CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

72 matches found

ICS•added 2026/06/01 7:57 p.m.•9 views

DeepAI.org CSRF

RISK EVALUATION The DeepAI.org endpoint https://api.deepai.org/changeuseremail accepts POST requests without any CSRF protection. If a logged-in user is tricked into visiting a malicious HTML page, an attacker can change the user's email address to their own and take over the account via...

5CVSS5.8AI score0.00107EPSS

Exploits0References1

IBM Security Bulletins•added 2026/05/11 6:26 p.m.•18 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Missing Authorization and Other Issues (CVE-2026-34766 + 13 more)

Summary There are vulnerabilities in electron-37.8.0.tgz used in MongoDB Enterprised Advanced for IBM, involving 14 CVEs. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-34766 DESCRIPTION: Electron is a framework for writing cross-platform desktop applications using...

8.8CVSS6AI score0.00286EPSS

Exploits0Affected Software1

NVD•added 2026/03/06 10:16 p.m.•6 views

CVE-2026-25679

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...

7.5CVSS0.0052EPSS

Exploits0References4

Vulnrichment•added 2026/03/05 5:54 a.m.•4 views

CVE-2026-28100 WordPress UberSlider PerpetuumMobile plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup UberSlider PerpetuumMobile uberSliderperpetuummobile allows Reflected XSS.This issue affects UberSlider PerpetuumMobile: from n/a through = 2.3...

5.9AI score0.0018EPSS

Exploits0References1

OSV•added 2026/01/20 9:26 p.m.•5 views

PSF-2026-6

User-controlled header names and values containing newlines can allow injecting HTTP headers...

5.9CVSS5.4AI score0.00463EPSS

Exploits0References15

CNVD•added 2025/11/18 12:0 a.m.•3 views

Student Information System editprofile.php File Cross-Site Scripting Vulnerability

Student Information System is a student information system. A cross-site scripting vulnerability exists in the Student Information System, which originates from an unspecified function in the /editprofile.php file that improperly handles user input. An attacker can exploit this vulnerability by...

5.4CVSS4.3AI score0.00219EPSS

Exploits1References1

Cvelist•added 2025/10/22 2:32 p.m.•11 views

CVE-2025-52735 WordPress NextMove Lite plugin <= 2.24.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Reflected XSS.This issue affects NextMove Lite: from n/a through = 2.24.0...

7.1CVSS0.00283EPSS

Exploits0References1