CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/03/15 6:2 a.m.•34 views

CVE-2026-4169 Tecnick TCExam XML Export tce_xml_users.php F_xml_export_users cross site scripting

4.8CVSS0.00038EPSS

CVE•added 2026/03/15 6:2 a.m.•6 views

CVE-2026-4169

The CVE-2026-4169 entry describes a cross-site scripting vulnerability in Tecnick TCExam up to version 16.6.0, specifically in the XML Export component: the function F_xml_export_users inside admin/code/tce_xml_users.php. Exploitation requires manipulating input and is noted as remotely explorabl...

Vulnrichment•added 2026/03/15 6:2 a.m.•1 views

CVE-2026-4169 Tecnick TCExam XML Export tce_xml_users.php F_xml_export_users cross site scripting

ATTACKERKB•added 2026/03/15 6:2 a.m.•1 views

CVE-2026-4169

Exploits0References5Affected Software1

Positive Technologies•added 2026/03/15 12:0 a.m.•3 views

PT-2026-25542

A security flaw has been discovered in Tecnick TCExam up to 16.6.0. Affected is the function F xml export users of the file admin/code/tce xml users.php of the component XML Export. Performing a manipulation results in cross site scripting. Remote exploitation of the attack is possible. There are...

Vulnrichment•added 2026/02/21 6:38 a.m.•1 views

Exploits0References8

CVE-2026-27471 ERP: Document access through endpoints due to missing validation

ERP is a free and open source Enterprise Resource Planning tool. In versions up to 15.98.0 and 16.0.0-rc.1 and through 16.6.0, certain endpoints lacked access validation which allowed for unauthorized document access. This issue has been fixed in versions 15.98.1 and 16.6.1...

9.3CVSS5.2AI score0.00047EPSS

ATTACKERKB•added 2026/02/21 6:38 a.m.•4 views

CVE-2026-27471

9.3CVSS5.4AI score0.00047EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/01/10 1:6 a.m.•1 views

CVE-2026-22601 OpenProject is Vulnerable to Code Execution in E-Mail function

OpenProject is an open-source, web-based project management software. For OpenProject version 16.6.1 and below, a registered administrator can execute arbitrary command by configuring sendmail binary path and sending a test email. This issue has been patched in version 16.6.2...

8.6CVSS7.1AI score0.00108EPSS

Cvelist•added 2026/01/10 1:6 a.m.•23 views

CVE-2026-22601 OpenProject is Vulnerable to Code Execution in E-Mail function

8.6CVSS0.00108EPSS

RedhatCVE•added 2026/01/09 12:31 p.m.•5 views

CVE-2023-4658

An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the Allowed to merge permission as a guest user, when granted t...

3.1CVSS6.4AI score0.00055EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-57555

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00108EPSS

Tenable Nessus•added 2025/08/18 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2023-5226

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 befo...

7.5CVSS7.2AI score0.00108EPSS

Tenable Nessus•added 2024/05/06 12:0 a.m.•26 views

GitLab 16.4.3 < 16.4.4 / 16.5.3 < 16.5.4 / 16.6.1 < 16.6.2 (CVE-2023-6564)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, the...

6.5CVSS6.5AI score0.00026EPSS

Exploits0References3

OSV•added 2024/03/06 10:58 a.m.•22 views

BIT-GITLAB-2023-4658 Incorrect Authorization in GitLab

3.1CVSS3.6AI score0.00055EPSS

Exploits0References3

CNNVD•added 2024/02/08 12:0 a.m.•2 views

GitLab Enterprise Edition Security Vulnerability

GitLab Enterprise Edition EE is a content management system from GitLab, Inc. in the United States. A security vulnerability exists in GitLab Enterprise Edition Premium, Ultimate 16.4.3, 16.5.3, and 16.6.1 versions, which stems from a project that uses subgroups to define who can push or merge in...

6.5CVSS6.7AI score0.00026EPSS

Exploits0References1

Positive Technologies•added 2023/12/17 12:0 a.m.•2 views

PT-2023-26773 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 16.0 through 16.4.3 GitLab EE versions 16.5 through 16.5.3 GitLab EE versions 16.6 through 16.6.1 Description: A privilege escalation issue in GitLab EE allows a project Maintainer to use a Project Access Token to escalate...

8.8CVSS7.1AI score0.00026EPSS

Exploits0References11

Tenable Nessus•added 2023/12/07 12:0 a.m.•17 views

GitLab 10.5 < 16.4.3 / 16.5 < 16.5.3 / 16.6 < 16.6.1 (CVE-2023-4912)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions starting from 10.5 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was...

6.5CVSS6.4AI score0.0006EPSS

NVD•added 2023/12/01 7:15 a.m.•12 views

CVE-2023-3949

An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects' release descriptions via an atom endpoint...

5.3CVSS0.00108EPSS