Search

Expected end of text, found '.' (at char 40), (line:1, col:41)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (326086 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-67290 1 Dotnetfoundation 1 Piranha Cms 2026-01-02 6.1 Medium
A stored cross-site scripting (XSS) vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field.
CVE-2025-67291 1 Dotnetfoundation 1 Piranha Cms 2026-01-02 6.1 Medium
A stored cross-site scripting (XSS) vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field.
CVE-2025-67418 2 Clipbucket, Oxygenz 2 Clipbucket, Clipbucket 2026-01-02 9.8 Critical
ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote attacker can log in to the administrative panel using these default credentials, resulting in full administrative control of the application.
CVE-2025-69277 2026-01-02 4.5 Medium
libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.
CVE-2025-67160 2026-01-02 N/A
An issue in Vatilon v1.12.37-20240124 allows attackers to access sensitive directories and files via a directory traversal.
CVE-2025-67159 2026-01-02 N/A
Vatilon v1.12.37-20240124 was discovered to transmit user credentials in plaintext.
CVE-2025-67158 2026-01-02 N/A
An authentication bypass in the /cgi-bin/jvsweb.cgi endpoint of Revotech I6032W-FHW v1.0.0014 - 20210517 allows attackers to access sensitive information and escalate privileges via a crafted HTTP request.
CVE-2025-35002 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-35001 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-35000 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34999 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34998 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34997 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34996 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34995 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34994 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34993 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34992 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34991 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34990 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.