CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

162 matches found

Positive Technologies•added 6 days ago•3 views

PT-2026-44534

Vulnerability in Oracle REST Data Services component: Core. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability can...

5.3CVSS5.8AI score0.00039EPSS

Exploits0References2

CVE•added 2026/05/11 10:3 p.m.•11 views

CVE-2026-43914

Vaultwarden prior to 1.35.4 is affected. The unprotected two‑factor login endpoint /api/two-factor/send-email-login (email.rs) can act as an oracle to determine if a username/password is correct, enabling brute‑force attempts without rate‑limiting even for users without email 2FA. Impact: bypasse...

9.8CVSS5.8AI score0.00048EPSS

Exploits1References3Affected Software1

OSV•added 2026/05/06 2:42 p.m.•3 views

BIT-JAVA-2021-2432

Vulnerability in the Java SE product of Oracle Java SE component: JNDI. The supported version that is affected is Java SE: 7u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

4.3CVSS6.8AI score0.00233EPSS

Exploits0References6

Positive Technologies•added 2026/04/21 12:0 a.m.•3 views

PT-2026-34146

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: User Interface. Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows low privileged attacker...

6.8CVSS5.8AI score0.00017EPSS

Exploits0References3

RedhatCVE•added 2026/03/26 3:1 p.m.•0 views

CVE-2026-33292

WWBN AVideo is an open source video platform. Prior to version 26.0, the HLS streaming endpoint view/hls.php is vulnerable to a path traversal attack that allows an unauthenticated attacker to stream any private or paid video on the platform. The videoDirectory GET parameter is used in two...

7.5CVSS5.9AI score0.00074EPSS

Exploits1References1

RedHat Linux•added 2026/03/24 10:36 a.m.•2 views

mysql: Optimizer unspecified vulnerability (CPU Jan 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network...

4.9CVSS7AI score0.00063EPSS

Exploits0References6

IBM Security Bulletins•added 2026/03/19 8:52 p.m.•6 views

Security Bulletin: Communications Server (CS) for Data Center Deployment, CS for Linux, and CS for Linux on System z are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Jul 2025 - Includes Oracle July 2025 CPU

Summary Communications Server CS for Data Center Deployment, CS for Linux, and CS for Linux on System z install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database...

8.1CVSS5.9AI score0.02123EPSS

Exploits1Affected Software3

Tenable Nessus•added 2026/03/16 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2026-28490

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified i...

8.3CVSS5.8AI score0.00016EPSS

Exploits1References3

IBM Security Bulletins•added 2026/01/19 10:45 a.m.•5 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications

Summary Multiple Vulnerabilities were disclosed as part of the Oracle January 2026 Critical Patch Update. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiality impac...

7.5CVSS6.9AI score0.00068EPSS

Exploits0Affected Software2

F5 Networks•added 2026/01/19 4:52 a.m.•8 views

K000159608: Oracle GraalVM for JDK vulnerability CVE-2025-61755

Security Advisory Description Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE component: Compiler. Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and 21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

3.7CVSS4.8AI score0.0003EPSS

Exploits0

Positive Technologies•added 2025/11/28 12:0 a.m.•4 views

PT-2025-48348

🔍 𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐕𝐄 𝐛𝐫𝐞𝐚𝐤𝐝𝐨𝐰𝐧 𝐚𝐯𝐚𝐢𝐥𝐚𝐛𝐥𝐞 𝐧𝐨𝐰! Oracle CVE-2024-21854 is under active attack even after being patched. Learn why patch delays are dangerous and how to stay secure. 🌐 Explore the write-up → https://t.co/YSCfFvYLPP Join the discussion and tell us what you think!...

6.9AI score

Exploits0References1

NVD•added 2025/10/21 8:20 p.m.•4 views

CVE-2025-61760

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.12 and 7.2.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...

7.5CVSS0.00025EPSS

Exploits0References1