CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

503 matches found

Pi-hole Reflected XSS in 404-Error Page

Pi-hole Admin Interface = 6.2.1 contains a reflected XSS vulnerability on the 404 error page. The URL path is reflected unsanitized into the class attribute of the body tag, allowing attribute injection via a crafted URL to execute arbitrary JavaScript in victim browsers. id: CVE-2025-53533 info:...

6.1CVSS6.1AI score0.00479EPSS

Exploits2References2

Tenable Nessus•added 2026/05/11 12:0 a.m.•2 views

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017453)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017453 advisory. Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior,...

6.3CVSS6.9AI score0.06237EPSS

Exploits0References4

IBM Security Bulletins•added 2026/03/05 7:53 a.m.•8 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in log4j-core (CVE-2025-68161)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-68161 of log4j-core-2.17.1.jar. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer...

6.3CVSS5.9AI score0.00029EPSS

Exploits1Affected Software1

RedhatCVE•added 2026/02/11 7:44 p.m.•2 views

CVE-2026-21743

A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotecte...

7.2CVSS5.5AI score0.00022EPSS

Exploits0References1

NVD•added 2026/02/10 4:16 p.m.•3 views

CVE-2026-21743

7.2CVSS0.00022EPSS

Exploits0References1

ATTACKERKB•added 2026/01/02 8:32 a.m.•1 views

CVE-2025-15437

A vulnerability was found in LigeroSmart up to 6.1.24. This affects an unknown part of the component Environment Variable Handler. Performing a manipulation of the argument REQUESTURI results in cross site scripting. The attack may be initiated remotely. The exploit has been made public and could...

5.1CVSS3.5AI score0.00008EPSS

Exploits1References8

Positive Technologies•added 2026/01/02 12:0 a.m.•1 views

PT-2026-1060

Name of the Vulnerable Software and Affected Versions LigeroSmart versions up to 6.1.24 Description A flaw exists in the Environment Variable Handler component of LigeroSmart. Manipulation of the REQUEST URI argument can lead to cross-site scripting. The issue may be exploited remotely. The explo...

5.1CVSS5.6AI score0.00008EPSS

Exploits1References12

CNNVD•added 2025/12/11 12:0 a.m.•1 views

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE）安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition EE and GitLab Community...

6.5CVSS6.2AI score0.00077EPSS

Exploits0References3

CNNVD•added 2025/11/18 12:0 a.m.•1 views

Zyxel DX3300-T0 操作系统命令注入漏洞

The Zyxel DX3300-T0 is a small wireless WiFi router from China Hopkins Zyxel. An operating system command injection vulnerability exists in Zyxel DX3300-T0 5.50 ABVY.6.3 C0 and earlier versions, which stems from the presence of post-authentication command injection in the priv parameter, which...

8.8CVSS7.5AI score0.0013EPSS

Exploits0References1

CNNVD•added 2025/10/27 12:0 a.m.•3 views

Pi-Hole Adminlte 注入漏洞

Pi-Hole Adminlte is a control panel. It is used for statistics More... An injection vulnerability exists in Pi-Hole Adminlte versions prior to 6.3 that stems from failure to properly clean up input when redirecting requests for files with the .lp extension, which could lead to a CRLF injection...

8.2CVSS6.9AI score0.00108EPSS

Exploits1References2

Cvelist•added 2025/10/07 6:21 p.m.•5 views

CVE-2025-3449 Weak Session Token used in Automation Runtime SDM

A Generation of Predictable Numbers or Identifiers vulnerability in the SDM component of B&R Automation Runtime versions before 6.4 may allow an unauthenticated network-based attacker to take over already established sessions...

4.2CVSS0.00029EPSS

Exploits0References1

Cvelist•added 2025/10/07 6:3 p.m.•6 views

CVE-2025-3450 Automation Runtime SDM requests may impact system

An Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime versions before 6.3 and before Q4.93 may allow an unauthenticated network-based attacker to delete data causing denial of service conditions...

10CVSS0.00058EPSS

Exploits0References1

IBM Security Bulletins•added 2025/10/07 7:8 a.m.•4 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by a vulnerability in spring-core-6.2.3.jar (CVE-2025-41249)

Summary IBM Sterling Connect:Direct Web Services is vulnerable to Annotation detection mechanism may not correctly resolve annotations on methods in spring-core-6.2.3. This has been addressed in new fixpacks available from Fix Central. Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The...

7.5CVSS6.4AI score0.00112EPSS

Exploits0Affected Software1