CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

93 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в openjdk-11

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Security. The supported versions affected by this vulnerability are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9,...

4.7CVSS6.8AI score0.00047EPSS

Exploits0References2

OSV•added 2026/05/06 2:44 p.m.•0 views

BIT-JAVA-2024-21131

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0....

3.7CVSS6.8AI score0.00442EPSS

Exploits0References4

EUVD•added 2026/04/07 6:52 p.m.•0 views

EUVD-2026-19861

Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe allows unrestricted Doctype access via API exploit...

6.9CVSS5.9AI score0.00045EPSS

Exploits0References1

Cvelist•added 2026/04/07 6:52 p.m.•12 views

CVE-2026-39351 Frappe allows unrestricted Doctype access via API exploit

Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe allows unrestricted Doctype access via API exploit...

6.9CVSS0.00045EPSS

Exploits0References1

CVE•added 2026/04/07 6:52 p.m.•5 views

CVE-2026-39351

CVE-2026-39351 affects Frappe prior to versions 16.14.0 and 15.104.0, where unrestricted Doctype access via the API is possible. The root cause is not elaborated in the provided documents beyond the unrestricted Doctype access vector. Potential impact includes unauthorized access to Doctype data ...

9.1CVSS5.9AI score0.00045EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/01/09 11:22 a.m.•4 views

CVE-2021-22202

An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API...

4.3CVSS6.5AI score0.00156EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:13 a.m.•3 views

CVE-2016-10843

cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API SEC-76...

8.1CVSS7.5AI score0.00926EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:9 a.m.•12 views

CVE-2019-11185

The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results from an incomplete patch for CVE-2018-12426. Arbitrary file upload is achieved by using a non-blacklisted executable file extension in conjunction with a whitelisted file...

9.8CVSS7.2AI score0.10117EPSS

Exploits2References1

RedhatCVE•added 2026/01/07 9:9 a.m.•7 views

CVE-2024-2771

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes ...

9.8CVSS6.9AI score0.21837EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-11134

Malware in sbrugna...

9.1CVSS9AI score0.6379EPSS

Exploits2References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-23961

Malware in sbrugna...

5.4CVSS5.5AI score0.00185EPSS

Exploits1References3