CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

vulnersOsv•added 2025/12/01 8:44 p.m.•5 views

@bgord/bun (>=1.0.2 <=1.2.4), @devix-tecnologia/utils-ts (=1.0.0) +38 more potentially affected by CVE-2025-14874 via nodemailer (=7.0.10)

nodemailer NPM version =7.0.10 is affected by a known vulnerability. The following packages have a transitive dependency on nodemailer and may be impacted: - @bgord/bun =1.0.2, =32.0.0, =4.0.1, =4.9.5, =8.0.1, =8.0.2, =11.3.0, =5.8.38, =1.9.0, =2.1.6, =1.8.0, =0.3.2, =2.17.15 and more Source cves...

7.5CVSS7AI score0.00219EPSS

Exploits1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-8212

Malware in sbrugna...

8.8CVSS8.8AI score0.00138EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-17254

Malicious code in bioql PyPI...

7.6CVSS7.6AI score0.00213EPSS

Tenable Nessus•added 2025/08/21 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2023-22018

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.46 and Prior t...

8.1CVSS7.2AI score0.00845EPSS

NVD•added 2025/06/06 1:15 p.m.•2 views

CVE-2025-49315

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows SQL Injection.This issue affects Persian Woocommerce SMS: from n/a through = 7.0.10...

7.6CVSS0.00213EPSS

Cvelist•added 2025/06/06 12:53 p.m.•10 views

CVE-2025-49315 WordPress Persian Woocommerce SMS plugin <= 7.0.10 - SQL Injection Vulnerability

7.6CVSS0.00213EPSS

RedhatCVE•added 2025/02/05 8:25 a.m.•5 views

CVE-2024-47614

async-graphql is a GraphQL server library implemented in Rust. async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation. This vulnerability is fixed in 7.0.10...

7.5CVSS6.7AI score0.00325EPSS

OSV•added 2025/01/14 2:15 p.m.•1 views

CVE-2024-23106

An improper restriction of excessive authentication attempts CWE-307 in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack against the FortiClientEMS console via crafted HTTP or HTTPS requests...

9.8CVSS5.8AI score

Positive Technologies•added 2024/11/12 12:0 a.m.•2 views

PT-2024-8517 · Fortinet · Forticlient

Name of the Vulnerable Software and Affected Versions: FortiClient MacOS versions 7.4.0, 7.2.4 and below, 7.0.10 and below, 6.4.10 and below Description: The issue is related to an improper verification of cryptographic signature, which may allow a local authenticated attacker to swap the install...

7.5CVSS6.6AI score0.00034EPSS

NVD•added 2024/11/06 9:15 p.m.•10 views

CVE-2024-50341

symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom userchecker defined on a firewall is not called when Login Programmaticaly with the Security::login method, leading to...

3.1CVSS0.00145EPSS

OSV•added 2024/08/22 7:42 p.m.•21 views

BIT-VALKEY-2023-28425 Specially crafted MSETNX command can lead to denial-of-service

Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10...

5.5CVSS5.5AI score0.45293EPSS

OSV•added 2024/08/22 7:24 p.m.•15 views

BIT-KEYDB-2023-28425 Specially crafted MSETNX command can lead to denial-of-service

5.5CVSS5.5AI score0.45293EPSS

Packet Storm•added 2024/04/23 12:0 a.m.•466 views

FortiNet FortiClient EMS 7.2.2 / 7.0.10 SQL Injection / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FortiNet FortiClient Endpoint Management Server FCTID SQLi to RCE', 'Description' = %q An SQLi injection vulnerability exists in FortiNet...

9.8CVSS9.9AI score0.94078EPSS

Exploits4

OSV•added 2024/03/06 11:4 a.m.•23 views

BIT-REDIS-2023-28425 Specially crafted MSETNX command can lead to denial-of-service

5.5CVSS5.5AI score0.45293EPSS

OSV•added 2023/05/18 8:15 p.m.•0 views

PYSEC-2023-73

redis-7.0.10 was discovered to contain a segmentation violation...

5.9AI score

Positive Technologies•added 2023/05/18 12:0 a.m.•1 views

PT-2023-36083 · Redis · Redis

Name of the Vulnerable Software and Affected Versions: redis version 7.0.10 Description: A segmentation violation was discovered in the software. Recommendations: For redis version 7.0.10, at the moment, there is no information about a newer version that contains a fix for this issue...

7AI score