CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Summary IBM Cloud Pak for Data System 1.0 CPDS 1.0 includes multiple third-party components that are affected by various security vulnerabilities. These vulnerabilities include integer overflow issues in GLib leading to heap corruption and denial of service, a write-what-where condition in the...

9.8CVSS7.4AI score0.26337EPSS

Exploits30Affected Software1

GithubExploit•added 4 hours ago•13 views

Exploit for Uncontrolled Resource Consumption in Solarwinds Serv-U

CVE-2026-28318 — SolarWinds Serv-U "Content-Encoding: deflate"...

7.5CVSS6.5AI score0.06678EPSS

Exploits1

Nuclei•added 6 hours ago•24 views

Zhiyuan OA Platform - Arbitrary File Upload

An arbitrary file upload vulnerability exists in the Zhiyuan OA platform 5.0, 5.1 - 5.6sp1, 6.0 - 6.1sp2, 7.0, 7.0sp1 - 7.1, 7.1sp1, and 8.0 - 8.0sp2 via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing...

10CVSS6.4AI score0.09679EPSS

Exploits3References2

Nuclei•added 6 hours ago•100 views

Jms Blog - SQL Injection

The module Jms Blog jmsblog from Joommasters contains a Time Based SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joommasters PrestaShop themes id: CVE-2023-27034 info: name: Jms Blog - SQL Injection author: MaStErChO severity: critical...

9.8CVSS7.9AI score0.90497EPSS

Exploits0References5

Nuclei•added 6 hours ago•16 views

Oracle E-Business Suite - Server-Side Request Forgery

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite component: Runtime UI. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. id:...

7.5CVSS7.5AI score0.51081EPSS

Exploits6References5

Nuclei•added 6 hours ago•6 views

DataEase < 2.10.10 - JWT Authentication Bypass

DataEase 2.10.10 contains a broken authentication caused by ineffective secret verification, letting users forge JWT tokens, exploit requires no special privileges. id: CVE-2025-49001 info: name: DataEase 2.10.10 - JWT Authentication Bypass author: YunSeoJo,aryu-ru severity: critical description:...

9.8CVSS5.4AI score0.07369EPSS

Exploits0References3

Nuclei•added 6 hours ago•10 views

Apache Tomcat Tribes EncryptInterceptor Bypass - Remote Code Execution

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. id: CVE-2026-34486 info: name: Apache Tomcat Tribes EncryptInterceptor Bypass - Remote...

7.5CVSS7.4AI score0.12919EPSS

Exploits5References3

Nuclei•added 6 hours ago•10 views

Avid NEXIS Agent - Arbitrary File Read

Avid NEXIS E-series, F-series, PRO+, and System Director Appliance SDA+ before 2025.5.1 contain an unauthenticated arbitrary file read caused by improper validation of the filename parameter, letting unauthenticated attackers read sensitive files, exploit requires no authentication. id:...

8.7CVSS7.9AI score0.01204EPSS

Exploits0References3

Nuclei•added 6 hours ago•54 views

Oracle E-Business Suite - Blind SSRF

Oracle E-Business Suite, Application Management Pack component User Monitoring subcomponent, is susceptible to blind server-side request forgery. An attacker with network access via HTTP can gain read access to a subset of data, connect to internal services like HTTP-enabled databases, or perform...

5.3CVSS6.2AI score0.68033EPSS

Exploits0References5

Nuclei•added 6 hours ago•24 views

bloofoxCMS v0.5.2.1 - SQL Injection

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit. id: CVE-2023-34752 info: name: bloofoxCMS v0.5.2.1 - SQL Injection author: theamanrawat severity: critical description: | bloofox v0.5.2.1 was...

9.8CVSS7.9AI score0.30198EPSS

Exploits1References5

Nuclei•added 6 hours ago•34 views

WordPress WP-Advanced-Search <= 3.3.9 - SQL Injection

The WordPress WP-Advanced-Search plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

9.8CVSS5.7AI score0.8312EPSS

Exploits4References3

Nuclei•added 6 hours ago•17 views

Güralp MAN-EAM-0003 3.2.4 - XML External Entity (XXE)

cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity XXE issue via XML file upload, which leads to local file disclosure. id: CVE-2022-38840 info: name: Güralp MAN-EAM-0003 3.2.4 - XML External Entity XXE author: daffainfo severity: high description: |...

7.5CVSS7.1AI score0.60091EPSS

Exploits4References2

Nuclei•added 6 hours ago•16 views

Canon Devices - Authentication Bypass in Catwalk Server

Certain Canon devices manufactured in 2012 through 2020 such as imageRUNNER ADVANCE iR-ADV C5250, when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker. For...

7.5CVSS7.2AI score0.08903EPSS

Exploits1References3

Nuclei•added 6 hours ago•16 views

SysAid On-Prem <= 23.3.40 - XML External Entity

SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives. id: CVE-2025-2777 info: name: SysAid On-Prem = 23.3.40 - XML External Entity...

9.8CVSS8.1AI score0.23107EPSS

Exploits1References2

Nuclei•added 6 hours ago•46 views

Microweber <1.2.11 - Stored Cross-Site Scripting

Microweber before 1.2.1 contains multiple stored cross-site scripting vulnerabilities in Shop's Other Settings, Autorespond E-mail Settings, and Payment Methods. id: CVE-2022-0954 info: name: Microweber 1.2.11 - Stored Cross-Site Scripting author: amit-jd severity: medium description: | Microwebe...

6.8CVSS6.1AI score0.04258EPSS

Exploits1References5

Nuclei•added 6 hours ago•21 views

Ametys CMS Information Disclosure

Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml and similar pathnames for other languages via the auto-completion plugin, which contain all characters typed by all users, including the content of...

5.3CVSS6AI score0.87164EPSS

Exploits2References5

Nuclei•added 6 hours ago•19 views

qdPM 9.1 - Cross-site Scripting

qdPM 9.1 suffers from Cross-site Scripting XSS in the searchkeywords parameter. id: CVE-2019-8390 info: name: qdPM 9.1 - Cross-site Scripting author: theamanrawat severity: medium description: | qdPM 9.1 suffers from Cross-site Scripting XSS in the searchkeywords parameter. impact: | Successful...

6.1CVSS6.3AI score0.01939EPSS

Exploits5References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by