CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

48 matches found

The Hacker News•added 2026/06/01 11:54 a.m.•29 views

China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan

A new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic and Taiwan to deliver an AdaptixC2 agent. According to Seqrite Labs, targets of the campaign include government, research, academic, technology, and financial...

6.1AI score

Exploits0

Tenable Nessus•added 2026/03/28 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2025-59031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip- style attachments. Attacker can use specially crafted...

4.3CVSS5.8AI score0.00283EPSS

Exploits0References3

NVD•added 2026/03/27 9:16 a.m.•2 views

CVE-2025-59031

Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided...

4.3CVSS0.00283EPSS

Exploits0References1

OSV•added 2026/03/27 9:16 a.m.•0 views

ALPINE-CVE-2025-59031

4.3CVSS5.8AI score0.00283EPSS

Exploits0References1

ATTACKERKB•added 2026/03/27 8:10 a.m.•9 views

CVE-2025-59031

4.3CVSS5.8AI score0.00283EPSS

Exploits0References2

Cvelist•added 2026/03/27 8:10 a.m.•30 views

CVE-2025-59031

4.3CVSS0.00283EPSS

Exploits0References1

AlpineLinux•added 2026/03/27 8:10 a.m.•2 views

CVE-2025-59031

4.3CVSS5.8AI score0.00283EPSS

Exploits0References1

CVE•added 2026/03/27 8:10 a.m.•25 views

CVE-2025-59031

Summary of CVE-2025-59031 (Dovecot) : A script provided by Dovecot for text conversion mishandles zip-style attachments. This can allow an attacker to craft OOXML documents that cause unintended files to be indexed and end up in full-text search (FTS) indexes. The underlying impact is limited to ...

4.3CVSS5.8AI score0.00283EPSS

Exploits0References1Affected Software2

OSV•added 2026/03/27 12:0 a.m.•3 views

UBUNTU-CVE-2025-59031

4.3CVSS5.8AI score0.00283EPSS

Exploits0References3

Cvelist•added 2026/03/04 8:48 a.m.•34 views

CVE-2026-27442 zip_attachments Path Traversal

The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly check attachment filenames in GINA-encrypted emails, allowing an attacker to access files on the gateway...

9.3CVSS0.0042EPSS

Exploits0References1

CVE•added 2026/03/04 8:48 a.m.•14 views

CVE-2026-27442

The SEPPmail Secure Email Gateway’s GINA web interface (pre-15.0.1) has a vulnerability where attachment filenames in GINA-encrypted emails are not properly validated, allowing an attacker to access files stored on the gateway. Affected product: SEPPmail Secure Email Gateway, component: GINA web ...

9.3CVSS6AI score0.0042EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/10/16 8:33 a.m.•2 views

CVE-2025-11701

The Zip Attachments plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check as well as missing post status validation in the zacreatezipcallback function in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to...

5.3CVSS5.4AI score0.00261EPSS

Exploits0References1

RedhatCVE•added 2025/10/16 8:33 a.m.•3 views

CVE-2025-11692

The Zip Attachments plugin for WordPress is vulnerable to unauthorized loss of data due to a missing authorization and capability checks on the download.php file in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to delete arbitrary files from the...

5.3CVSS5.6AI score0.00219EPSS

Exploits0References1

NVD•added 2025/10/15 9:15 a.m.•4 views

CVE-2025-11692

5.3CVSS0.00219EPSS

Exploits0References2

NVD•added 2025/10/15 9:15 a.m.•7 views

CVE-2025-11701

5.3CVSS0.00261EPSS

Exploits0References3

CVE•added 2025/10/15 8:26 a.m.•13 views

CVE-2025-11701

CVE-2025-11701 refers to the WordPress plugin Zip Attachments (versions

5.3CVSS5.1AI score0.00261EPSS

Exploits0References3

Cvelist•added 2025/10/15 8:26 a.m.•6 views

CVE-2025-11701 Zip Attachments <= 1.6 - Missing Authorization to Unauthenticated Private And Password-Protected Posts Attachment Disclosure

5.3CVSS0.00261EPSS

Exploits0References3

Vulnrichment•added 2025/10/15 8:26 a.m.•2 views

CVE-2025-11701 Zip Attachments <= 1.6 - Missing Authorization to Unauthenticated Private And Password-Protected Posts Attachment Disclosure

5.3CVSS5.1AI score0.00261EPSS

Exploits0References3

EUVD•added 2025/10/15 8:26 a.m.•2 views

EUVD-2025-34537

5.3CVSS5AI score0.00261EPSS

Exploits0References4

CVE•added 2025/10/15 8:25 a.m.•15 views

CVE-2025-11692

CVE-2025-11692 affects the Zip Attachments WordPress plugin (versions up to 1.6). The vulnerability is due to missing authorization/capability checks on download.php, enabling unauthenticated attackers to delete arbitrary files in the wp_upload_dir. Connected sources (Wordfence, NVD, CVE records)...

5.3CVSS5.2AI score0.00219EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by