CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

859 matches found

RedhatCVE•added 2025/10/23 3:13 p.m.•4 views

CVE-2025-62526

OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, ubusd contains a heap buffer overflow in the event registration parsing code. This allows an attacker to modify the head and potentially execute arbitrary code in the context of the ubus daemon. The...

7.9CVSS8AI score0.00243EPSS

Exploits0References1

Vulnrichment•added 2025/10/22 12:28 p.m.•2 views

CVE-2025-11411 Possible domain hijacking via promiscuous records in the authority section

NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are...

7.1CVSS6AI score0.00311EPSS

Exploits0References1

Cvelist•added 2025/10/20 7:57 p.m.•16 views

CVE-2025-62522 vite allows server.fs.deny bypass via backslash on Windows

Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0 to before 6.4.1, 7.0.0 to before 7.0.8, and 7.1.0 to before 7.1.11, files denied by server.fs.deny were sent if the URL ended...

6CVSS0.01031EPSS

Exploits0References2

OSV•added 2025/10/10 10:15 p.m.•3 views

DEBIAN-CVE-2025-61912

python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, ldap.dn.escapednchars escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to...

5.3CVSS5.6AI score0.00418EPSS

Exploits1References1

Vulnrichment•added 2025/10/09 8:57 p.m.•3 views

CVE-2025-61783 Python Social Auth - Django has unsafe account association

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service doe...

6.3CVSS6.5AI score0.00521EPSS

Exploits0References6

Positive Technologies•added 2025/10/09 12:0 a.m.•4 views

PT-2025-41449

Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev91 Description pyLoad is a free and open-source download manager written in Python. Versions prior to 0.5.0b3.dev91 have insufficient input validation in the web interface, specifically in the Captcha script...

8.1CVSS6.9AI score0.00379EPSS

Exploits0References8