CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

57 matches found

NVD•added 2026/05/08 5:16 a.m.•6 views

CVE-2023-42343

A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type...

6.1CVSS0.00194EPSS

Exploits0References1

OPENSUSE Linux•added 2026/04/24 12:0 a.m.•2 views

frr-10.5.1-3.1 on GA media (moderate)

frr-10.5.1-3.1 on GA media Announcement ID: openSUSE-SU-2026:10606-1 Rating: moderate Cross-References: CVE-2026-5107 CVSS scores: CVE-2026-5107 SUSE : 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2026-5107 SUSE : 2.3...

4.2CVSS4.7AI score0.00016EPSS

Exploits0

OSV•added 2026/04/23 12:0 a.m.•1 views

OPENSUSE-SU-2026:10606-1 frr-10.5.1-3.1 on GA media

These are all security issues fixed in the frr-10.5.1-3.1 package on the GA media of openSUSE Tumbleweed...

4.2CVSS4.7AI score0.00016EPSS

Exploits0References1

Patchstack•added 2026/03/31 10:55 a.m.•1 views

WordPress WooPayments plugin <= 10.5.1 - Missing Authorization to Unauthenticated Plugin Settings Update via save_upe_appearance_ajax vulnerability

Missing Authorization to Unauthenticated Plugin Settings Update via saveupeappearanceajax vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WooCommerce Payments versions = 10.5.1...

6.5CVSS5.9AI score0.00083EPSS

Exploits0References1Affected Software1

NVD•added 2026/03/31 5:16 a.m.•1 views

CVE-2026-1710

The WooPayments: Integrated WooCommerce Payments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveupeappearanceajax' function in all versions up to, and including, 10.5.1. This makes it possible for unauthenticated attackers to...

6.5CVSS0.00083EPSS

Exploits0References4

Debian CVE•added 2026/03/30 5:0 a.m.•2 views

CVE-2026-5107

A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function processtype2route of the file bgpd/bgpevpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to ha...

4.2CVSS4.2AI score0.00016EPSS

Exploits0

EUVD•added 2026/03/25 6:31 p.m.•0 views

EUVD-2026-15483

Incorrect privilege assignment vulnerability in HYPR Server allows Privilege Escalation.This issue affects HYPR Server: from 10.5.1 before 10.7...

8.8CVSS5.8AI score0.00018EPSS

Exploits0References2

NVD•added 2026/03/25 5:16 p.m.•0 views

CVE-2026-1712

Incorrect privilege assignment vulnerability in HYPR Server allows Privilege Escalation.This issue affects HYPR Server: from 10.5.1 before 10.7...

8.8CVSS0.00018EPSS

Exploits0References1

Vulnrichment•added 2026/03/25 4:56 p.m.•1 views

CVE-2026-1712

Incorrect privilege assignment vulnerability in HYPR Server allows Privilege Escalation.This issue affects HYPR Server: from 10.5.1 before 10.7...

8.8CVSS5.8AI score0.00018EPSS

Exploits0References1

Cvelist•added 2026/03/25 4:56 p.m.•21 views

CVE-2026-1712

Incorrect privilege assignment vulnerability in HYPR Server allows Privilege Escalation.This issue affects HYPR Server: from 10.5.1 before 10.7...

8.8CVSS0.00018EPSS

Exploits0References1

CVE•added 2026/03/25 4:56 p.m.•5 views

CVE-2026-1712

CVE-2026-1712 describes an incorrect privilege assignment in HYPR Server that enables privilege escalation. The issue affects HYPR Server versions starting at 10.5.1 and prior to 10.7, i.e., 10.5.1 through 10.6.x. The root cause is a faulty privilege allocation mechanism, leading to elevation of ...

8.8CVSS5.8AI score0.00018EPSS

Exploits0References1

Positive Technologies•added 2026/03/25 12:0 a.m.•1 views

PT-2026-28065

Incorrect privilege assignment vulnerability in HYPR Server allows Privilege Escalation.This issue affects HYPR Server: from 10.5.1 before 10.7...

8.8CVSS5.8AI score0.00018EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 12:40 p.m.•6 views

CVE-2023-43177

CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes...

9.8CVSS6.8AI score0.76055EPSS

Exploits7References1

SUSE CVE•added 2025/04/24 3:24 a.m.•1 views

SUSE CVE-2025-24839

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to prevent Wrangler posts from triggering AI responses. This vulnerability allows users without access to the AI bot to activate it by attaching the activateai override property to a post via the Wrangler plugin, provided...

4.3CVSS4AI score0.00169EPSS

Exploits0References3

SUSE CVE•added 2025/04/24 3:24 a.m.•0 views

SUSE CVE-2025-32093

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to restrict certain operations on system admins to only other system admins, which allows delegated granular administration users with the "Edit Other Users" permission to perform unauthorized modifications to system...

4.9CVSS6.9AI score0.00117EPSS

Exploits0References3

Patchstack•added 2024/08/30 12:0 a.m.•7 views

WordPress Booking Calendar Plugin <= 10.5 is vulnerable to Cross Site Scripting (XSS)

Software Booking Calendar Type Plugin Vulnerable versions = 10.5 Fixed in 10.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8274 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f7f6184bfbdf Credits David Gallagher...

6.1CVSS5.7AI score0.03266EPSS

Exploits0References3Affected Software1

CNNVD•added 2024/08/20 12:0 a.m.•1 views

Keyfactor Command 安全漏洞

Keyfactor Command is a PKI and machine identity automation application from Keyfactor. A security vulnerability exists in Keyfactor Command versions prior to 10.5.1 and prior to 11.5.1, which stems from susceptibility to SQL injection attacks that could lead to code execution and elevation of...

9.8CVSS8.3AI score0.00197EPSS

Exploits0References2