CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

Snyk•added 2026/05/27 10:34 p.m.•5 views

Incorrect Authorization

Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to Incorrect Authorization through inconsistent authorization checks between the report listing and detail retrieval endpoints. An attacker can access sensitiv...

7.1CVSS5.8AI score

Exploits0References2

Snyk•added 2026/05/27 12:35 a.m.•6 views

SQL Injection

Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to SQL Injection in the columnConfigAction process. An attacker can access and manipulate sensitive database information, as well as modify or delete data, by...

8.7CVSS5.9AI score

Exploits0References2

Snyk•added 2026/03/27 2:24 p.m.•0 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the sqlExpressions feature. An attacker can execute unauthorized commands on the system by chaining SQL Expressions with plugin functionality. Remediation Upgrade github.com/grafana/grafana/pkg/expr/sql to version...

9.1CVSS6AI score0.00186EPSS

Exploits0References2

NVD•added 2026/03/25 3:16 p.m.•1 views

CVE-2026-33268

Nanoleaf Lines 12.3.2 does not authenticate firmware file uploads. A remote, unauthenticated attacker can upload firmware files on the device and consume storage resources. Fixed in 12.3.6...

6.9CVSS0.00096EPSS

Exploits0References3

ATTACKERKB•added 2026/03/25 2:21 p.m.•2 views

CVE-2026-33268

Nanoleaf Lines 12.3.2 does not authenticate firmware file uploads. A remote, unauthenticated attacker can upload firmware files on the device and consume storage resources. Fixed in 12.3.6...

6.9CVSS5.8AI score0.00096EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/03/25 12:0 a.m.•2 views

PT-2026-27782

Name of the Vulnerable Software and Affected Versions Nanoleaf Lines versions 12.3.2 through 12.3.5 Description Nanoleaf Lines does not properly authenticate firmware file uploads. This allows a remote, unauthenticated attacker to upload firmware files to the device, potentially consuming storage...

6.9CVSS5.8AI score0.00096EPSS

Exploits0References6

ICS•added 2026/03/25 12:0 a.m.•3 views

Nanoleaf Lines unauthenticated firmware file store

RISK EVALUATION Nanoleaf Lines 12.3.2 does not authenticate firmware file uploads. A remote, unauthenticated attacker can upload firmware files on the device and consume storage resources. 2. RECOMMENDED PRACTICES Update to 12.3.6. 3. DESCRIPTION Nanoleaf Lines 12.3.2 does not authenticate...

6.9CVSS5.9AI score0.00096EPSS

Exploits0References1

OSV•added 2024/11/04 5:15 a.m.•9 views

CVE-2024-10761

A vulnerability was found in Umbraco CMS up to 10.7.7/12.3.6/13.5.2/14.3.1/15.1.1. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. It is...

6.9CVSS4.2AI score

Exploits0References5

Prion•added 2020/01/05 10:15 p.m.•14 views

Design/Logic Flaw

GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits...

5CVSS7.5AI score0.00255EPSS

Exploits0References3Affected Software1

OSV•added 2020/01/03 4:15 p.m.•14 views

CVE-2019-19311

GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields...

5.4CVSS5.8AI score

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by