CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

RedhatCVE•added 2026/03/25 9:31 p.m.•2 views

CVE-2026-33249

A flaw was found in NATS-Server. A valid client can exploit this flaw by manipulating message tracing headers to redirect trace messages to any valid subject, even those for which the client lacks publish permissions. This allows for unauthorized sending of trace messages, potentially bypassing...

6.4CVSS5.6AI score0.00012EPSS

Exploits0References5

ATTACKERKB•added 2026/01/21 7:54 p.m.•2 views

CVE-2025-68140

EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. However, if no session has been registered, the default value is 0. Therefore, a message...

4.3CVSS5.2AI score0.00033EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/01/21 7:54 p.m.•1 views

CVE-2025-68140 EVerest allows null session ID to bypass session ID verification

4.3CVSS5.4AI score0.00033EPSS

Exploits0References1

NVD•added 2025/10/27 9:15 a.m.•1 views

CVE-2025-12080

On Wear OS devices, when Google Messages is configured as the default SMS/MMS/RCS application, the handling of ACTIONSENDTO intents utilizing the sms:, smsto:, mms:, and mmsto: Uniform Resource Identifier URI schemes is incorrectly implemented. Due to this misconfiguration, an attacker capable of...

6.9CVSS0.00003EPSS

Exploits0References1

Positive Technologies•added 2025/10/27 12:0 a.m.•2 views

PT-2025-43907

Name of the Vulnerable Software and Affected Versions Google Messages for Wear OS affected versions not specified Description A flaw exists in Google Messages for Wear OS where the handling of ACTION SENDTO intents using sms:, smsto:, mms:, and mmsto: Uniform Resource Identifier URI schemes is...

6.9CVSS9AI score0.00003EPSS

Exploits0References17

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2004-2617

Malware in sbrugna...

3.7CVSS6.4AI score0.02211EPSS

Exploits1References8

CVE•added 2025/05/17 6:42 p.m.•30 views

CVE-2025-47948

Cocotais Bot (QQ bot framework) has a command-echo vulnerability. In versions 1.5.0-test2-hotfix through 1.6.1, an unauthenticated user can abuse /echo to trigger privileged behavior by injecting platform tags, causing the bot to mention all chat members and bypassing permissions. The issue stem...

7.2CVSS7AI score0.00322EPSS

Exploits0References2

CNNVD•added 2022/06/22 12:0 a.m.•2 views

ERPNext 安全漏洞

ERPNext is an open source enterprise resource planning solution from ERPNext India. A security vulnerability exists in ERPNext versions v11.0.0-beta through v13.0.2, which stems from vulnerability to lack of authorization in chat room functionality, and can be exploited by an attacker to send a...

5.5CVSS5.6AI score0.00301EPSS

Exploits1References4

Positive Technologies•added 2022/06/22 12:0 a.m.•1 views

PT-2022-15815 · Erpnext · Erpnext

Name of the Vulnerable Software and Affected Versions: ERPNext versions v11.0.0-beta through v13.0.2 Description: The issue concerns missing authorization in the chat rooms functionality. A low-privileged attacker can send direct or group messages to any member or group, impersonating themselves ...

5.5CVSS6.2AI score0.00301EPSS

Exploits1References8