CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

34 matches found

Packet Storm News•added 2026/06/05 12:0 a.m.•6 views

Lyrion Music Server 9.2.0 metadata Persistent Cross Site Scripting

Lyrion Music Server version 9.2.0 stores media file metadata tags such as GENRE, ARTIST, and ALBUM exactly as written in the file and later renders them in its web interface without HTML-encoding, resulting in persistent cross site scripting. An attacker who gets a file with a malicious tag into...

7.2CVSS4.3AI score0.00186EPSS

Exploits2

CNNVD•added 2026/05/29 12:0 a.m.•9 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.29 contained security vulnerabilities. These vulnerabilities stemmed from a strategy-bypass vulnerability in QQBot administrator commands, which allowed authenticated senders to...

5.4CVSS5.9AI score0.00148EPSS

Exploits0References2

CNNVD•added 2025/11/11 12:0 a.m.•4 views

Siemens Spectrum Power 安全漏洞

Siemens Spectrum Power is an energy management system from Siemens, Germany. A security vulnerability exists in Siemens Spectrum Power 4 versions prior to V4.70 SP12 Update 2, which originates from a user interface that can run arbitrary commands over the network, potentially resulting in the...

8.8CVSS6.9AI score0.00341EPSS

Exploits0References2

Vulnrichment•added 2025/10/20 5:32 a.m.•2 views

CVE-2025-62577

ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing execution of OS commands with administrator privileges...

8.8CVSS6.9AI score0.0017EPSS

Exploits0References3

Japan Vulnerability Notes•added 2025/10/20 5:20 a.m.•3 views

ETERNUS SF vulnerable to incorrect default permissions

Overview ETERNUS SF provided by Fsas Technologies Inc. contains the following vulnerability. Incorrect default permissions CWE-276 - CVE-2025-62577 Fsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Fsas Technologies Inc...

8.8CVSS6.9AI score0.0017EPSS

Exploits0References5

CNNVD•added 2025/10/20 12:0 a.m.•2 views

Fsas Technologies ETERNUS SF 安全漏洞

Fsas Technologies ETERNUS SF is a storage system replication and backup management software from Fsas Technologies, Japan. A security vulnerability exists in Fsas Technologies ETERNUS SF that stems from improperly set default permissions, which could lead to a low-privileged user obtaining databa...

8.8CVSS8.7AI score0.0017EPSS

Exploits0References3

EUVD•added 2025/10/09 6:30 p.m.•4 views

EUVD-2025-33368

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Archive Log screen that, when visited by another user, enables the attacker to execute commands with the target's...

6.1CVSS6.5AI score0.00202EPSS

Exploits0References2

EUVD•added 2025/10/09 6:30 p.m.•4 views

EUVD-2025-33373

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Space Node Setting fields that, when visited by another user, enable the attacker to execute commands with the target...

6.1CVSS6.5AI score0.00202EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-12353

Malware in sbrugna...

8.9CVSS8.5AI score0.01061EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2021-34233

Malicious code in bioql PyPI...

9.1CVSS7.1AI score0.00775EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-23944

Malicious code in bioql PyPI...

9.1CVSS7.6AI score0.0082EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-1945

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00451EPSS

Exploits1References5

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2021-31565

Malicious code in bioql PyPI...

8.5CVSS7.5AI score0.00697EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 4:4 a.m.•6 views

CVE-2023-37650

A Cross-Site Request Forgery CSRF in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands...

8.8CVSS7.6AI score0.00451EPSS

Exploits1

RedhatCVE•added 2025/05/23 12:9 a.m.•14 views

CVE-2022-43553

A remote code execution vulnerability in EdgeRouters Version 2.0.9-hotfix.4 and earlier allows a malicious actor with an operator account to run arbitrary administrator commands.This vulnerability is fixed in Version 2.0.9-hotfix.5 and later...

8.8CVSS7.8AI score0.01046EPSS

Exploits0References1

RedhatCVE•added 2025/02/06 4:24 a.m.•9 views

CVE-2021-4406

An authenticated attacker is able to create alerts that trigger a stored XSS attack. POC go to the alert manager open the ITSM tab add a webhook with the URL/service token value ' -h && id | tee /tmp/ttttttddddssss ' whitespaces are tab characters click add click apply create a test alert The tes...

9.1CVSS6.7AI score0.00775EPSS

Exploits0References1

CNNVD•added 2024/04/08 12:0 a.m.•2 views

Redon Hub 安全漏洞

Redon Hub is an open source product delivery system from Redon Tech. A security vulnerability exists in Redon Hub versions prior to 1.0.2 that stems from a misconfiguration of permissions that allows all users to run administrator-related commands...

8.8CVSS6.6AI score0.00545EPSS

Exploits0References3

Veracode•added 2023/07/25 10:0 a.m.•14 views

Cross-Site Request Forgery (CSRF)

cockpit-hq/cockpit is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists in multiple functions of the Admin portal, which allows an attacker to execute arbitrary administrator commands...

8.8CVSS7.4AI score0.00451EPSS

Exploits1References4Affected Software1