CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5491 matches found

CVE-2026-34298

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Personalization. Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Application...

4.7CVSS7.3AI score0.00042EPSS

Exploits0References1

RedhatCVE•added 2 days ago•4 views

CVE-2026-0512

Due to a Cross-Site Scripting XSS vulnerability in the SAP Supplier Relationship Management SICF Handler in SRM Catalog, an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browser. This could allow t...

6.1CVSS5.7AI score0.00108EPSS

Exploits0References1

RedhatCVE•added 2 days ago•3 views

CVE-2026-40835

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the saveObjectFromData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.8AI score0.00039EPSS

Exploits0References1

Redos•added 2 days ago•2 views

ROS-20260605-73-0056

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to insufficient validation of input data. Exploiting these vulnerabilities can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

10CVSS5.5AI score0.00032EPSS

Exploits0

EUVD•added 6 days ago•6 views

EUVD-2026-33726

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

7.8CVSS6.3AI score0.00013EPSS

Exploits0References2

Cvelist•added 6 days ago•24 views

CVE-2026-43958 Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service

7.8CVSS0.00013EPSS

Exploits0References2

Vulnrichment•added 2026/05/28 5:17 p.m.•8 views

CVE-2026-45787 electerm's encrypt method not safe enough

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common...

6CVSS5.8AI score0.00008EPSS

Exploits0References2

Redos•added 2026/05/28 12:0 a.m.•9 views

ROS-20260528-73-0001

The vulnerability of the getdumpable function in the Linux operating system’s kernel is related to insecure management of privileges. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

7.1CVSS5.8AI score0.00007EPSS

Exploits4

RedHat Linux•added 2026/05/27 10:1 a.m.•15 views

OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage

A flaw was found in OpenSSH. This vulnerability allows the system to use unintended Elliptic Curve Digital Signature Algorithm ECDSA algorithms. This occurs because the configuration for accepted public key algorithms is misinterpreted, leading to the use of weaker cryptographic methods than...

6.5CVSS5.7AI score0.00052EPSS

Exploits0References7

NVD•added 2026/05/27 9:16 a.m.•15 views

CVE-2026-40828

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...

7CVSS0.00043EPSS

Exploits0References1

ATTACKERKB•added 2026/05/27 7:58 a.m.•8 views

CVE-2026-40846

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.9AI score0.00039EPSS

Exploits0References2Affected Software4

EUVD•added 2026/05/27 7:58 a.m.•10 views

EUVD-2026-32144

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the devicesconfiguration view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.9AI score0.00039EPSS

Exploits0References1

CVE•added 2026/05/27 7:57 a.m.•10 views

CVE-2026-40840

CVE-2026-40840 describes an unauthenticated SQL Injection in the VerifyCreateLicences function. An attacker with low privileges and remote access can exploit improper neutralization of elements in a SQL SELECT command, leading to total confidentiality loss. Documents consistently cite a SQLi in V...

7.1CVSS5.9AI score0.00039EPSS

Exploits0References1

EUVD•added 2026/05/27 7:55 a.m.•9 views

EUVD-2026-32133

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashlayout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

7.1CVSS6AI score0.00039EPSS

Exploits0References1

Vulnrichment•added 2026/05/27 7:53 a.m.•10 views

CVE-2026-40828 Authenticated SQLi in DeleteSysLogEntry function

7CVSS6AI score0.00043EPSS

Exploits0References1

CVE•added 2026/05/27 7:53 a.m.•9 views

CVE-2026-40828

CVE-2026-40828 describes an unauthenticated SQL injection in the DeleteSysLogEntry function, enabling a high-privilege remote attacker to read the entire database and delete entries in a non-critical table. Affected impact includes total confidentiality loss and some integrity loss. CVSS metrics ...

7CVSS6AI score0.00043EPSS

Exploits0References1

Cvelist•added 2026/05/27 7:48 a.m.•22 views

CVE-2026-40817 Unauthenticated SQLi in getAlarmProfiles function

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAlarmProfiles function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS0.00064EPSS

Exploits0References1

Vulnrichment•added 2026/05/27 7:47 a.m.•9 views

CVE-2026-40815 Unauthenticated SQLi in _mb24api_getUserAccount function

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24apigetUserAccount function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS5.9AI score0.00064EPSS

Exploits0References1

Cvelist•added 2026/05/27 7:44 a.m.•22 views

CVE-2026-40811 Unauthenticated SQLi in ssoabstractservice

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the ssoabstractservice due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS0.00064EPSS

Exploits0References1

CNNVD•added 2026/05/27 12:0 a.m.•6 views

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECTION24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECTION24 is an...

7CVSS5.9AI score0.00043EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by