CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2229 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в haproxy

A vulnerability related to uncontrolled resource consumption was discovered in HAProxy, which could cause the service to crash. This issue could allow an authenticated remote attacker to run a specially crafted malicious server within an OpenShift cluster. The most significant impact is related t...

6.5CVSS6.5AI score0.01834EPSS

Exploits0References2

Positive Technologies•added 2026/05/20 12:0 a.m.•7 views

PT-2026-42192

A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the BrowserBot synthetics orchestration process. Cisco has addressed this vulnerability in the Cisco...

6.3CVSS6.1AI score0.00416EPSS

Exploits0References2

RedhatCVE•added 2026/05/14 7:58 p.m.•5 views

CVE-2026-44867

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system...

8.8CVSS6.1AI score0.00896EPSS

Exploits0References1

RedhatCVE•added 2026/05/14 7:58 p.m.•6 views

CVE-2026-44868

8.8CVSS6.1AI score0.00896EPSS

Exploits0References1

CVE•added 2026/05/14 4:8 p.m.•16 views

CVE-2026-20209

Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) web UI vulnerability allows an authenticated, read-only user to elevate to a high-privilege role and take actions as a high-privileged user. Root cause: sensitive session information is logged in audit logs. Impact: privilege escalation with...

5.4CVSS5.8AI score0.0019EPSS

Exploits0References2

Patchstack•added 2026/05/14 2:57 p.m.•5 views

NPM: FlowiseAI: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape

NPM: FlowiseAI: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score0.00649EPSS

Exploits1References3Affected Software1

RedhatCVE•added 2026/05/14 8:21 a.m.•7 views

CVE-2026-44871

Command injection vulnerabilities exist in the command line interface CLI service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying...

8.8CVSS6.1AI score0.01226EPSS

Exploits0References1

Positive Technologies•added 2026/05/14 12:0 a.m.•14 views

PT-2026-40960

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager versions prior to 26.0.1 Description A flaw in the web UI of Cisco Catalyst SD-WAN Manager allows an authenticated remote attacker with read-only permissions to elevate their privileges to a high-privileged level...

5.4CVSS5.8AI score0.0019EPSS

Exploits0References4

RedhatCVE•added 2026/05/13 8:23 p.m.•5 views

CVE-2026-44870

8.8CVSS6.1AI score0.00896EPSS

Exploits0References1

RedhatCVE•added 2026/05/13 8:23 p.m.•7 views

CVE-2026-44869

8.8CVSS6.1AI score0.00896EPSS

Exploits0References1

RedhatCVE•added 2026/05/13 8:23 p.m.•7 views

CVE-2026-44853

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a...

7.2CVSS6.5AI score0.01014EPSS

Exploits0References1

RedhatCVE•added 2026/05/13 8:23 p.m.•5 views

CVE-2026-44852

An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting...

7.2CVSS6.6AI score0.00436EPSS

Exploits0References1

RedhatCVE•added 2026/05/13 8:23 p.m.•5 views

CVE-2026-44854

7.2CVSS6.5AI score0.01014EPSS

Exploits0References1

NVD•added 2026/05/13 4:16 p.m.•8 views

CVE-2026-34176

When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support EoTS are not...

8.7CVSS0.00692EPSS

Exploits0References1

CVE•added 2026/05/13 2:12 p.m.•21 views

CVE-2026-41957

CVE-2026-41957 affects the BIG-IP and BIG-IQ Configuration utility. The connected advisory confirms an authenticated remote code execution vulnerability via undisclosed vectors in the Configuration utility (control plane access), with CWE-502 deserialization noted in the security advisory details...

8.8CVSS6.5AI score0.00503EPSS

Exploits0References1

Cvelist•added 2026/05/13 2:12 p.m.•24 views

CVE-2026-41957 BIG-IP and BIG-IQ Configuration utility vulnerability

An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.8CVSS0.00503EPSS

Exploits0References1

CNNVD•added 2026/05/13 12:0 a.m.•7 views

F5 BIG-IP和F5 BIG-IQ 代码问题漏洞

F5 BIG-IP and F5 BIG-IQ are both products from the American company F5. F5 BIG-IP is an application delivery platform that integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IQ is a software-based cloud management solution. This...

8.8CVSS6.2AI score0.00503EPSS

Exploits0References1

NVD•added 2026/05/12 10:16 p.m.•25 views

CVE-2026-44871

8.8CVSS0.01226EPSS

Exploits0References1