CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

36521 matches found

ATTACKERKB•added 2026/02/27 8:15 p.m.•5 views

CVE-2018-25160

HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject...

6.5CVSS6.1AI score0.00404EPSS

Exploits0References4

CVE•added 2026/02/27 8:15 p.m.•10 views

CVE-2018-25160

Summary (CVE-2018-25160) : The Perl package HTTP::Session2 (versions through 1.09) does not validate the format of user-provided session IDs, enabling potential code injection or other impact depending on the session backend. Red Hat and EU/ENISA entries corroborate that insecure session-id handl...

6.5CVSS6.1AI score0.00404EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/02/27 8:15 p.m.•20 views

CVE-2018-25160 HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend

0.00404EPSS

Exploits0References3

RedhatCVE•added 2026/02/27 7:44 p.m.•5 views

CVE-2026-26938

Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...

8.6CVSS6.1AI score0.00254EPSS

Exploits0References1

RedhatCVE•added 2026/02/27 10:14 a.m.•5 views

CVE-2026-28132

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects WooCommerce Photo Reviews: from n/a through = 1.4.4...

5.3CVSS6AI score0.00194EPSS

Exploits0References1

EUVD•added 2026/02/27 9:30 a.m.•3 views

EUVD-2026-9012

Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication...

8.8CVSS6AI score0.00392EPSS

Exploits0References3

EUVD•added 2026/02/27 9:30 a.m.•5 views

EUVD-2026-9013

Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection.This issue affects Frick Controls Quantum HD version 10.22 and prior...

8.8CVSS6AI score0.00626EPSS

Exploits0References3

EUVD•added 2026/02/27 9:30 a.m.•3 views

EUVD-2026-9011

8.8CVSS6AI score0.00392EPSS

Exploits0References3

OSV•added 2026/02/27 9:16 a.m.•2 views

CVE-2026-21657

9.8CVSS5.8AI score0.00392EPSS

Exploits0References2

NVD•added 2026/02/27 9:16 a.m.•3 views

CVE-2026-21656

9.8CVSS0.00392EPSS

Exploits0References2

NVD•added 2026/02/27 9:16 a.m.•8 views

CVE-2026-21658

Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the securit...

9.8CVSS0.00626EPSS

Exploits0References2

NVD•added 2026/02/27 9:16 a.m.•3 views

CVE-2026-21657

9.8CVSS0.00392EPSS

Exploits0References2

OSV•added 2026/02/27 9:16 a.m.•2 views

CVE-2026-21656

9.8CVSS5.8AI score0.00392EPSS

Exploits0References2

Cvelist•added 2026/02/27 8:59 a.m.•16 views

CVE-2026-21658 Johnson Controls -Frick Quantum HD- Unauthenticated Remote Code Execution

Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the securit...

8.8CVSS0.00626EPSS

Exploits0References2

ATTACKERKB•added 2026/02/27 8:59 a.m.•6 views

CVE-2026-21658

Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the securit...

9.8CVSS6AI score0.00626EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/02/27 8:59 a.m.•5 views

CVE-2026-21658 Johnson Controls -Frick Quantum HD- Unauthenticated Remote Code Execution

Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the securit...

8.8CVSS6AI score0.00626EPSS

Exploits0References2

CVE•added 2026/02/27 8:59 a.m.•14 views

CVE-2026-21658

Johnson Controls Frick Controls Quantum HD is affected by CVE-2026-21658, an unauthenticated remote code execution (code injection) vulnerability caused by insufficient validation of input parameters. The issue allows code execution before authentication, impacting Quantum HD versions up to 10.22...

9.8CVSS6AI score0.00626EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/02/27 8:54 a.m.•4 views

CVE-2026-21657 Johnson Controls -Frick Quantum HD- Unauthenticated Remote Code Execution

8.8CVSS5.8AI score0.00392EPSS

Exploits0References2

Cvelist•added 2026/02/27 8:54 a.m.•17 views

CVE-2026-21657 Johnson Controls -Frick Quantum HD- Unauthenticated Remote Code Execution

8.8CVSS0.00392EPSS

Exploits0References2

ATTACKERKB•added 2026/02/27 8:54 a.m.•4 views

CVE-2026-21657