CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

585607 matches found

CVE-2026-50211

Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers...

8.8CVSS

Exploits0References1

Cvelist•added 4 hours ago•4 views

CVE-2026-50211 Exposed Factory Testing App Boundaries

Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers...

8.8CVSS

Exploits0References1

ATTACKERKB•added 4 hours ago•5 views

CVE-2026-50211

Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers...

8.8CVSS5.8AI score

Exploits0References2

EUVD•added 4 hours ago•2 views

EUVD-2026-34223

Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers...

8.8CVSS5.8AI score

Exploits0References1

CVE•added 4 hours ago•5 views

CVE-2026-50211

The CVE-2026-50211 entry describes leftover engineering diagnostics and factory-level diagnostic software that remain exposed on retail builds, enabling malicious apps to obtain write privileges to internal NVRAM registers. Affected scope within the provided documents is limited to the presence o...

8.8CVSS5.8AI score

Exploits0References1

EUVD•added 5 hours ago•3 views

EUVD-2026-34218

Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files...

8.5CVSS5.8AI score

Exploits0References1

CVE•added 5 hours ago•6 views

CVE-2026-50206

CVE-2026-50206 affects VPN network profile handling where special characters in config files are not safely processed, enabling command injection. Root cause: improper sanitization or parsing of config entries leads to execution of injected commands when reading malicious config files. Documented...

8.5CVSS5.8AI score

Exploits0References1

Nuclei•added 8 hours ago•32 views

b2evolution CMS <6.11.6 - Open Redirect

b2evolution CMS before 6.11.6 contains an open redirect vulnerability via the redirectto parameter in emailpassthrough.php. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-22840 info:...

6.1CVSS6.3AI score0.42697EPSS

Exploits3References5

Nuclei•added 8 hours ago•41 views

UpdraftPlus < 1.22.9 - Cross-Site Scripting

The plugin does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability. id: CVE-2022-0864 info: name: UpdraftPlus 1.22.9 - Cross-Site Scripting author: DhiyaneshDk severity: medium description...

6.1CVSS6.4AI score0.02855EPSS

Exploits4References4

Nuclei•added 8 hours ago•29 views

ChurchCRM 4.5.3 - Cross-Site Scripting

A stored Cross-site scripting XSS vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php. id: CVE-2023-26843 info: name: ChurchCRM 4.5.3 - Cross-Site Scripting author: Harsh severity: medium description: | A stored Cross-site scripti...

5.4CVSS6.2AI score0.11478EPSS

Exploits1References5

Nuclei•added 8 hours ago•28 views

Hoteldruid 3.0.5 - Cross-Site Scripting

A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data. id: CVE-2023-34537 info: name: Hoteldruid 3.0.5 - Cross-Site Scripting author: Harsh severity: medium...

5.4CVSS6AI score0.12864EPSS

Exploits1References4

Nuclei•added 8 hours ago•26 views

Revive Adserver 5.4.1 - Cross-Site Scripting

A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions. id: CVE-2023-38040 info: name: Revive Adserver 5.4.1 - Cross-Site Scripting author: ritikchaddha severity: medium description: | A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions...

6.1CVSS6.4AI score0.08586EPSS

Exploits1References2

Nuclei•added 8 hours ago•27 views

Uniview NVR301-04S2-P4 - Cross-Site Scripting

Uniview NVR301-04S2-P4 contains a reflected cross-site scripting vulnerability via the PATH of LAPI. CISA and Uniview state that this vulnerability needs to be authenticated. This is incorrect. Any PATH payload can cause XSS. A submission to Mitre has been sent to update the verbiage in the findi...

5.4CVSS5.5AI score0.11904EPSS

Exploits0References2

Nuclei•added 8 hours ago•28 views

ClinicCases 7.3.3 Cross-Site Scripting

ClinicCases 7.3.3 is susceptible to multiple reflected cross-site scripting vulnerabilities that could allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft. id: CVE-2021-38704 info: name:...

6.1CVSS6.3AI score0.04987EPSS

Exploits1References5

Nuclei•added 8 hours ago•34 views

Wordpress Multiple Themes - Reflected Cross-Site Scripting

All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...

6.1CVSS6.9AI score0.02549EPSS

Exploits2References3

Nuclei•added 8 hours ago•28 views

Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion

A directory traversal vulnerability in the Preventive & Reservation compreventive component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1475 info: name: Joomla...

6.8CVSS6AI score0.02055EPSS

Exploits2References5

Nuclei•added 8 hours ago•7 views

SlideDeck 1 Lite Content Slider - Cross-Site Scripting

SlideDeck 1 Lite Content Slider WordPress plugin = 1.4.8 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13224 inf...

6.1CVSS7.2AI score0.01143EPSS

Exploits1References1

Nuclei•added 8 hours ago•31 views

Optergy Proton/Enterprise Building Management System - Open Redirect

Optergy Proton/Enterprise Building Management System contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-7275 info: name: Optergy Proton/Enterprise...

6.1CVSS6.9AI score0.5199EPSS

Exploits1References5

Nuclei•added 8 hours ago•26 views

vBulletin - Open Redirect

vBulletin 3.x.x and 4.2.x through 4.2.5 contains an open redirect vulnerability via the redirector.php URL parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-6200 info: name:...

6.1CVSS6.4AI score0.07969EPSS

Exploits1References3

Nuclei•added 8 hours ago•59 views

Travelpayouts <= 1.1.16 - Open Redirect

The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayoutsredirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. id: CVE-2024-0337...

6.1CVSS5.8AI score0.01196EPSS

Exploits2References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by