CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-14499

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00468EPSS

Exploits1References3

RedhatCVE•added 2025/05/15 12:10 a.m.•11 views

CVE-2025-28055

upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file read vulnerabilit...

7.5CVSS7AI score0.00468EPSS

Exploits1References1

OSV•added 2025/05/13 4:15 p.m.•1 views

CVE-2025-28055

upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file read vulnerabilit...

7.5CVSS5.9AI score

Exploits0References2

NVD•added 2025/05/13 4:15 p.m.•11 views

CVE-2025-28055

upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file read vulnerabilit...

7.5CVSS0.00468EPSS

Exploits1References2

Vulnrichment•added 2025/05/13 12:0 a.m.•6 views

CVE-2025-28055

upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file read vulnerabilit...

7.6AI score0.00468EPSS

Exploits1References2

CVE•added 2025/05/13 12:0 a.m.•34 views

CVE-2025-28055

The CVE-2025-28055 entry concerns upset-gal-web v7.1.0, where the /api/music/v1/cover.ts endpoint is vulnerable to an arbitrary file read. CVSSv3.1 base score 7.5 (HIGH) with network access, no privileges, no user interaction required; impact limited to confidentiality. The root cause details are...

7.5CVSS6.7AI score0.00468EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2025/05/13 12:0 a.m.•2 views

PT-2025-20918 · Unknown · Upset-Gal-Web

Name of the Vulnerable Software and Affected Versions: upset-gal-web version 7.1.0 Description: The issue concerns an arbitrary file read. It affects the /api/music/v1/cover.ts endpoint. Recommendations: For version 7.1.0, consider restricting access to the /api/music/v1/cover.ts endpoint until a...

7.5CVSS6.6AI score0.00468EPSS

Exploits1References5