CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

335 matches found

Github Security Blog•added 2 days ago•8 views

epa4all-client: Unauthenticated REST API for Patient Record Writes

Impact Any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g., following the production Docker example in the README, this is exploitable from the local network without...

6.5CVSS5.9AI score0.00021EPSS

Exploits0References4Affected Software1

OSV•added 3 days ago•4 views

GHSA-PJ2V-GGQH-CMQ2 Docling: Unsafe Playwright-based HTML Rendering

Impact In versions = 2.82.0, 2.91.0, if the HTML backend was explicitly configured for rendering rendering option by default deactivated, then the Playwright-based rendering feature could allow JavaScript execution and unrestricted network access when processing untrusted HTML documents. An...

8.2CVSS6.5AI score

Exploits0References3

Packet Storm•added 5 days ago•38 views

📄 dwatch 0.0.2 SSRF Boundary and Network Isolation Audit Tool

This is an auditing tool to analyze server-side request forgery vulnerabilities in dwatch version 0.0.2. ================================================================================================================================== | Title : dwatch 0.0.2 SSRF Boundary and Network Isolation...

5.8AI score

Exploits0

Positive Technologies•added 2026/05/29 12:0 a.m.•8 views

PT-2026-45026

Impact DNSCache. async add inserted every response record into cache, expirations, expire heap, and service cache with no cap on entry count. The only pre-existing protection was a PTR TTL floor DNS PTR MIN TTL = 1125 s, RFC 6762 §10, which actually prolonged attacker-injected records, and a...

6.5CVSS5.8AI score

Exploits0References5

ICS•added 2026/05/19 6:0 a.m.•9 views

ScadaBR

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to perform unauthenticated remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network...

6.3AI score

Exploits0References13

ICS•added 2026/05/19 6:0 a.m.•9 views

Kieback & Peter DDC Building Controllers

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to take control of the victim's browser. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all...

5.3CVSS5.6AI score0.0004EPSS

Exploits0References13

ICS•added 2026/05/12 7:0 a.m.•17 views

Schnieider Electric EcoStruxure Machine Expert HVAC (SEVD-2026-132-01)

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized personnel can access...

7.5CVSS5.9AI score0.00012EPSS

Exploits0References11

ATTACKERKB•added 2026/05/04 5:24 p.m.•1 views

CVE-2026-42091

goshs is a SimpleHTTPServer written in Go. Prior to version 2.0.2, the PUT upload handler httpserver/updown.go lacks the CSRF token validation that was added to the POST upload handler during the CVE-2026-40883 fix. Combined with the unconditional Access-Control-Allow-Origin: on the OPTIONS...

8.1CVSS5.9AI score0.00024EPSS

Exploits2References4Affected Software1

Tenable Nessus•added 2026/05/04 12:0 a.m.•3 views

RHCOS 2 : Red Hat OpenShift Enterprise 2.1.9 (RHSA-2014:1906)

The remote Red Hat Enterprise Linux CoreOS 2 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1906 advisory. - OpenShift: /proc/net/tcp information disclosure CVE-2014-3602 - Enterprise: gears fail to properly isolate network traffic...

7.5CVSS5.8AI score0.004EPSS

Exploits0References14

Tenable Nessus•added 2026/05/04 12:0 a.m.•2 views

RHCOS 2 : Red Hat OpenShift Enterprise 2.2 Release Advisory (Moderate) (RHSA-2014:1796)

The remote Red Hat Enterprise Linux CoreOS 2 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1796 advisory. - OpenShift: /proc/net/tcp information disclosure CVE-2014-3602 - Enterprise: gears fail to properly isolate network traffic...

7.5CVSS5.8AI score0.004EPSS

Exploits0References35

ICS•added 2026/04/23 6:0 a.m.•3 views

SpiceJet Online Booking System

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all...

5.5AI score

Exploits0References13

ICS•added 2026/04/16 6:0 a.m.•3 views

Horner Automation Cscape and XL4, XL7 PLC

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to systems and services. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure...

9.3CVSS5.7AI score0.00016EPSS

Exploits0References11

ICS•added 2026/04/16 6:0 a.m.•2 views

Anviz Multiple Products

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow attackers to conduct reconnaissance, capture or decrypt sensitive data, alter device configurations, gain unauthorized administrative or root‑level access, execute arbitrary code, compromise credentials or...

6.5AI score

Exploits0References11

Github Security Blog•added 2026/04/14 11:14 p.m.•3 views

Oxia has an OIDC token audience validation bypass via SkipClientIDCheck

Summary The OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling the standard audience aud claim validation at the library level. This allows tokens issued for unrelated services by the same OIDC issuer to be accepted by Oxia...

9.2CVSS5.8AI score0.00068EPSS

Exploits0References3Affected Software1

ICS•added 2026/03/26 6:0 a.m.•1 views

PTC Windchill Product Lifecycle Management

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control...

9.3CVSS6.5AI score0.00386EPSS

Exploits0References13

ICS•added 2026/03/26 6:0 a.m.•5 views

OC Messaging and Custom Messaging Gateway

RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated low-privileged user to gain access to SMS messages outside of their authorized tenant scope via a crafted company or tenant identifier parameter. 2. RECOMMENDED PRACTICES CISA recommends users take...

8.1CVSS5.8AI score0.00042EPSS

Exploits0References13

RedhatCVE•added 2026/03/24 6:22 p.m.•1 views

CVE-2026-33554

A flaw was found in FreeIPMI. The ipmi-oem program is used to send Intelligent Platform Management Interface IPMI OEM commands for specific hardware vendors to retrieve specific information from the hardware. A malicious server can reply with crafted response messages and cause buffer overflows...

8.8CVSS6AI score0.00067EPSS

Exploits0References7

NVD•added 2026/03/19 10:16 p.m.•1 views

CVE-2026-32038

OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trusted operators to join another container's network namespace. Attackers can configure the docker.network parameter with container: values to reach services in target container namespaces and bypass...

9.8CVSS0.00065EPSS

Exploits0References2