CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

58 matches found

EUVD•added 2026/01/09 6:43 a.m.•7 views

EUVD-2026-1694

Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an...

10CVSS6.6AI score0.90694EPSS

Exploits7References9

NVD•added 2025/11/10 8:15 a.m.•2 views

CVE-2025-41731

A vulnerability was identified in the password generation algorithm when accessing the debug-interface. An unauthenticated local attacker with knowledge of the password generation timeframe might be able to brute force the password in a timely manner and thus gain root access to the device if the...

7.4CVSS0.00028EPSS

Exploits0References1

Cvelist•added 2025/08/27 12:0 a.m.•6 views

CVE-2025-54598

The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via the /notifications/delete/ URI...

0.00047EPSS

Exploits1References3

Github Security Blog•added 2025/04/10 3:31 a.m.•48 views

yiisoft/yii2 Mishandles the Attaching of Behavior Defined by a `__class` Array Key

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025...

9.8CVSS7.1AI score0.77265EPSS

Exploits1References9Affected Software1

NVD•added 2025/03/19 9:15 a.m.•5 views

CVE-2024-12137

Authentication Bypass by Capture-replay vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Session Hijacking. This issue affects ANKA JPD-00028: before V.01.01...

7.6CVSS0.00016EPSS

Exploits0References2

Circl•added 2024/11/18 2:20 p.m.•5 views

CVE-2024-0012

creationtimestamp| type| source ---|---|--- 2024-11-18 14:20:00+00:00| seen| https://security.paloaltonetworks.com/CVE-2024-0012 2024-11-18 14:29:11+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113504429682120533 2024-11-18 14:42:18+00:00| seen|...

9.8CVSS8.3AI score0.94285EPSS

In wildExploits15References101

Cvelist•added 2024/06/21 6:0 a.m.•18 views

CVE-2024-4382 CB (legacy) <= 0.9.4.18 - Code/Timeframe/Booking Deletion via CSRF

The CB legacy WordPress plugin through 0.9.4.18 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacks...

0.00152EPSS

Exploits2References1

wpexploit•added 2024/05/31 12:0 a.m.•114 views

CB (legacy) <= 0.9.4.18 - Code/Timeframe/Booking Deletion via CSRF

Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacks Codes:...

6.7AI score0.00152EPSS

Exploits2

Openbugbounty•added 2024/04/19 12:34 a.m.•14 views

liveatdeerrunapts.com Cross Site Scripting vulnerability OBB-3918834

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score

Exploits0

Openbugbounty•added 2024/04/10 11:32 a.m.•12 views

timednews.com Cross Site Scripting vulnerability OBB-3913887

6.2AI score

Exploits0

Openbugbounty•added 2024/04/03 9:5 a.m.•7 views

dcsbdc.org Cross Site Scripting vulnerability OBB-3897481

6.2AI score

Exploits0

Openbugbounty•added 2024/03/22 2:56 p.m.•8 views

halifax.boldtypetickets.com Cross Site Scripting vulnerability OBB-3884140