CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/01/30 7:12 p.m.•3 views

CVE-2025-11175

8.8CVSS5.9AI score0.00424EPSS

Exploits0References5Affected Software1

Vulnrichment•added 2026/01/30 7:12 p.m.•4 views

CVE-2025-11175 DiscussionTools should use better regex

8.8CVSS5.9AI score0.00424EPSS

CVE•added 2026/01/30 7:12 p.m.•14 views

CVE-2025-11175

CVE-2025-11175 concerns the MediaWiki DiscussionTools extension (version 1.44 and 1.43 affected) and is caused by improper neutralization of certain expression language elements, enabling a Regular Expression exponential blowup. Public entries from NVD, Debian security tracker, and related OSV en...

8.8CVSS5.9AI score0.00424EPSS

GithubExploit•added 2026/01/28 9:4 p.m.•142 views

Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

MITRE ATT&CK Threat Detection with Splunk Detection engineeri...

10CVSS6AI score0.99999EPSS

Exploits347

Broadcom•added 2026/01/27 12:0 a.m.•20 views

Spring Framework DoS (CVE-2024-38808, CVE-2024-38809 and CVE-2024-22262)

The Spring Framework vulnerabilities identified are located within open source components utilized by Brocade SANnav, however none of these vulnerabilities are in the executable code path. As a part of good security practice, the open source component was updated in the Brocade SANnav 3.0.0...

8.1CVSS5.9AI score0.01191EPSS

Exploits2

NVD•added 2026/01/21 11:15 p.m.•4 views

CVE-2026-23990

The Flux Operator is a Kubernetes CRD controller that manages the lifecycle of CNCF Flux CD and the ControlPlane enterprise distribution. Starting in version 0.36.0 and prior to version 0.40.0, a privilege escalation vulnerability exists in the Flux Operator Web UI authentication code that allows...

5.3CVSS0.00303EPSS

OSV•added 2026/01/21 10:23 p.m.•4 views

GHSA-4XH5-JCJ2-CH8Q Flux Operator Web UI Impersonation Bypass via Empty OIDC Claims

A privilege escalation vulnerability exists in the Flux Operator Web UI authentication code that allows an attacker to bypass Kubernetes RBAC impersonation and execute API requests with the operator's service account privileges. After OIDC token claims are processed through CEL expressions, there...

5.3CVSS5.9AI score0.00303EPSS

Exploits0References6

Positive Technologies•added 2026/01/21 12:0 a.m.•6 views

PT-2026-3873

Name of the Vulnerable Software and Affected Versions Flux Operator versions 0.36.0 through 0.39.9 Description The Flux Operator, a Kubernetes CRD controller, contains a flaw in its Web UI authentication code. This issue allows an attacker to bypass Kubernetes RBAC impersonation and execute API...

5.3CVSS5.5AI score0.00303EPSS

Exploits0References12

RedhatCVE•added 2026/01/09 11:20 a.m.•8 views

CVE-2021-22053

Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;user-provided data, the path elements following...

8.8CVSS7.3AI score0.12694EPSS

RedhatCVE•added 2026/01/09 10:0 a.m.•10 views

CVE-2020-7161

A reporttaskselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

RedhatCVE•added 2026/01/09 10:0 a.m.•12 views

CVE-2020-7152

A faultparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

RedhatCVE•added 2026/01/09 10:0 a.m.•6 views

CVE-2020-7189

A faultflasheventselectfact expression language injectionremote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

9CVSS7.3AI score0.03213EPSS

RedhatCVE•added 2026/01/09 10:0 a.m.•8 views

CVE-2020-7145

A chooseperfview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

RedhatCVE•added 2026/01/09 10:0 a.m.•10 views

CVE-2020-7181

A smsrulesdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

9CVSS8AI score0.03213EPSS

RedhatCVE•added 2026/01/09 9:59 a.m.•7 views

CVE-2020-7194

A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

9CVSS8AI score0.03213EPSS

RedhatCVE•added 2026/01/09 9:59 a.m.•5 views

CVE-2020-7173

A actionselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

9CVSS8AI score0.03213EPSS

RedhatCVE•added 2026/01/09 9:58 a.m.•8 views

CVE-2020-7195

A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

9CVSS8AI score0.0326EPSS

RedhatCVE•added 2026/01/09 9:58 a.m.•6 views

CVE-2020-7159

A customtemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

10CVSS8AI score0.06613EPSS

RedhatCVE•added 2026/01/09 9:58 a.m.•8 views

CVE-2020-7160

A iccselectdeviceseries expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...