CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

43 matches found

CVE-2026-40461

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings e.g., enabling SSH, allowing unauthorized state changes that can facilitate later compromise...

7.5CVSS5.5AI score0.00034EPSS

Exploits0References1

Snyk•added 2026/05/20 3:35 p.m.•6 views

Arbitrary Argument Injection

Overview symfony/runtime is an Enables decoupling PHP applications from global state Affected versions of this package are vulnerable to Arbitrary Argument Injection via SymfonyRuntime::getInput when registerargcargv=On in web SAPIs. An attacker can modify the Symfony application environment and...

5.4CVSS5.8AI score

Exploits0References2

EUVD•added 2026/04/17 9:31 p.m.•4 views

EUVD-2026-23498

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings e.g., enabling SSH, allowing unauthorized state changes that can facilitate later compromise...

7.5CVSS5.8AI score0.00034EPSS

Exploits0References4

NVD•added 2026/04/17 8:16 p.m.•1 views

CVE-2026-40461

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings e.g., enabling SSH, allowing unauthorized state changes that can facilitate later compromise...

7.5CVSS0.00034EPSS

Exploits0References3

NVD•added 2026/04/17 8:16 p.m.•0 views

CVE-2026-31927

Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files e.g., /etc/shadow, enabling unauthorized SSH access when combined with debug‑setting changes...

4.9CVSS0.00052EPSS

Exploits0References3

Cvelist•added 2026/04/17 7:36 p.m.•19 views

CVE-2026-40461 Anviz Products Missing Authentication for Critical Function

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings e.g., enabling SSH, allowing unauthorized state changes that can facilitate later compromise...

7.5CVSS0.00034EPSS

Exploits0References3

Vulnrichment•added 2026/04/17 7:36 p.m.•0 views

CVE-2026-40461 Anviz Products Missing Authentication for Critical Function

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings e.g., enabling SSH, allowing unauthorized state changes that can facilitate later compromise...

7.5CVSS5.8AI score0.00034EPSS

Exploits0References3

ATTACKERKB•added 2026/04/17 7:36 p.m.•2 views

CVE-2026-40461

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings e.g., enabling SSH, allowing unauthorized state changes that can facilitate later compromise...

7.5CVSS5.8AI score0.00034EPSS

Exploits0References4

CVE•added 2026/04/17 7:36 p.m.•6 views

CVE-2026-40461

CVE-2026-40461 affects Anviz CX2 Lite and CX7. The flaw allows unauthenticated POST requests to modify debug settings (e.g., enabling SSH), causing unauthorized state changes that can facilitate later compromise. According to the provided documents, affected components are the devices’ debug/admi...

7.5CVSS5.8AI score0.00034EPSS

Exploits0References3Affected Software1

CVE•added 2026/04/17 7:24 p.m.•6 views

CVE-2026-31927

CVE-2026-31927 concerns the Anviz CX7 Firmware, where an authenticated CSV upload vulnerability enables path traversal to overwrite arbitrary files (for example, /etc/shadow). This can lead to unauthorized SSH access when combined with debug‑setting changes. The available connected sources confir...

4.9CVSS5.9AI score0.00052EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/04/17 12:0 a.m.•1 views

PT-2026-33496

Name of the Vulnerable Software and Affected Versions Anviz CX2 Lite affected versions not specified Anviz CX7 affected versions not specified Description Anviz CX2 Lite and CX7 are susceptible to unauthenticated POST requests that modify debug settings, such as enabling SSH. This allows...

7.5CVSS5.8AI score0.00034EPSS

Exploits0References7

Positive Technologies•added 2026/04/17 12:0 a.m.•2 views

PT-2026-33486

4.9CVSS5.9AI score0.00052EPSS

Exploits0References5

GithubExploit•added 2026/04/12 5:28 p.m.•88 views

exploit900

GoldHEN - PS4 Homebrew Enabler...

5.9AI score

Exploits0

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-25525

Malware in sbrugna...

7.8CVSS7.5AI score0.00082EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2007-4292

Malware in sbrugna...

3.5CVSS6.4AI score0.00238EPSS

Exploits6References4

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-41038

Malicious code in bioql PyPI...

4.4CVSS5.1AI score0.00033EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•7 views

EUVD-2022-30452

Malicious code in bioql PyPI...

7.2CVSS7.3AI score0.01393EPSS

Exploits4References1

RedhatCVE•added 2025/05/22 9:47 p.m.•11 views

CVE-2022-25812

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not validate its debug settings, which could allow allowing high privilege users such as admin to perform RCE...

7.2CVSS6.7AI score0.01393EPSS

Exploits4References1

OSV•added 2024/09/25 9:15 a.m.•0 views

CVE-2024-9169

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin debug settings in all versions up to, and including, 6.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.8CVSS5.9AI score

Exploits0References2

Positive Technologies•added 2024/09/25 12:0 a.m.•1 views

PT-2024-39467 · WordPress · Litespeed Cache

Name of the Vulnerable Software and Affected Versions: LiteSpeed Cache plugin for WordPress versions up to, and including, 6.4.1 Description: The issue is related to Stored Cross-Site Scripting via plugin debug settings due to insufficient input sanitization and output escaping. This allows...

5.5CVSS6.2AI score0.00186EPSS

Exploits0References8

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by