CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

114 matches found

OSV•added 6 days ago•4 views

MINI-2435-QG94-MHRX

Bulletin has no description...

5.7AI score

Exploits0

RedhatCVE•added 2026/02/21 1:30 a.m.•2 views

CVE-2026-2435

Tanium addressed a SQL injection vulnerability in Asset...

8.8CVSS5.7AI score0.00015EPSS

Exploits0References1

OSV•added 2026/02/20 12:16 a.m.•1 views

CVE-2026-2435

Tanium addressed a SQL injection vulnerability in Asset...

8.8CVSS5.8AI score

Exploits0References1

NVD•added 2026/02/20 12:16 a.m.•3 views

CVE-2026-2435

Tanium addressed a SQL injection vulnerability in Asset...

8.8CVSS0.00015EPSS

Exploits0References1

Vulnrichment•added 2026/02/19 11:9 p.m.•0 views

CVE-2026-2435 ASSET-7706

Tanium addressed a SQL injection vulnerability in Asset...

6.3CVSS6AI score0.00015EPSS

Exploits0References1

CVE•added 2026/02/19 11:9 p.m.•8 views

CVE-2026-2435

Technical details (affected product/version, root cause, payload, fixes) are not publicly provided in the supplied documents. Monitor for updates from Tanium for CVE-2026-2435.

8.8CVSS5.8AI score0.00015EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/02/19 11:9 p.m.•19 views

CVE-2026-2435 ASSET-7706

Tanium addressed a SQL injection vulnerability in Asset...

6.3CVSS0.00015EPSS

Exploits0References1

EUVD•added 2026/01/14 12:0 a.m.•2 views

EUVD-2026-2435

Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the tag parameter...

6.1CVSS6AI score0.00159EPSS

Exploits0References3

RedhatCVE•added 2026/01/07 9:13 a.m.•3 views

CVE-2024-2435

For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. The XSS is in the timeline page displaying the workflow execution details of the workflow that was sent the crafted signal. Access...

4.3CVSS4.3AI score0.00102EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 7:21 p.m.•5 views

CVE-2021-2435

Vulnerability in the Essbase Analytic Provider Services product of Oracle Essbase component: JAPI. The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Analytic Provider Services...

8.1CVSS7AI score0.01818EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 12:12 p.m.•7 views

CVE-2012-2435

Directory traversal vulnerability in the captcha module in Pligg CMS before 1.2.2 allows remote authenticated users to include and execute arbitrary local files via a .. dot dot in the captcha parameter to module.php, as demonstrated by cross-site request forgery CSRF attacks...

6.5CVSS7.1AI score0.00388EPSS

Exploits3References1

OSV•added 2024/04/02 5:15 p.m.•2 views

CVE-2024-2435

4.3CVSS6.1AI score

Exploits0References1

Chainguard•added 2024/04/02 5:15 p.m.•17 views

CVE-2024-2435 vulnerabilities

Vulnerabilities for packages: temporal-fips, temporal...

4.3CVSS5.8AI score0.00102EPSS

Exploits0

CVE•added 2024/04/02 4:40 p.m.•306 views

CVE-2024-2435

This CVE affects Temporal UI Server (github.com/temporalio/ui-server). The vulnerability is an XSS in the timeline page that displays workflow execution details, triggered when an attacker sends a signal to a workflow with a crafted signal name. The root cause is insufficient sanitization of the ...

4.3CVSS4.2AI score0.00102EPSS

Exploits0References1

Cvelist•added 2024/04/02 4:40 p.m.•14 views

CVE-2024-2435 Stored XSS in Timeline View

4.3CVSS4.6AI score0.00102EPSS

Exploits0References1

Oracle linux•added 2023/12/19 12:0 a.m.•34 views

glibc security update

2.28-225.0.4.6 - CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode. - CVE-2023-4806: potential use-after-free in getaddrinfo. - CVE-2023-4813: potential use-after-free in gaihinet RHEL-2435. - CVE-2023-4813: work around RHEL-8 limitation in test RHEL-2435. Reviewed by: Jose E...

7.8CVSS7.6AI score0.69916EPSS

Exploits26

CVE•added 2023/05/31 2:40 a.m.•37 views

CVE-2023-2435

CVE-2023-2435 affects the Blog-in-Blog WordPress plugin, with Local File Inclusion via a shortcode attribute in versions up to 1.1.1. The issue allows editor-level+ attackers to include and execute arbitrary PHP files on the server, potentially bypassing access controls and leading to code execut...

7.2CVSS7.7AI score0.01966EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2023/05/31 2:40 a.m.•6 views

CVE-2023-2435 Blog-in-Blog <= 2.0.0 - Authenticated (Editor+) Local File Inclusion via Shortcode

The Blog-in-Blog plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.0 via a shortcode attribute. This allows editor-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files...

7.2CVSS7.7AI score0.01966EPSS

Exploits0References3

Patchstack•added 2023/05/31 12:0 a.m.•7 views

WordPress Blog-in-Blog Plugin <= 1.1.1 is vulnerable to Local File Inclusion

Software Blog-in-Blog Type Plugin Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-2435 Patch priority Medium CVSS severity Medium 6 Developer Claim ownership PSID d20c4a81f261 Credits Lana Codes Required privilege Editor Publish...

7.2CVSS7.2AI score0.01966EPSS

Exploits0References2Affected Software1

F5 Networks•added 2023/02/21 6:53 p.m.•42 views

K17386005: MySQL vulnerabilities CVE-2019-2420, CVE-2019-2434, CVE-2019-2435, CVE-2019-2436, and CVE-2019-2455

Security Advisory Description CVE-2019-2420 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network...

8.1CVSS6.4AI score0.02601EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by