CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

303 matches found

CVE•added 2026/05/12 9:6 p.m.•6 views

CVE-2026-44257

efw4.X (Enterprise Framework for Web) contains a zip-slip path traversal in efw.file.FileManager.unZip prior to 4.08.010. Zip entries are extracted with new File(baseDir, zipEntry.getName()) without canonical-path validation, allowing a crafted entry such as ../../../pwned.jsp to escape the extra...

9.3CVSS6AI score0.00271EPSS

Exploits0References1

NVD•added 2026/05/09 11:16 p.m.•7 views

CVE-2026-8211

A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. The attack may...

5.8CVSS0.00053EPSS

Exploits0References4

CNNVD•added 2026/05/09 12:0 a.m.•3 views

Fess 注入漏洞

Fess is a powerful and easy-to-deploy enterprise search server developed by the CodeLibs Project. Versions of Fess 15.5.1 and earlier contained a vulnerability due to an injection flaw in the JSP File Handler component. This flaw stemmed from the update function in the...

5.8CVSS5.9AI score0.00053EPSS

Exploits0References1

RedhatCVE•added 2026/05/06 8:21 p.m.•2 views

CVE-2026-7411

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...

10CVSS6AI score0.00133EPSS

Exploits1References1

RedhatCVE•added 2026/05/06 8:21 p.m.•1 views

CVE-2026-7412

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...

8.6CVSS6.1AI score0.00033EPSS

Exploits0References1

OSV•added 2026/05/05 6:33 p.m.•1 views

GHSA-GX3V-WXFJ-8H24 Eclipse BaSyx Java Server SDK vulnerable to Server-Side Request Forgery

8.6CVSS6.3AI score0.00033EPSS

Exploits0References4

UbuntuCve•added 2026/05/05 4:16 p.m.•1 views

CVE-2026-7412

8.6CVSS6.3AI score0.00033EPSS

Exploits0References1

UbuntuCve•added 2026/05/05 4:16 p.m.•0 views

CVE-2026-7411

10CVSS6.1AI score0.00133EPSS

Exploits1References1

OSV•added 2026/05/05 4:16 p.m.•0 views

UBUNTU-CVE-2026-7411

10CVSS6.2AI score0.00133EPSS

Exploits1References2

OSV•added 2026/05/05 4:16 p.m.•1 views

UBUNTU-CVE-2026-7412

8.6CVSS6.3AI score0.00033EPSS

Exploits0References2

CVE•added 2026/05/05 2:15 p.m.•4 views

CVE-2026-7412

CVE-2026-7412 affects Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10. The Operation Delegation feature fails to validate the destination URI of delegated requests, enabling an unauthenticated remote attacker to coerce the BaSyx server into performing blind HTTP POSTs to arbitr...

8.6CVSS6.1AI score0.00033EPSS

Exploits0References2

Cvelist•added 2026/05/05 2:15 p.m.•26 views

CVE-2026-7412

8.6CVSS0.00033EPSS

Exploits0References2

Vulnrichment•added 2026/05/05 2:7 p.m.•2 views

CVE-2026-7411

10CVSS6AI score0.00133EPSS

Exploits1References2

ATTACKERKB•added 2026/05/05 2:7 p.m.•1 views

CVE-2026-7411

10CVSS6AI score0.00133EPSS

Exploits1References3

CNNVD•added 2026/05/05 12:0 a.m.•3 views

Eclipse BaSyx Java Server SDK 路径遍历漏洞

Eclipse BaSyx Java Server SDK is an industrial digital development toolkit from the Eclipse Foundation. Versions of Eclipse BaSyx Java Server SDK prior to 2.0.0-milestone-10 contained a path traversal vulnerability. This vulnerability stemmed from insufficient path normalization in the Submodel...

10CVSS6.7AI score0.00133EPSS

Exploits1References2

Vulnrichment•added 2026/04/20 10:15 a.m.•2 views

CVE-2026-6629 Metasoft 美特软件 MetaCRM Interface sql.jsp Statement.executeUpdate sql injection

A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the function Statement.executeUpdate of the file sql.jsp of the component Interface. Such manipulation of the argument sql leads to sql injection. The attack can be launched remotely. The exploit has...

7.5CVSS5.5AI score0.0004EPSS

Exploits0References4

RedHat Linux•added 2026/04/04 4:29 p.m.•2 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: tomcat11: tomcat11-11.0.21-0.1.hum1 noarch tomcat11-admin-webapps-11.0.21-0.1.hum1 noarch tomcat11-docs-webapp-11.0.21-0.1.hum1 noarch tomcat11-el-6.0-api-11.0.21-0.1.hum1 noarch...

9.6CVSS6.9AI score0.00274EPSS

Exploits4References9

Positive Technologies•added 2026/03/30 12:0 a.m.•3 views

PT-2026-29161

Summary Hardcoded Wildcard CORS Access-Control-Allow-Origin: - https://github.com/modelcontextprotocol/java-sdk/blob/main/mcp-core/src/main/java/io/modelcontextprotocol/server/transport/HttpServletSseServerTransportProvider.javaL289 -...

6.1CVSS6AI score0.00012EPSS

Exploits0References7

NVD•added 2026/02/18 8:18 p.m.•2 views

CVE-2026-2665

A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. Performing a manipulation of the argument File results in unrestricted upload. The attack can be...

6.5CVSS0.00021EPSS

Exploits0References6

Cvelist•added 2026/02/18 8:2 p.m.•22 views

CVE-2026-2665 huanzi-qch base-admin JSP Parser SysFileController.java upload unrestricted upload

6.5CVSS0.00021EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by