CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/22 1:17 p.m.•14 views

CVE-2026-8672

CVE-2026-8672 affects Syslink Software AG Avantra (Linux/Windows). The issue is a default credentials vulnerability enabling local access to an internal DB, with attackers needing high privileges and no user interaction. CVSS v3.1: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N; impact limited to confidenti...

5.1CVSS5.8AI score0.00014EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/05/22 1:17 p.m.•6 views

CVE-2026-8672 Default credentials for internal DB

Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.3.0...

5.1CVSS5.8AI score0.00014EPSS

EUVD•added 2026/04/15 9:30 p.m.•3 views

EUVD-2026-23031

Vulnrichment•added 2026/04/15 6:43 p.m.•1 views

Exploits0References3

CVE-2026-5189 Nexus Repository 3 - Hardcoded Credential in Internal Database Component

CVE•added 2026/04/15 6:43 p.m.•6 views

CVE-2026-5189

CVE-2026-5189 involves Sonatype Nexus Repository Manager versions 3.0.0–3.70.5 where a hard-coded credential in the internal database component can be exploited by an unauthenticated attacker with network access. The vulnerability enables read/write access to the internal database and allows exec...

Cvelist•added 2026/04/15 6:43 p.m.•14 views

CVE-2026-5189 Nexus Repository 3 - Hardcoded Credential in Internal Database Component

9.2CVSS0.00042EPSS

Positive Technologies•added 2026/04/15 12:0 a.m.•1 views

PT-2026-33132

CNNVD•added 2026/04/15 12:0 a.m.•3 views

Exploits0References5

Sonatype Nexus Repository Manager 安全漏洞

Sonatype Nexus Repository Manager NXRM is a repository manager developed by Sonatype, Inc., in the United States. It is primarily used for managing, storing, and distributing software. Versions of Sonatype Nexus Repository Manager from 3.0.0 to 3.70.5 have security vulnerabilities. These...

Snyk•added 2026/03/05 9:13 p.m.•1 views

Arbitrary Argument Injection

Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via the tag deletion. An attacker can execute arbitrary git options by supplying a crafted tag name when triggering the deletion, potentially causing unintended behavior or disruption of the underlying...

8.8CVSS6AI score0.00051EPSS

Exploits1References2

CVE•added 2026/02/11 2:13 p.m.•10 views

CVE-2026-2250

METIS WIC devices expose /dbviewer/ without authentication, allowing remote access to an internal telemetry SQLite database containing sensitive operational data. The issue is compounded by debug mode being enabled, which returns verbose Django tracebacks that disclose backend source code, local ...

7.5CVSS5.6AI score0.00119EPSS

Snyk•added 2026/02/06 6:52 p.m.•2 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the synchronization process when a repository file is deleted prior to synchronization. An attacker can cause the application to crash by deleting a repository file before synchronization as an authenticated...

7.1CVSS5.6AI score0.00019EPSS

Exploits1References2

Snyk•added 2026/02/06 6:52 p.m.•3 views

Missing Authorization

7.1CVSS5.6AI score0.00019EPSS

Exploits1References2

RedhatCVE•added 2026/01/09 9:0 a.m.•6 views

CVE-2023-29118

Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/versions.php...

9.6CVSS7.6AI score0.00274EPSS

RedhatCVE•added 2025/11/26 4:56 p.m.•2 views

CVE-2025-12743

The Looker endpoint for generating new projects from database connections allows users to specify "looker" as a connection name, which is a reserved internal name for Looker's internal MySQL database. The schemas parameter is vulnerable to SQL injection, enabling attackers to manipulate SELECT...

6CVSS7.3AI score0.00032EPSS

Cvelist•added 2025/11/25 12:0 a.m.•5 views

CVE-2025-64066

Primakon Pi Portal 1.0.18 REST /api/v2/user/register endpoint suffers from a Broken Access Control vulnerability. The endpoint fails to implement any authorization checks, allowing unauthenticated attackers to perform POST requests to register new user accounts in the application's local database...

0.00191EPSS