin Classic Bundle (pre-1.3.3) is affected by CVE-2024-24822 due to broken access control in tag management. An attacker can create, delete, and modify tags without proper permissions. A fix is available in version 1.3.3; patch can be applied manually via the referenced PR.

9.1CVSS9AI score0.00003EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2023/05/29 12:0 a.m.•4 views

CVE-2023-30253

Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: ?PHP instead of ?php in injected data...

7.5AI score0.89175EPSS

Exploits16References3

CNNVD•added 2022/11/13 12:0 a.m.•1 views

OpenKM 安全漏洞

OpenKM is a document management system from OpenKM Spain. The system provides features such as version control, file history and file sharing. A security vulnerability exists in OpenKM versions prior to 6.3.11, which originates from an unknown function getFileExtension in the...

5.5CVSS5.7AI score0.00083EPSS

Exploits1References6

CVE•added 2022/09/08 8:20 p.m.•63 views

CVE-2022-36095

CVE-2022-36095 : XWiki Platform is vulnerable to a Cross-Site Request Forgery (CSRF) for adding or removing tags on pages. Affected releases are before versions 13.10.5 and 14.3 . The issue is fixed in those versions. As a workaround, users can locally modify the template involved (documentTags.v...

4.3CVSS4.5AI score0.00112EPSS

Exploits0References3Affected Software1

BDU FSTEC•added 2021/02/16 12:0 a.m.•1 views

The vulnerability of the qtdemux_tag_add_str_full function (gst/isomp4/qtdemux.c) in the gst-plugins-good plugin for the Gstreamer multimedia framework allows a attacker to trigger a service failure.

The vulnerability of the qtdemuxtagaddstrfull function gst/isomp4/qtdemux.c in the Gst-plugins-good plugin for the Gstreamer multimedia framework is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause...

7.8CVSS7AI score0.01678EPSS

Exploits0References6Affected Software4

Github Security Blog•added 2021/01/29 6:13 p.m.•33 views

Users can edit the tags of any discussion

This advisory concerns a vulnerability which was patched and publicly released on October 5, 2020. Impact This vulnerability allowed any registered user to edit the tags of any discussion for which they have READ access using the REST API. Users were able to remove any existing tag, and add any t...

0.9AI score

Exploits0References6Affected Software1

NVD•added 2020/05/06 1:15 p.m.•6 views

CVE-2020-2184

A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL...

4.3CVSS4.5AI score0.0062EPSS

Exploits0References2

CVE•added 2018/07/30 3:0 p.m.•514 views

CVE-2018-10903

The CVE-2018-10903 issue affects python-cryptography versions >=1.9.0 and

7.5CVSS7.2AI score0.00239EPSS

Exploits0References4Affected Software1