CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added yesterday•3 views

CVE-2026-45779

9.3CVSS6AI score

Exploits0References5Affected Software1

EUVD•added yesterday•3 views

EUVD-2026-34908

9.3CVSS6AI score

Exploits0References4

Cvelist•added yesterday•12 views

CVE-2026-45779 Open XDMoD Vulnerable to Unauthenticated SQL Injection Leading to Full Database Compromise

9.3CVSS

Exploits0References4

EUVD•added yesterday•2 views

EUVD-2026-34906

ATTACKERKB•added yesterday•2 views

CVE-2026-45778

Exploits0References2Affected Software1

CVE•added yesterday•8 views

CVE-2026-45778

Open XDMoD

Cvelist•added yesterday•13 views

CVE-2026-45778 Open XDMoD Vulnerable to Reflected Cross-Site Scripting (XSS) in Password Reset

8.6CVSS

ATTACKERKB•added yesterday•3 views

CVE-2026-45777

OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This could allow an attack...

Exploits0References4Affected Software1

Cvelist•added yesterday•13 views

CVE-2026-45777 Open XDMoD Vulnerable to Unauthenticated Remote Code Execution (RCE) via OS Command Injection

9.3CVSS

EUVD•added yesterday•3 views

EUVD-2026-34904

CVE•added yesterday•8 views

CVE-2026-45777

Open XDMoD (OpenXDMoD): A remote command-injection vulnerability allows an attacker to execute arbitrary system commands on the web server process, affecting versions 9.5.0–11.0.2. Root cause: OS command injection that can compromise confidentiality, integrity, and availability. Impact includes r...

Vulnrichment•added yesterday•5 views

CVE-2026-45777 Open XDMoD Vulnerable to Unauthenticated Remote Code Execution (RCE) via OS Command Injection

CVE•added yesterday•7 views

CVE-2026-45776

Open XDMoD (Open XDMoD) versions prior to 11.0.3 are affected when the optional Job Performance (SUPReMM) module is installed. A flaw in access control allows a crafted HTTPS POST to set a session variable used for authorization, enabling an attacker to view other users’ compute job efficiency me...

5.3CVSS5.4AI score

Cvelist•added yesterday•11 views

CVE-2026-45776 Open XDMoD has Broken Access Control via Client-Controlled Session Variable

OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a flaw in Open XDMoD's access control logic allows an attacker to submit a crafted HTTPS POST request that sets a session variable used for authorization decisions. If an installation of Open XDMoD...

5.3CVSS

ATTACKERKB•added yesterday•2 views

CVE-2026-45776

5.3CVSS5.4AI score

Exploits0References4Affected Software1

Vulnrichment•added yesterday•2 views

CVE-2026-45776 Open XDMoD has Broken Access Control via Client-Controlled Session Variable

5.3CVSS5.4AI score

Positive Technologies•added yesterday•7 views

PT-2026-47052

Name of the Vulnerable Software and Affected Versions OpenXDMoD versions prior to 10.0.3 Description An SQL injection allows an unauthenticated remote attacker to execute arbitrary SQL statements. This can result in the complete compromise of the underlying database. The issue requires no...

9.3CVSS6AI score

Exploits0References6

Positive Technologies•added yesterday•6 views

PT-2026-47051

Name of the Vulnerable Software and Affected Versions OpenXDMoD versions prior to 11.0.3 Description An authenticated attacker can inject malicious JavaScript into their user profile and abuse the password reset functionality to send a link to an HTML page. When a victim visits this page, the...