CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9472 matches found

Cvelist•added 2025/10/16 5:0 p.m.•6 views

CVE-2025-61789 Icinga DB Web hidden/protected custom variables are prone to filter enumeration

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...

5.3CVSS0.00035EPSS

Exploits0References2

CNNVD•added 2025/10/16 12:0 a.m.•6 views

Icinga DB Web 安全漏洞

Icinga DB Web is an Icinga open source graphical interface to the Icinga DB database. A security vulnerability exists in Icinga DB Web versions prior to 1.1.4 and prior to 1.2.3, which originates from an authorized user being able to guess the value of a protected or hidden variable via a custom...

6.5CVSS6.3AI score0.00035EPSS

Exploits0References2

OSV•added 2025/10/15 5:56 p.m.•2 views

GHSA-RFH5-C9H5-Q8JM reflex-dev/reflex has an Open Redirect vulnerability

Mitigation Make sure GITHUBCODESPACESPORTFORWARDINGDOMAIN is not set in a production environment. So the following is correct: assert os.getenv"GITHUBCODESPACESPORTFORWARDINGDOMAIN" is None Vulnerability Description --- Vulnerability Overview - When the GET /auth-codespace page loads in a GitHub...

3.1CVSS7.3AI score0.00059EPSS

Exploits0References6

EUVD•added 2025/10/15 3:30 p.m.•4 views

EUVD-2025-34631

When the database variable tm.tcpudptxchecksum is configured as non-default value Software-only on a BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.2CVSS6.3AI score0.00087EPSS

Exploits0References2

Vulnrichment•added 2025/10/15 1:55 p.m.•2 views

CVE-2025-58096 BIG-IP TMM vulnerability

8.2CVSS6.4AI score0.00087EPSS

Exploits0References1

OSV•added 2025/10/09 3:26 p.m.•1 views

GHSA-365G-VJW2-GRX8 n8n: Execute Command Node Allows Authenticated Users to Run Arbitrary Commands on Host

Impact The Execute Command node in n8n allows execution of arbitrary commands on the host system where n8n runs. While this functionality is intended for advanced automation and can be useful in certain workflows, it poses a security risk if all users with access to the n8n instance are not fully...

8.8CVSS6.2AI score

Exploits0References2

Snyk•added 2025/10/09 3:26 p.m.•2 views

Command Injection

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Command Injection via the Execute Command node. An attacker can execute arbitrary commands on the host system by leveraging access to an authenticated user account, potentially leading to data...

8.8CVSS8AI score

Exploits0References2

Snyk•added 2025/10/09 3:26 p.m.•1 views

Command Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Command Injection via the Execute Command node. An attacker can execute arbitrary commands on the host system by leveraging access to an authenticated user account, potentially leading to data...

8.8CVSS7.9AI score

Exploits0References2

Github Security Blog•added 2025/10/08 11:32 p.m.•6 views

Keycloak Potential Variable Reference in Model Storage Services

A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process allows for injection attacks when crafted realm documents are...

4.9CVSS6.9AI score0.00038EPSS

Exploits0References12Affected Software1

EUVD•added 2025/10/08 12:32 a.m.•4 views

EUVD-2025-31861

A vulnerability was detected in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/editorderdetails.php. The manipulation of the argument orderid results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...

7.5CVSS7.3AI score0.00043EPSS

Exploits1References7

Tenable Nessus•added 2025/10/08 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2025-11226

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacke...

5.9CVSS8.6AI score0.00062EPSS

Exploits0References2

RedhatCVE•added 2025/10/07 5:35 p.m.•1 views

CVE-2025-10547

An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption...

8.8CVSS6.9AI score0.00066EPSS

Exploits0References1

RedhatCVE•added 2025/10/07 4:27 p.m.•3 views

CVE-2025-59159

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. In versions prior to 1.13.4, the web user interface for SillyTavern is susceptible to DNS rebinding, allowing...

9.6CVSS6.4AI score0.00009EPSS

Exploits0References1

Debian CVE•added 2025/10/07 3:19 p.m.•2 views

CVE-2023-53624

In the Linux kernel, the following vulnerability has been resolved: net/sched: schfq: fix integer overflow of "credit" if schfq is configured with "initial quantum" having values greater than INTMAX, the first assignment of "credit" does signed integer overflow to a very negative value. In this...

5.5CVSS5.3AI score0.00017EPSS

Exploits0

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2007-0969

Malware in sbrugna...

5CVSS6.4AI score0.00458EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-17333

Malware in sbrugna...

8.8CVSS8.7AI score0.00337EPSS

Exploits1References3