CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25 matches found

RedhatCVE•added 2026/01/13 10:52 p.m.•2 views

CVE-2026-22197

GestSup versions prior to 3.2.60 contain multiple SQL injection vulnerabilities in the asset list functionality. Multiple request parameters used to filter, search, or sort assets are incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate...

8.1CVSS7.5AI score0.00011EPSS

Exploits0References1

OSV•added 2026/01/09 5:15 p.m.•1 views

CVE-2026-22197

8.1CVSS5.8AI score0.00011EPSS

Exploits0References2

NVD•added 2026/01/09 5:15 p.m.•1 views

CVE-2026-22197

8.1CVSS0.00011EPSS

Exploits0References2

CVE•added 2026/01/09 4:18 p.m.•9 views

CVE-2026-22197

GestSup is affected by multiple SQL injection flaws in the Asset List feature, leading to potential unauthorized access or modification of database contents. Exploitation is possible through several request parameters used for filtering, searching, or sorting assets that are incorporated into SQL...

8.1CVSS7.1AI score0.00011EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/01/09 4:18 p.m.•3 views

CVE-2026-22197 GestSup < 3.2.60 Multiple SQL Injections in Asset List

7.5CVSS7.1AI score0.00011EPSS

Exploits0References2

Cvelist•added 2026/01/09 4:18 p.m.•19 views

CVE-2026-22197 GestSup < 3.2.60 Multiple SQL Injections in Asset List

7.5CVSS0.00011EPSS

Exploits0References2

ATTACKERKB•added 2026/01/09 4:18 p.m.•2 views

CVE-2026-22197

8.1CVSS5.8AI score0.00011EPSS

Exploits0References3

Positive Technologies•added 2026/01/09 12:0 a.m.•3 views

PT-2026-2170

Name of the Vulnerable Software and Affected Versions GestSup versions up to and including 3.2.56 Description GestSup versions up to and including 3.2.56 have multiple SQL injection flaws in the asset list functionality. Request parameters used to filter, search, or sort assets are included in SQ...

7.5CVSS7.2AI score0.00011EPSS

Exploits0References5

CNNVD•added 2026/01/09 12:0 a.m.•3 views

GESTSUP SQL注入漏洞

GESTSUP is a software application from the French company GESTSUP. It is 100% web-based SUPport MANAGEMENT software that manages tickets and devices. A SQL injection vulnerability exists in GESTSUP 3.2.56 and prior versions, which stems from multiple request parameters for filtering, searching, o...

8.1CVSS7.7AI score0.00011EPSS

Exploits0References3

RedhatCVE•added 2025/12/19 2:9 p.m.•2 views

CVE-2025-40893

A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets to inject HTML tags into asset attributes. When a victim views the affected assets in the...

6.1CVSS6AI score0.00043EPSS

Exploits0References1

OSV•added 2025/12/18 2:15 p.m.•0 views

CVE-2025-40893

5.3CVSS5.8AI score

Exploits0References1

NVD•added 2025/12/18 2:15 p.m.•3 views

CVE-2025-40893

6.1CVSS0.00043EPSS

Exploits0References2

Cvelist•added 2025/12/18 1:17 p.m.•21 views

CVE-2025-40893 HTML injection in Asset List in Guardian/CMC before 25.5.0

6.1CVSS0.00043EPSS

Exploits0References1

CVE•added 2025/12/18 1:17 p.m.•10 views

CVE-2025-40893

The CVE-2025-40893 issue affects Nozomi Networks Guardian/CMC Asset List functionality where improper validation of network traffic data allows stored HTML injection (XSS) via specially crafted packets. Unauthenticated attackers can insert HTML into asset attributes, which then renders in a victi...

6.1CVSS5.7AI score0.00043EPSS

Exploits0References2Affected Software2

Vulnrichment•added 2025/12/18 1:17 p.m.•2 views

CVE-2025-40893 HTML injection in Asset List in Guardian/CMC before 25.5.0

6.1CVSS5.7AI score0.00043EPSS

Exploits0References1

EUVD•added 2025/12/18 1:17 p.m.•3 views

EUVD-2025-204259

6.1CVSS5.5AI score0.00043EPSS

Exploits0References2

NOZOMI•added 2025/12/18 12:0 a.m.•5 views

HTML injection in Asset List in Guardian/CMC before 25.5.0

Summary A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of network traffic data. Impact An unauthenticated attacker can send specially crafted network packets to inject HTML tags into asset attributes. When a victim views the affecte...

6.1CVSS6AI score0.00043EPSS

Exploits0Affected Software2

Positive Technologies•added 2025/12/18 12:0 a.m.•2 views

PT-2025-52221

6.1CVSS6AI score0.00043EPSS

Exploits0References1

Positive Technologies•added 2025/10/28 12:0 a.m.•4 views

PT-2025-44091

Name of the Vulnerable Software and Affected Versions microCLAUDIA versions prior to 3.2.0 Description An improper access control issue exists in microCLAUDIA. An authenticated user can perform unauthorized actions on other organizations' systems by sending direct API requests. Attackers can...

7.6CVSS6.5AI score0.00061EPSS

Exploits0References5

OSV•added 2025/04/25 3:15 a.m.•3 views

CVE-2025-46546

In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll,...

8.8CVSS5.8AI score

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by