CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

129 matches found

CVE•added 2026/05/12 9:6 p.m.•7 views

CVE-2026-44257

efw4.X (Enterprise Framework for Web) contains a zip-slip path traversal in efw.file.FileManager.unZip prior to 4.08.010. Zip entries are extracted with new File(baseDir, zipEntry.getName()) without canonical-path validation, allowing a crafted entry such as ../../../pwned.jsp to escape the extra...

9.3CVSS6AI score0.00271EPSS

Exploits0References1

NVD•added 2026/05/09 11:16 p.m.•7 views

CVE-2026-8211

A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. The attack may...

5.8CVSS0.00053EPSS

Exploits0References4

CNNVD•added 2026/05/09 12:0 a.m.•3 views

Fess 注入漏洞

Fess is a powerful and easy-to-deploy enterprise search server developed by the CodeLibs Project. Versions of Fess 15.5.1 and earlier contained a vulnerability due to an injection flaw in the JSP File Handler component. This flaw stemmed from the update function in the...

5.8CVSS5.9AI score0.00053EPSS

Exploits0References1

Vulnrichment•added 2026/04/20 10:15 a.m.•2 views

CVE-2026-6629 Metasoft 美特软件 MetaCRM Interface sql.jsp Statement.executeUpdate sql injection

A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the function Statement.executeUpdate of the file sql.jsp of the component Interface. Such manipulation of the argument sql leads to sql injection. The attack can be launched remotely. The exploit has...

7.5CVSS5.5AI score0.0004EPSS

Exploits0References4

RedHat Linux•added 2026/04/04 4:29 p.m.•2 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: tomcat11: tomcat11-11.0.21-0.1.hum1 noarch tomcat11-admin-webapps-11.0.21-0.1.hum1 noarch tomcat11-docs-webapp-11.0.21-0.1.hum1 noarch tomcat11-el-6.0-api-11.0.21-0.1.hum1 noarch...

9.6CVSS6.9AI score0.00274EPSS

Exploits4References9

NVD•added 2026/02/18 8:18 p.m.•2 views

CVE-2026-2665

A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. Performing a manipulation of the argument File results in unrestricted upload. The attack can be...

6.5CVSS0.00021EPSS

Exploits0References6

Cvelist•added 2026/02/18 8:2 p.m.•22 views

CVE-2026-2665 huanzi-qch base-admin JSP Parser SysFileController.java upload unrestricted upload

6.5CVSS0.00021EPSS

Exploits0References6

CNNVD•added 2026/01/19 12:0 a.m.•1 views

Yonyou KSOA SQL injection vulnerability

Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability, which stems from incorrect handling of the parameter “catalogid” in the file/kmc/savecatalog.jsp. This vulnerability may lead to SQL...

9.8CVSS7.2AI score0.00015EPSS

Exploits0References4

Cvelist•added 2025/12/11 9:39 p.m.•17 views

CVE-2024-58298 Compuware iStrobe Web 20.13 Pre-Auth Remote Code Execution via File Upload

Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file upload form. Attackers can exploit the 'fileName' parameter to upload a web shell and execute...

9.2CVSS0.01811EPSS

Exploits0References4

Vulnrichment•added 2025/12/11 9:39 p.m.•1 views

CVE-2024-58298 Compuware iStrobe Web 20.13 Pre-Auth Remote Code Execution via File Upload

9.2CVSS8.6AI score0.01811EPSS

Exploits0References4

GithubExploit•added 2025/12/11 8:15 p.m.•137 views

Exploit for CVE-2020-1938

Ghostcat Scanner - CVE-2020-1938 A powerful Python exploit to...

9.8CVSS7AI score0.94469EPSS

Exploits44

CISA KEV Catalog•added 2025/12/03 12:0 a.m.•9 views

OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability

OpenPLC ScadaBR contains an unrestricted upload of file with dangerous type vulnerability that allows remote authenticated users to upload and execute arbitrary JSP files via viewedit.shtm...

8.8CVSS7.5AI score0.78433EPSS

In wildExploits8

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2002-0925

Malware in sbrugna...

5CVSS6.4AI score0.08273EPSS

Exploits1References11

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2005-0426

Malware in sbrugna...

5CVSS6.4AI score0.00352EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2014-3149

Malware in sbrugna...

5CVSS6.4AI score0.00693EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2002-0926

Malware in sbrugna...

5CVSS6.4AI score0.01371EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-1078

Malware in sbrugna...

4.3CVSS4.8AI score0.00162EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2001-0909

Malware in sbrugna...

5CVSS6.4AI score0.03219EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2005-4798

Malware in sbrugna...

5CVSS6.4AI score0.0052EPSS

Exploits0References6

OSV•added 2025/10/03 7:56 p.m.•7 views

RLSA-2025:11332 Important: tomcat9 security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

8.1CVSS7.5AI score0.1316EPSS

Exploits17References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by