CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

148 matches found

OSV•added 2026/05/28 8:59 a.m.•5 views

OSEC-2026-09 Albatross-console memory exhaustion

Albatross-console doesn't properly terminate when looping over the ringbuffer. This leads to denial of service and memory exhaustion. Scenario A user that has access to albatross-console either via the unix domain socket requires root:albatross by default or via albatross-tls-endpoint requires a...

7.1CVSS5.9AI score

Exploits0References1

RedhatCVE•added 2026/02/18 1:41 a.m.•4 views

CVE-2025-70829

An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string...

5.7CVSS5.5AI score0.00046EPSS

Exploits1References1

Positive Technologies•added 2025/12/24 12:0 a.m.•2 views

PT-2025-53605

Name of the Vulnerable Software and Affected Versions n8n versions 1.0.0 through less than 2.0.0 Description n8n is an open source workflow automation platform. A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide, affecting versions from 1.0.0 up to, but not including,...

9.9CVSS7.8AI score0.00035EPSS

Exploits4References82

OSV•added 2025/12/16 4:15 p.m.•0 views

CVE-2025-65427

An issue was discovered in Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router on firmware version V1.0.0 does not implement rate limiting to /api/login allowing attackers to brute force password enumerations...

6.5CVSS5.8AI score0.00057EPSS

Exploits1References3

NVD•added 2025/12/04 4:16 p.m.•4 views

CVE-2025-57212

Incorrect access control in the component ApiOrderService.java of platform v1.0.0 allows attackers to access sensitive information via a crafted request...

7.5CVSS0.00041EPSS

Exploits0References2

Cvelist•added 2025/12/04 12:0 a.m.•17 views

CVE-2025-57212

Incorrect access control in the component ApiOrderService.java of platform v1.0.0 allows attackers to access sensitive information via a crafted request...

0.00041EPSS

Exploits0References2

CVE•added 2025/12/04 12:0 a.m.•7 views

CVE-2025-57213

CVE-2025-57213 affects platform v1.0.0. The vulnerability arises from incorrect access control in the component orderService.queryObject, enabling an attacker to access sensitive information via a crafted request. Current documents do not specify the affected software family beyond platform v1.0....

7.5CVSS6.1AI score0.00041EPSS

Exploits0References2Affected Software1

Cvelist•added 2025/12/04 12:0 a.m.•15 views

CVE-2025-57213

Incorrect access control in the component orderService.queryObject of platform v1.0.0 allows attackers to access sensitive information via a crafted request...

0.00041EPSS

Exploits0References2

CVE•added 2025/11/25 7:28 a.m.•14 views

CVE-2025-12525

CVE-2025-12525 affects the WordPress plugin Locker Content (version 1.0.0 and earlier). The vulnerability arises from the lockerco_submit_post AJAX endpoint, which allows unauthenticated attackers to perform an information disclosure by extracting content from posts protected by the plugin. Accor...

5.3CVSS6AI score0.00046EPSS

Exploits0References3

Vulnrichment•added 2025/09/30 12:0 a.m.•0 views

CVE-2025-56392

An Insecure Direct Object Reference IDOR in the /dashboard/notes endpoint of Syaqui Collegetivity v1.0.0 allows attackers to impersonate other users and perform arbitrary operations via a crafted POST request...

6.5AI score0.00044EPSS

Exploits1References2

RedhatCVE•added 2025/05/23 9:55 a.m.•2 views

CVE-2024-28425

greykite v1.0.0 was discovered to contain an arbitrary file upload vulnerability in the loadobj function at /templates/pickleutils.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file...

7.5CVSS7.8AI score0.00101EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:43 p.m.•6 views

CVE-2022-34025

Vesta v1.0.0-5 was discovered to contain a cross-site scripting XSS vulnerability via the post function at /web/api/v1/upload/UploadHandler.php...

6.1CVSS6.2AI score0.0023EPSS

Exploits1References1

CNNVD•added 2025/05/09 12:0 a.m.•1 views

Victure RX1800 安全漏洞

The Victure RX1800 is a wireless router from Victure. A security vulnerability exists in the Victure RX1800 ENV1.0.0r12110933 version that stems from the presence of command injection...

8.8CVSS7AI score0.00436EPSS

Exploits0References2

CVE•added 2025/05/05 12:0 a.m.•47 views

CVE-2025-45609

CVE-2025-45609 affects the Kob project (latest v1.0.0-SNAPSHOT). The root cause is improper access control in the doFilter() function, enabling an attacker to access sensitive information via a crafted payload. The NVD entry lists a CVSSv3.1 base score of 7.5 (HIGH) with Network attack vector, Lo...

7.5CVSS6.1AI score0.00306EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2025/05/05 12:0 a.m.•6 views

CVE-2025-45609

Incorrect access control in the doFilter function of kob latest v1.0.0-SNAPSHOT allows attackers to access sensitive information via a crafted payload...

6.4AI score0.00306EPSS

Exploits1References1

Cvelist•added 2025/05/05 12:0 a.m.•8 views

CVE-2025-45609

Incorrect access control in the doFilter function of kob latest v1.0.0-SNAPSHOT allows attackers to access sensitive information via a crafted payload...

0.00306EPSS

Exploits1References1

Cvelist•added 2024/12/04 12:0 a.m.•19 views

CVE-2024-52676

Itsourcecode Online Discussion Forum Project v.1.0.0 is vulnerable to Cross Site Scripting XSS via /bccforum/members/home.php...

0.00155EPSS

Exploits1References1

NVD•added 2024/10/28 8:15 p.m.•13 views

CVE-2024-48178

newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery SSRF via the goodsCoverImg parameter...

8.1CVSS0.00118EPSS

Exploits1References1