CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

CVE•added 2026/05/28 7:48 p.m.•19 views

CVE-2026-49095

Kibana Fleet policy management feature is affected by CVE-2026-49095 due to improper input validation (CWE-20). An authenticated user with Fleet management privileges can inject values into a configuration override mechanism, causing Elastic Agents to be issued API keys with elevated Elasticsearc...

6.5CVSS5.8AI score0.00261EPSS

Exploits0References1Affected Software1

Snyk•added 2026/05/04 9:30 p.m.•8 views

Arbitrary Argument Injection

Overview archivebox is a The self-hosted internet archive. Affected versions of this package are vulnerable to Arbitrary Argument Injection via the AddView class. An attacker can execute arbitrary code on the server by submitting specially crafted configuration overrides to the /add/ endpoint,...

9.8CVSS6.3AI score0.00404EPSS

Exploits1References2

EUVD•added 2025/10/07 4:11 a.m.•3 views

EUVD-2025-32660

Malicious code in tailwindcss-config-overrides npm...

6.6AI score

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-24353

Malicious code in bioql PyPI...

4.9CVSS5.2AI score0.00482EPSS

Exploits0References1

Positive Technologies•added 2025/09/25 12:0 a.m.•2 views

PT-2025-39395

Name of the Vulnerable Software and Affected Versions Rapid7 Appspider Pro versions prior to 7.5.021 Description The application has a broken access control issue in how it loads configuration files. Standard users can add custom configuration files, which are loaded alphabetically and can overri...

3.3CVSS6.6AI score0.00116EPSS

Exploits0References6

Cvelist•added 2024/05/08 1:53 a.m.•23 views

CVE-2024-1929 Local Root Exploit via Configuration Dictionary

Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary. There are issues with the D-Bus interface long before Polkit is invoked. The org.rpm.dnf.v0.SessionManager.opensession...

7.5CVSS8.2AI score0.00289EPSS

Exploits1References1

Veracode•added 2024/04/12 12:40 p.m.•24 views

Code Injection

org.apache.zeppelin/zeppelin is vulnerable to Code Injection. The vulnerability is due to improper handling of configuration overrides such as ZEPPELININTPCLASSPATHOVERRIDES, allowing attackers to execute shell scripts or inject malicious code though environment variables...

9.8CVSS7.7AI score0.01439EPSS

Exploits0References4Affected Software1

OSV•added 2024/04/09 4:15 p.m.•5 views

CVE-2024-31866

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELININTPCLASSPATHOVERRIDES. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to...

9.8CVSS7.5AI score

Exploits0References3

Prion•added 2024/02/23 1:15 a.m.•22 views

Design/Logic Flaw

A DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could allow for overriding of the configuration and running of new Secure Relay services...

3.2CVSS7.3AI score0.0031EPSS

Exploits0References1

OSV•added 2017/03/14 10:59 p.m.•1 views

DEBIAN-CVE-2017-6903

In ioquake3 before 2017-03-14, the auto-downloading feature has insufficient content restrictions. This also affects Quake III Arena, OpenArena, OpenJK, iortcw, and other id Tech 3 aka Quake 3 engine forks. A malicious auto-downloaded file can trigger loading of crafted auto-downloaded files as...

7.8CVSS7.2AI score0.01291EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by