CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

96 matches found

AlmaLinux 8 : kernel-rt (ALSA-2026:21745)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:21745 advisory. kernel: Bluetooth: MGMT: Fix possible UAFs CVE-2025-39981 kernel: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr CVE-2025-68183...

9.4CVSS6AI score0.00076EPSS

Exploits0References20

CNNVD•added 2026/04/03 12:0 a.m.•4 views

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.97 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authentication for WebSocket connections and information endpoints on the PraisonAI...

9.1CVSS5.9AI score0.00022EPSS

Exploits1References1

RedHat Linux•added 2026/04/02 1:54 p.m.•4 views

keycloak: Keycloak IDOR in realm client creating/deleting

A flaw was found in Keycloak. An IDOR Broken Access Control vulnerability exists in the admin API endpoints for authorization resource management, specifically in ResourceSetService and PermissionTicketService. The system checks authorization against the resourceServer client ID provided in the A...

6CVSS5.8AI score0.00015EPSS

Exploits0References4

Positive Technologies•added 2026/04/01 12:0 a.m.•2 views

PT-2026-29414

XenForo before 2.3.5 allows OAuth2 client applications to request unauthorized scopes. This affects any customer using OAuth2 clients on any version of XenForo 2.3 prior to 2.3.5, potentially allowing client applications to gain access beyond their intended authorization level...

8.8CVSS5.9AI score0.0005EPSS

Exploits0References3

EUVD•added 2026/03/26 12:30 p.m.•2 views

EUVD-2018-21665

Online Store System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with the action=clientaccess parameter using boolean-based blin...

8.8CVSS6AI score0.00049EPSS

Exploits0References4

Positive Technologies•added 2026/03/26 12:0 a.m.•2 views

PT-2026-28240

Name of the Vulnerable Software and Affected Versions Online Store System CMS version 1.0 Description An SQL injection allows unauthenticated attackers to manipulate database queries. This is achieved by sending POST requests to the 'index.php' endpoint with the action parameter set to...

8.8CVSS5.9AI score0.00049EPSS

Exploits0References5

Snyk•added 2026/03/11 12:17 a.m.•1 views

Incorrect Authorization

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Incorrect Authorization in the Keycloak authentication adapter due to missing validation of the azp claim in access tokens...

8.8CVSS5.8AI score0.00046EPSS

Exploits0References2

RedhatCVE•added 2026/01/07 9:40 a.m.•4 views

CVE-1999-0073

Telnet allows a remote client to specify environment variables including LDLIBRARYPATH, allowing an attacker to bypass the normal system libraries and gain root access...

10CVSS7.2AI score0.00268EPSS

Exploits1References1

Positive Technologies•added 2025/12/16 12:0 a.m.•2 views

PT-2025-51367

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A broken access control issue was identified in Keycloak’s admin API endpoints related to authorization resource management, specifically within the ResourceSetService and...

6CVSS6.2AI score0.00015EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-7216

Malware in sbrugna...

10CVSS8.7AI score0.00654EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2018-0363

Malware in sbrugna...

5.3CVSS5.3AI score0.00205EPSS

Exploits0References9