CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3148 matches found

NVD•added 2026/04/22 4:16 p.m.•1 views

CVE-2018-25261

Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception handling SEH mechanism that allows local attackers to execute arbitrary code by supplying a malicious file path. Attackers can create a backup job with a crafted payload in the external file location...

8.6CVSS0.00018EPSS

Exploits1References3

CVE•added 2026/04/22 2:56 p.m.•4 views

CVE-2018-25261

CVE-2018-25261 concerns Iperius Backup 5.8.1, which contains a local buffer overflow in the structured exception handling (SEH) mechanism. A crafted file path in an external file location field during a backup job can trigger the overflow, enabling code execution with the application’s privileges...

8.6CVSS6.8AI score0.00018EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/04/22 2:56 p.m.•28 views

CVE-2018-25261 Iperius Backup 5.8.1 Local Buffer Overflow SEH

8.6CVSS0.00018EPSS

Exploits1References3

Cvelist•added 2026/04/22 7:45 a.m.•25 views

CVE-2026-4132 HTTP Headers <= 1.19.2 - Authenticated (Administrator+) External Control of File Name or Path to RCE via 'hh_htpasswd_path' and 'hh_www_authenticate_user' Parameters

The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution in all versions up to and including 1.19.2. This is due to insufficient validation of the file path stored in the 'hhhtpasswdpath' option and lack of sanitization on the...

7.2CVSS0.00552EPSS

Exploits0References13

Positive Technologies•added 2026/04/22 12:0 a.m.•1 views

PT-2026-34293

The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution in all versions up to and including 1.19.2. This is due to insufficient validation of the file path stored in the 'hh htpasswd path' option and lack of sanitization on the...

7.2CVSS5.9AI score0.00552EPSS

Exploits0References15

NVD•added 2026/04/21 9:16 p.m.•1 views

CVE-2026-40938

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation...

8.5CVSS0.00035EPSS

Exploits1References2

Tenable Nessus•added 2026/04/21 12:0 a.m.•3 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-010743)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010743 advisory. In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur. Tenable has extracted the precedin...

7.8CVSS6.5AI score0.00072EPSS

Exploits0References3

Positive Technologies•added 2026/04/21 12:0 a.m.•0 views

PT-2026-34226

Name of the Vulnerable Software and Affected Versions F Prime versions prior to 4.2.0 Description An integer overflow occurs during a bounds check where the addition of byteOffset and dataSize wraps around on overflow. This allows a specially crafted DataPacket to bypass the check, enabling a fil...

9.8CVSS6.6AI score0.00162EPSS

Exploits0References6

ATTACKERKB•added 2026/04/20 3:45 a.m.•0 views

CVE-2026-6602

A vulnerability was found in rickxy Hospital Management System up to 88a4290d957dc5bdde8a56e5ad451ad14f7f90f4. Affected is an unknown function of the file /backend/admin/hisadminaccount.php. The manipulation of the argument addpic results in unrestricted upload. The attack can be executed remotel...

7.5CVSS5.4AI score0.00018EPSS

Exploits0References4

Positive Technologies•added 2026/04/20 12:0 a.m.•2 views

PT-2026-33711

A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function get bytes from web url of the file src/agentscope/ utils/ common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. It is possible to initiate...

7.5CVSS5.3AI score0.00054EPSS

Exploits0References5

RedhatCVE•added 2026/04/18 7:22 a.m.•3 views

CVE-2026-37342

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/viewparkeddetails.php...

7.2CVSS5.8AI score0.0004EPSS

Exploits0References1

OSV•added 2026/04/17 12:23 a.m.•6 views

USN-8182-1 ruby-rack vulnerabilities

Andrew Lacambra discovered that Rack did not properly parse certain regular expressions. An attacker could possibly use this issue to bypass network security filters. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. CVE-2026-26961 William T. Nelson...

7.5CVSS5.9AI score0.00152EPSS

Exploits1References14