CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1684 matches found

SUSE CVE-2026-48827

Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to git repositories outside the configured git server root directory. Applications are affected if th...

6.5CVSS5.8AI score0.00095EPSS

Exploits0References3

NVD•added 3 days ago•9 views

CVE-2026-48827

7.1CVSS0.00095EPSS

Exploits0References2

CVE•added 3 days ago•11 views

CVE-2026-48827

This CVE (CVE-2026-48827) affects Apache MINA SSHD when used as the sshd-git bundle. The vulnerability is a path traversal caused by missing path validation in git-upload-pack, git-receive-pack, and other git operations, allowing SSH-authenticated users to access repositories outside the configur...

7.1CVSS5.8AI score0.00095EPSS

Exploits0References2Affected Software1

Cvelist•added 3 days ago•27 views

CVE-2026-48827 Apache MINA SSHD: Path traversal in org.apache.sshd:sshd-git

7.1CVSS0.00095EPSS

Exploits0References1

Debian CVE•added 3 days ago•7 views

CVE-2026-48827

7.1CVSS5.8AI score0.00095EPSS

Exploits0

ATTACKERKB•added 3 days ago•3 views

CVE-2026-48827

7.1CVSS5.8AI score0.00095EPSS

Exploits0References2Affected Software1

EUVD•added 3 days ago•8 views

EUVD-2026-33606

7.1CVSS5.8AI score0.00095EPSS

Exploits0References1

Positive Technologies•added 3 days ago•5 views

PT-2026-45380

Name of the Vulnerable Software and Affected Versions Apache MINA SSHD versions prior to 2.18.0 Apache MINA SSHD versions 3.0.0-M1 through 3.0.0-M3 Description A path traversal issue exists in the org.apache.sshd:sshd-git bundle. Due to a lack of path validation in git-upload-pack,...

7.1CVSS5.8AI score0.00095EPSS

Exploits0References4

Tenable Nessus•added 5 days ago•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-44837

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint...

7.5CVSS5.8AI score0.00015EPSS

Exploits1References2

Nuclei•added last week•133 views

strapi CMS <3.0.0-beta.17.5 - Admin Password Reset

strapi CMS before 3.0.0-beta.17.5 allows admin password resets because it mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js. id: CVE-2019-18818 info: name: strapi CMS 3.0.0-beta.17.5 - Admin Password Reset...

9.8CVSS7.3AI score0.94045EPSS

Exploits13References5

OSV•added 2026/05/26 9:16 p.m.•2 views

DEBIAN-CVE-2026-44837

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

7.5CVSS5.8AI score0.00015EPSS

Exploits1References1

Patchstack•added 2026/05/26 5:43 a.m.•4 views

WordPress Brikk theme <= 3.0.0 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Denver Jackson in WordPress Theme Brikk versions = 3.0.0...

5.8AI score

Exploits0Affected Software1

CNNVD•added 2026/05/26 12:0 a.m.•5 views

view_component 安全漏洞

viewcomponent is an open-source framework developed by ViewComponent, designed for building reusable and testable view components. There are security vulnerabilities in the viewcomponent version 3.0.0 to 4.9.0. These vulnerabilities arise from the system’s testing entry point using File.realpath ...

5.9CVSS5.8AI score0.00015EPSS

Exploits1References2

NVD•added 2026/05/25 9:16 p.m.•10 views

CVE-2026-48589

Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validation of this client-controlled value could allow an attacker to influence the redirect target in applications using the Jakarta EE module...

5.4CVSS0.00086EPSS

Exploits0References2

OSV•added 2026/05/25 9:16 p.m.•7 views

UBUNTU-CVE-2026-48589

5.4CVSS5.8AI score0.00086EPSS

Exploits0References5

OSV•added 2026/05/25 9:16 p.m.•2 views

UBUNTU-CVE-2026-44598

With valid login credentials, URL Redirection to Untrusted Site 'Open Redirect', Server-Side Request Forgery SSRF vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module. Users are recommended t...

5.4CVSS5.9AI score0.00119EPSS

Exploits0References5

UbuntuCve•added 2026/05/25 9:16 p.m.•3 views

CVE-2026-43827

Default configurations of Apache Shiro have a session fixation vulnerability. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected versions, when a session already...

6.5CVSS5.8AI score0.00067EPSS

Exploits0References4

EUVD•added 2026/05/25 8:20 p.m.•6 views

EUVD-2026-31738

5.8AI score0.00086EPSS

Exploits0References1

Debian CVE•added 2026/05/25 8:20 p.m.•5 views

CVE-2026-48589

5.4CVSS5.8AI score0.00086EPSS

Exploits0

CVE•added 2026/05/25 8:19 p.m.•12 views

CVE-2026-43827

CVE-2026-43827 affects Apache Shiro. In affected versions (1.0–2.1.0 and 3.0.0-alpha-1), an existing session is not invalidated nor a new session with a new ID issued after login, enabling session fixation. Upgraded fixes are available in 2.1.1 and 3.0.0-alpha-2 or later; apply the patch to mitig...

6.5CVSS5.8AI score0.00067EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by