CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating 'Multi-User Mode'. By sending a specially crafted curl request with the 'multiusermode' parameter set to false, an attacker can deactivate 'Multi-User Mode'. This acti...

7.2CVSS7AI score0.00778EPSS

Exploits1References1

NVD•added 2025/04/15 10:15 p.m.•5 views

CVE-2025-27561

Unauthenticated attackers can rename "rooms" of arbitrary users...

6.9CVSS0.00238EPSS

Exploits0References1

Vulnrichment•added 2022/08/24 7:43 p.m.•3 views

CVE-2018-14520

An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages...

5.3AI score0.0056EPSS

Exploits1References2

Cvelist•added 2022/03/07 8:16 a.m.•27 views

CVE-2022-0442 UsersWP < 1.2.3.1 - Subscriber+ User Avatar Override

The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar...

4.9AI score0.00644EPSS

Exploits2References1

NVD•added 2003/12/31 5:0 a.m.•21 views

CVE-2003-1167

misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program...

7.2CVSS6.2AI score0.01005EPSS

Exploits1References5

Cvelist•added 1976/01/01 12:0 a.m.•12 views

CVE-2017-1063

...

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by