CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

235 matches found

OSV•added 2026/04/16 10:50 p.m.•1 views

GHSA-F5V8-V6Q3-Q4H6 Meridian: Multiple defense-in-depth gaps (collection/depth caps, telemetry, retry, fan-out)

Summary Meridian v2.1.0 Meridian.Mapping and Meridian.Mediator shipped with nine defense-in-depth gaps reachable through its public APIs. Two are HIGH severity — the advertised DefaultMaxCollectionItems and DefaultMaxDepth safety caps are silently bypassed on the IMapper.Mapsource, destination...

7.5CVSS5.9AI score

Exploits0References4

RedhatCVE•added 2026/01/09 9:24 a.m.•8 views

CVE-2023-40314

Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Horizon 32.0.5 or newer and Meridian 2023.1.9 or newer Meridian and Horizon installation instructions state that...

6.1CVSS6.4AI score0.00215EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:24 a.m.•2 views

CVE-2023-40312

Multiple reflected XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that an attacker can modify to craft a malicious XSS payload. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30...

6.7CVSS6.3AI score0.00166EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:24 a.m.•2 views

CVE-2023-40315

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLEFILESYSTEMEDITOR can easily escalate their privileges to ROLEADMIN or any other role. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizo...

8CVSS7AI score0.04551EPSS

Exploits3References1

RedhatCVE•added 2026/01/09 9:24 a.m.•2 views

CVE-2023-40612

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLEFILESYSTEMEDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation...

8CVSS7.1AI score0.00045EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:56 a.m.•4 views

CVE-2023-40313

A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer...

8.8CVSS7.6AI score0.00063EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-12791

Malware in sbrugna...

5.4CVSS5.6AI score0.00264EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-4225

Malware in sbrugna...

8.1CVSS8AI score0.00243EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2014-3829

Malware in sbrugna...

4.3CVSS6.4AI score0.00322EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-33911