CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

CVE-2026-11161

CVE-2026-11161 affects Google Chrome due to an inappropriate implementation in DataTransfer. A crafted HTML page can leak cross-origin data, as described for Chrome versions prior to 149.0.7827.53. The described impact is a cross-origin data leak with Medium severity. The fix is to update to Chro...

4.3CVSS5.8AI score0.00013EPSS

Exploits0References2Affected Software1

CVE•added 2025/12/09 10:44 a.m.•6 views

CVE-2025-40830

CVE-2025-40830 affects Siemens SINEC Security Monitor before version 4.10.0. The issue is missing authorization checks for the file_transfer feature in ssmctl-client, enabling an authenticated, low-priv local attacker to read or write arbitrary files on the server or sensor. Mitigation: upgrade t...

8.4CVSS6.2AI score0.00014EPSS

Exploits0References1Affected Software1

EUVD•added 2025/10/09 9:31 p.m.•3 views

EUVD-2025-33567

Newforma Info Exchange NIX provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent...

5.5CVSS6.3AI score0.00033EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-31757

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.0006EPSS

Exploits0References2

RedhatCVE•added 2025/09/14 4:25 a.m.•4 views

CVE-2025-10278

A flaw has been found in YunaiV ruoyi-vue-pro up to 2025.09. Impacted is an unknown function of the file /crm/contact/transfer. This manipulation of the argument ids/newOwnerUserId causes improper authorization. The attack is possible to be carried out remotely. The exploit has been published and...

6.5CVSS6.2AI score0.00093EPSS

Exploits0References1

Amazon•added 2025/06/02 12:0 a.m.•7 views

Important: soci-snapshotter

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS7.6AI score0.00294EPSS

Exploits0

Positive Technologies•added 2024/11/28 12:0 a.m.•2 views

PT-2024-38555 · WordPress · Terawallet – For Woocommerce

Name of the Vulnerable Software and Affected Versions: Wallet for WooCommerce plugin for WordPress versions up to, and including, 1.5.6 Description: The issue arises from a numerical logic flaw when transferring funds to another user, allowing authenticated attackers with Subscriber-level access...

6.5CVSS7AI score0.00125EPSS

Exploits0References6

Cvelist•added 2018/04/28 1:0 p.m.•15 views

CVE-2018-10468

The transferFrom function of a smart contract implementation for Useless Ethereum Token UET, an Ethereum ERC20 token, allows attackers to steal assets e.g., transfer all victims' balances into their account because certain computations involving value are incorrect, as exploited in the wild...

7.5AI score0.003EPSS

Exploits3References2