CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15562 matches found

Nodejs Squirrelly - Remote Code Execution

Nodejs Squirrelly is susceptible to remote code execution. Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuratio...

8.8CVSS7.9AI score0.59844EPSS

Exploits2

Nuclei•added yesterday•133 views

Kyocera TASKalfa printer - Path Traversal

CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings. id: CVE-2023-34259 info: name: Kyocera TASKalfa printer - Path...

4.9CVSS6.7AI score0.57683EPSS

Exploits2References5

Nuclei•added yesterday•51 views

Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect

The Oracle Applications Framework component of Oracle E-Business Suite subcomponent: Popup windows lists of values, datepicker, etc. is impacted by open redirect issues in versions 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. These easily exploitable vulnerabilities allow unauthenticated attackers...

5.8CVSS6.3AI score0.14558EPSS

Exploits4References5

Nuclei•added yesterday•37 views

Twisted - Open Redirect & XSS

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The Twisted web framework's redirectTo function is vulnerable to reflected XSS if an attacker can control the redirect URL. This template tests for an open redirect and XSS vulnerability in the URL parameter...

6.1CVSS6.5AI score0.01109EPSS

Exploits0References2

NVD•added 3 days ago•12 views

CVE-2026-13006

ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.35 in Java applications, allows an attacker to execute arbitrary code circumventing existing protections against CVE-2025-11226 by compromising an existing logback configuration...

7CVSS0.00122EPSS

Exploits0References1

Cvelist•added 3 days ago•33 views

CVE-2026-13006 Incomplete protection against CVE-2025-11226

7CVSS0.00122EPSS

Exploits0References1

EUVD•added 4 days ago•5 views

EUVD-2026-38428

Capgo before 12.128.2 contains an authorization bypass vulnerability in its public API key management handlers get/put/delete/post. API keys created with mode=all but restricted to a single app via limitedtoapps are only checked for limitedtoorgs and not for limitedtoapps, so an app-scoped key ca...

8.7CVSS5.9AI score0.00292EPSS

Exploits0References2

EUVD•added 5 days ago•6 views

EUVD-2026-38373

Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channelself endpoint that allows unauthenticated attackers to enumerate non-public channel names and determine app existence and subscription status. Remote attackers can send GET requests with arbitrary...

8.7CVSS5.9AI score0.00379EPSS

Exploits0References2

CVE•added 5 days ago•26 views

CVE-2026-10845

CVE-2026-10845 affects IBM WebSphere Application Server 8.5 and 9.0, where an authentication bypass could allow a remote attacker to gain unauthorized access to JAX-WS applications. The root cause is an authentication bypass vulnerability in these WAS components, exposing potential impact on conf...

7.3CVSS5.9AI score0.00337EPSS

Exploits0References1Affected Software1

AstraLinux•added 2026/06/19 11:10 a.m.•4 views

Astra Linux – Vulnerability in Ruby-Rack

A denial-of-service vulnerability in the multipart parsing component of Rack was fixed in versions 2.0.9.2, 2.1.4.2, 2.2.4.1, and 3.0.0.1. This vulnerability could allow attackers to craft input that causes the RFC2183 multipart boundary parsing in Rack to take an unexpectedly long time,...

7.5CVSS6.4AI score0.01617EPSS

Exploits0References2

AstraLinux•added 2026/06/19 11:10 a.m.•7 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Using XMLHttpRequest, an attacker could identify installed applications by probing error messages related to loading external protocols. This vulnerability affects Thunderbird version 91.4.0, Firefox ESR version 91.4.0, and Firefox version 95...

6.5CVSS6.3AI score0.01714EPSS

Exploits0References2

AstraLinux•added 2026/06/19 11:10 a.m.•5 views

Astra Linux – Vulnerability in Jetty9

In Eclipse Jetty versions 1.0 through 9.4.32.v20200930, 10.0.0alpha1 through 10.0.0.beta2, and 11.0.0alpha1 through 11.0.0.beta2O, on Unix-like systems, the system’s temporary directory is shared among all users on that system. A collocated user can observe the process of creating a temporary...

7CVSS7.3AI score0.043EPSS

Exploits1References1

IBM Security Bulletins•added 2026/06/18 5:57 p.m.•26 views

Security Bulletin: Aspera Applications are affected by an OpenSSL vulnerability (CVE-2016-8610)

Question Security Bulletin: Aspera Applications are affected by an OpenSSL vulnerability CVE-2016-8610 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"Al...

7.5CVSS6.8AI score0.39657EPSS

Exploits1Affected Software1

NVD•added 2026/06/17 10:54 a.m.•6 views

CVE-2026-46933

Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applicatio...

9.9CVSS0.00411EPSS

Exploits0References1

NVD•added 2026/06/17 10:54 a.m.•6 views

CVE-2026-46925

Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM component: Siebel Cloud Manager. Supported versions that are affected are 17.0-26.5. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the...

8.3CVSS0.00265EPSS

Exploits0References1

NVD•added 2026/06/17 10:54 a.m.•5 views

CVE-2026-46926

Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM component: Siebel Cloud Manager. Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Siebel CRM Cloud Applications...

8.8CVSS0.0012EPSS

Exploits0References1

NVD•added 2026/06/17 10:54 a.m.•5 views

CVE-2026-46919

Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM component: Siebel Cloud Manager. Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Cloud...

9.8CVSS0.00362EPSS

Exploits0References1

NVD•added 2026/06/17 10:54 a.m.•4 views

CVE-2026-46920

Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM component: Siebel Cloud Manager. Supported versions that are affected are 17.0-26.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Cloud...

8.1CVSS0.00291EPSS

Exploits0References1

NVD•added 2026/06/16 12:16 p.m.•10 views

CVE-2026-12225

syracom AG Secure Login 2FA for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an authentication bypass vulnerability. An attacker with valid credentials for a user account can bypass the two-factor authentication flow by sending HTTP requests with a crafted User-Agent header containi...

8.7CVSS0.00481EPSS

Exploits0References5

EUVD•added 2026/06/16 11:20 a.m.•6 views

EUVD-2026-37066

8.7CVSS5.5AI score0.00481EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by