CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

43 matches found

Brother MFC-L9570CDW - Information Disclosure

An unauthenticated attacker who can access either the HTTP service TCP port 80, the HTTPS service TCP port 443, or the IPP service TCP port 631, can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mntinfo.csv can be accessed via a GET request and no...

5.3CVSS7.6AI score0.48684EPSS

Exploits0References1

CVE•added 2026/05/27 8:3 p.m.•11 views

CVE-2026-47273

CVE-2026-47273 affects pam_usb on Linux prior to 0.9.0. The vulnerability arises when pam_usb builds XPath expressions from user-supplied identifiers (PAM username, service name) and device-supplied identifiers (USB serial, model, vendor) to query /etc/pamusb.conf without validating XPath metacha...

6.5CVSS5.9AI score0.00054EPSS

Exploits0References3

Snyk•added 2026/05/07 7:33 p.m.•5 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the image upload and download process. An attacker can access sensitive metadata, such as GPS coordinates, device information, timestamps, and personally identifiab...

7.1CVSS5.8AI score0.00034EPSS

Exploits0References2

NVD•added 2025/12/04 9:16 p.m.•2 views

CVE-2025-66573

Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...

7.5CVSS0.00083EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-10824

Malware in sbrugna...

5.3CVSS5.5AI score0.00048EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-10784

Malware in sbrugna...

8.6CVSS8.1AI score0.00239EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2017-14059

Malware in sbrugna...

4.9CVSS5.2AI score0.00392EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-11146

Malicious code in bioql PyPI...

6.9CVSS6.4AI score0.00615EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 4:9 a.m.•7 views

CVE-2023-38955

ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names...

7.5CVSS6.5AI score0.00176EPSS

Exploits0

RedhatCVE•added 2025/05/22 9:20 p.m.•5 views

CVE-2021-23858

Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another...

8.6CVSS6.6AI score0.00239EPSS

Exploits0References1

CNVD•added 2025/04/25 12:0 a.m.•3 views

Growatt Cloud Applications Information Disclosure Vulnerability

Growatt Cloud Applications is a monitoring platform from Growatt in China. An information disclosure vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to query API endpoints and obtain device details...

6.9CVSS5.9AI score0.00615EPSS

Exploits0References1

RedhatCVE•added 2025/04/17 11:26 p.m.•9 views

CVE-2025-27719