CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

901 matches found

CNNVD•added 2026/03/16 12:0 a.m.•2 views

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Vulnerabilities existed in versions 4.0.0-RC1 to 4.17.5, as well as in versions 5.0.0-RC1 to 5.9.11 of Craft CMS. These vulnerabilities were caused by behavior injection remote code execution vulnerabilities in the...

8.6CVSS6.5AI score0.00048EPSS

Exploits0References4

Cvelist•added 2026/02/09 7:55 p.m.•23 views

CVE-2026-25498 Craft has a potential authenticated Remote Code Execution via malicious attached Behavior

Craft is a platform for creating digital experiences. In versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, a Remote Code Execution RCE vulnerability exists in Craft CMS where the assembleLayoutFromPost function in src/services/Fields.php fails to sanitize user-supplied configuratio...

8.6CVSS0.00315EPSS

Exploits1References3

Tenable Nessus•added 2026/01/16 12:0 a.m.•2 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004086)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004086 advisory. The flowdissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto...

5.3CVSS6.7AI score0.00678EPSS

Exploits0References8

RedhatCVE•added 2026/01/09 11:21 a.m.•5 views

CVE-2021-22000

VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vulnerability due to insecure loading of DLLs. A malicious actor with non-administrative privileges may exploit this vulnerability to elevate privileges to administrator level on the Windows operating system having VMware ThinApp...

7.8CVSS6.8AI score0.00148EPSS

Exploits2References1

RedhatCVE•added 2026/01/07 9:43 a.m.•7 views

CVE-1999-0034

Buffer overflow in suidperl sperl, Perl 4.x and 5.x...

7.2CVSS7.3AI score0.00348EPSS

Exploits0References1

OSV•added 2025/10/22 3:15 p.m.•1 views

CVE-2025-11966

In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or rename files or directories within a served path...

6.4CVSS5.1AI score

Exploits0References1