CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Omnissa has fixed vulnerabilities in Omnissa Workspace ONE UEM. The vulnerabilities are located in the API endpoints of Omnissa Workspace ONE UEM. The first vulnerability allows malicious parties to gain unauthorized access to sensitive information using the Path Traversal technique. This can lea...

7.5CVSS6.6AI score0.04239EPSS

Exploits1References1

Akamai Blog•added 2025/09/04 4:0 p.m.•4 views

Breach Highlights AI and API Vulnerabilities in Software Supply Chains

...

7AI score

Exploits0

Cvelist•added 2025/07/21 8:58 p.m.•15 views

CVE-2025-54134 HAX CMS NodeJs's Improper Error Handling Leads to Denial of Service

HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles...

7.1CVSS0.00189EPSS

Exploits0References4

Tenable Nessus•added 2025/07/16 12:0 a.m.•8 views

Cisco Identity Services Engine Multiple Vulnerabilities (cisco-sa-ise-multi-3VpsXOxO)

According to its self-reported version, Cisco ISE is affected by multiple vulnerabilities. - A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This vulnerability is d...

7.2CVSS6.4AI score0.0076EPSS

Exploits0References6

Positive Technologies•added 2025/06/25 12:0 a.m.•1 views

PT-2025-26938 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.2 through 17.11.4 GitLab CE/EE versions 18.0 through 18.0.2 GitLab CE/EE versions 18.1 through 18.1.0 Description: An issue has been discovered that could have allowed authenticated users with Guest role permissions t...

4.3CVSS6.1AI score0.00066EPSS

Exploits0References16

NVD•added 2025/05/29 8:15 p.m.•15 views

CVE-2025-47933

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the victim via the API. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve...

9CVSS0.00067EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 10:30 a.m.•4 views

CVE-2024-20417

Multiple vulnerabilities in the REST API of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct blind SQL injection attacks. These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An attacker could exploit these...

8.1CVSS7.9AI score0.00185EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 8:20 a.m.•8 views

CVE-2024-10325

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00233EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 6:50 p.m.•5 views

CVE-2021-43175

The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. Vulnerable versions of GOautodial validate the username and password incorrectly,...

7.5CVSS6.7AI score0.00361EPSS

Exploits1

RedhatCVE•added 2025/05/22 6:27 p.m.•6 views

CVE-2021-26965

A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform versions: Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacke...

6.5CVSS7.3AI score0.00214EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 8:43 a.m.•8 views

CVE-2019-5630

A Cross-Site Request Forgery CSRF vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request...

8.8CVSS7.4AI score0.01102EPSS

Exploits0References1

Vulnrichment•added 2025/05/13 3:45 p.m.•18 views

CVE-2025-4427 Authentication Bypass

An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API...

5.3CVSS7.4AI score0.91261EPSS

Exploits8References1

ATTACKERKB•added 2025/05/13 12:0 a.m.•26 views

CVE-2025-4428

Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests. Recent assessments: remmons-r7 at May 22, 2025 5:27am UTC reported: On May 13, 2025, Ivanti...

8.8CVSS9.2AI score0.91261EPSS

In wildExploits10References2

Cisco•added 2025/05/07 4:0 p.m.•19 views

Cisco Catalyst SD-WAN Manager Arbitrary File Creation Vulnerability

A vulnerability in the application data endpoints of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to improper validation of requests to APIs. An attacker could...

6.5CVSS6.7AI score0.01019EPSS

Exploits0References1

Vulnrichment•added 2025/05/06 9:33 p.m.•8 views

CVE-2025-47420 User Permissions on Network API

266 vulnerability in Crestron Automate VX allows Privilege Escalation.This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49...

8.7CVSS6.6AI score0.00223EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by