CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6679 matches found

Tenable Nessus•added 2026/02/10 12:0 a.m.•6 views

Siemens SCALANCE and RUGGEDCOM Incorrect Authorization (CVE-2025-40567)

The Load Rollback functionality in the web interface of affected products contains an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with guest role to make the affected product roll back configuration changes made by privileged users. This plugin...

7.1CVSS5.9AI score0.00382EPSS

Exploits0References4

EUVD•added 2026/02/08 12:30 a.m.•8 views

EUVD-2026-5703

Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations...

8.8CVSS5.3AI score0.00343EPSS

Exploits0References4

OSV•added 2026/02/07 10:16 p.m.•6 views

CVE-2026-25859

Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations...

8.8CVSS5.3AI score

Exploits0References3

ATTACKERKB•added 2026/02/07 9:59 p.m.•5 views

CVE-2026-25859

Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations...

7.1CVSS5.2AI score0.00343EPSS

Exploits0References4

CVE•added 2026/02/07 8:32 p.m.•9 views

CVE-2026-2111

JeecgBoot

5.3CVSS4.9AI score0.00517EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2026/02/06 12:0 a.m.•4 views

PT-2026-6679

Name of the Vulnerable Software and Affected Versions Tune Library plugin for WordPress versions up to and including 1.6.3 Description The Tune Library plugin for WordPress is susceptible to Stored Cross-Site Scripting through the CSV import functionality. This is a result of inadequate input...

6.4CVSS5.7AI score0.00235EPSS

Exploits0References8

GithubExploit•added 2026/02/05 7:11 a.m.•147 views

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

CVE-...

9.3CVSS5.3AI score0.48008EPSS

Exploits69

EUVD•added 2026/02/04 8:47 p.m.•3 views

EUVD-2023-48032

EVE Freely Allocates Buffer on The Stack With Data From Socket...

9.9CVSS8.3AI score0.00545EPSS

Exploits0References4

OSV•added 2026/02/04 7:15 a.m.•2 views

CVE-2026-20977

Improper access control in Emergency Sharing prior to SMR Feb-2026 Release 1 allows local attackers to interrupt its functioning...

5.5CVSS5.8AI score0.00123EPSS

Exploits0References1

Cvelist•added 2026/02/04 6:14 a.m.•28 views

CVE-2026-20977

Improper access control in Emergency Sharing prior to SMR Feb-2026 Release 1 allows local attackers to interrupt its functioning...

6.9CVSS0.00123EPSS

Exploits0References1

CNNVD•added 2026/02/04 12:0 a.m.•5 views

SAMSUNG Mobile devices 安全漏洞

Samsung Mobile devices are a series of mobile devices produced by Samsung Electronics in South Korea. This includes smartphones, tablets, etc. Devices prior to the SMR Feb-2026 Release 1 version have security vulnerabilities. These vulnerabilities stem from improper access control, which may allo...

6.9CVSS5.8AI score0.00123EPSS

Exploits0References2

Vulnrichment•added 2026/02/03 10:1 p.m.•2 views

CVE-2020-37071 CraftCMS 3 vCard Plugin 1.0.0 - Remote Code Execution

CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a crafted payload. Attackers can generate a malicious serialized payload that triggers remote code execution by exploiting the plugin's vCard download...

9.8CVSS6.8AI score0.00615EPSS

Exploits0References5

Patchstack•added 2026/02/03 9:21 a.m.•5 views

WordPress Brizy plugin <= 2.4.43 - Authenticated(Contributor+) Stored Cross-Site Scripting via Form Functionality vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via Form Functionality vulnerability discovered by RandomRoot in WordPress Plugin Brizy versions = 2.4.43...

6.4CVSS5.3AI score0.00254EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/02/03 12:0 a.m.•5 views

PT-2026-6515

SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality in github.com/siyuan-note/siyuan/kernel...

8.3CVSS5.4AI score0.00436EPSS

Exploits1References6

Patchstack•added 2026/02/02 9:20 a.m.•7 views

WordPress Porto Theme - Functionality plugin <= 3.0.9 - Authenticated (Contributor+) Local File Inclusion via Post Meta vulnerability

WordPress Porto Theme - Functionality plugin = 3.0.9 - Authenticated Contributor+ Local File Inclusion via Post Meta vulnerability discovered by István Márton - Wordfence in WordPress Plugin Porto Theme - Functionality versions = 3.0.9...

8.8CVSS5.2AI score0.01002EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/01/30 3:24 a.m.•16 views

CVE-2025-55704

Hidden functionality issue exists in multiple MFPs provided by Brother Industries, Ltd., which may allow an attacker to obtain the logs of the affected product and obtain sensitive information within the logs...

6.9CVSS5.9AI score0.00241EPSS

Exploits0References1

Japan Vulnerability Notes•added 2026/01/30 2:26 a.m.•6 views

Multiple vulnerabilities in BROTHER MFPs (multifunction printers)

Overview Multiple MFPs provided by BROTHER INDUSTRIES, LTD. contain multiple vulnerabilities listed below. Improper certificate validation CWE-295 - CVE-2025-53869 Hidden Functionality CWE-912 - CVE-2025-55704 Anton Fabricius of SySS GmbH reported these vulnerabilities to the developer. JPCERT/CC...

6.9CVSS5.9AI score0.00241EPSS

Exploits0References11

Positive Technologies•added 2026/01/30 12:0 a.m.•5 views

PT-2026-5377

A missing authentication for critical function vulnerability in the /servlet/baServer3 endpoint of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to access exposed administrative functionality without prior authentication...

9.3CVSS6AI score0.00413EPSS

Exploits0References2