CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

86 matches found

Positive Technologies•added 2026/04/24 12:0 a.m.•1 views

PT-2026-35026

BridgeHead FileStore versions prior to 24A released in early 2024 expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to the admin console...

9.8CVSS5.9AI score0.00281EPSS

Exploits0References6

Cvelist•added 2026/04/20 6:54 a.m.•25 views

CVE-2026-6644 A command injection vulnerability was found in the PPTP VPN Clients on the ADM

A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted web environment and execute arbitrary code on the underlying operating system. This occurs due to insufficient validation of user-supplied...

9.4CVSS0.00352EPSS

Exploits1References1

Positive Technologies•added 2026/04/20 12:0 a.m.•0 views

PT-2026-33722

A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf and passing user-controlled data directly to printf. Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to...

8.6CVSS6.5AI score0.00154EPSS

Exploits1References2

Positive Technologies•added 2026/04/20 12:0 a.m.•2 views

PT-2026-33723

Name of the Vulnerable Software and Affected Versions ADM versions 4.1.0 through 4.3.3.RR42 ADM versions 5.0.0 through 5.1.2.REO1 Description A command injection issue exists in the PPTP VPN Clients of ASUSTOR ADM. This flaw allows an administrative user to bypass the restricted web environment a...

9.4CVSS6.2AI score0.00352EPSS

Exploits1References16

CNNVD•added 2026/02/25 12:0 a.m.•4 views

itsourcecode College Management System SQL注入漏洞

itsourcecode College Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode College Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter teacherid in the file...

9.8CVSS7.2AI score0.00039EPSS

Exploits1References5

ATTACKERKB•added 2026/02/03 2:19 a.m.•2 views

CVE-2026-24932

The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...

8.9CVSS5.5AI score0.00013EPSS

Exploits0References2Affected Software1

OSV•added 2026/01/05 10:6 a.m.•2 views

CVE-2025-5965 RCE via the backup feature available only to user with high privilege

In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Centreon Infra Monitoring Backup configuration in the administration setup...

7.2CVSS6.8AI score0.00212EPSS

Exploits0References4

Positive Technologies•added 2026/01/05 12:0 a.m.•4 views

PT-2026-1258

Name of the Vulnerable Software and Affected Versions Centreon Infra Monitoring versions 25.10.0 through 25.10.1 Centreon Infra Monitoring versions 24.10.0 through 24.10.14 Centreon Infra Monitoring versions 24.04.0 through 24.04.18 Description A flaw exists in the backup parameters of Centreon...

7.2CVSS6.9AI score0.00212EPSS

Exploits0References8

Cvelist•added 2025/12/12 2:30 a.m.•20 views

CVE-2025-13052 An improper certificates validation vulnerability was found in the Notification settings of ADM

When the user set the Notification's sender to send emails to the SMTP server via msmtp, an improper validated TLS/SSL certificates allows an attacker who can intercept network traffic between the SMTP client and server to execute a man-in-the-middle MITM attack, which may obtain the sensitive...

7CVSS0.00019EPSS

Exploits0References1

RedhatCVE•added 2025/12/08 5:11 p.m.•1 views

CVE-2025-14199

A flaw has been found in Verysync 微力同步 up to 2.21.3. This impacts an unknown function of the file /rest/f/api/resources/f96956469e7be39d/tmp/text.txt?override=false of the component Web Administration Module. Executing manipulation can lead to unrestricted upload. The attack may be performed from...

9.8CVSS6.1AI score0.00053EPSS

Exploits1References1

RedhatCVE•added 2025/12/08 4:14 p.m.•6 views

CVE-2025-14197

A security vulnerability has been detected in Verysync 微力同步 up to 2.21.3. The impacted element is an unknown function of the file /rest/f/api/resources/f96956469e7be39d of the component Web Administration Module. Such manipulation leads to information disclosure. The attack can be executed...

6.9CVSS5.2AI score0.0004EPSS

Exploits0References1

EUVD•added 2025/12/07 6:31 p.m.•2 views

EUVD-2025-201606

6.9CVSS5.8AI score0.0004EPSS

Exploits0References7

EUVD•added 2025/12/07 6:31 p.m.•3 views

EUVD-2025-201609

A vulnerability was detected in Verysync 微力同步 2.21.3. This affects an unknown function of the file /safebrowsing/clientreport/download?key=dummytoken of the component Web Administration Module. Performing manipulation results in information disclosure. The attack is possible to be carried out...

6.9CVSS5.8AI score0.00044EPSS

Exploits1References5

OSV•added 2025/12/07 5:15 p.m.•3 views

CVE-2025-14198

6.9CVSS5.5AI score

Exploits0References4

OSV•added 2025/12/07 5:15 p.m.•1 views

CVE-2025-14199

9.8CVSS5.3AI score

Exploits0References4