CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

39 matches found

Tenable Nessus•added 2026/05/29 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-49299

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single- tag write operations while the defined policy rules us...

5.3CVSS5.8AI score0.00043EPSS

Exploits0References3

OSV•added 2026/05/28 10:17 p.m.•3 views

DEBIAN-CVE-2026-49299

In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags...

5.3CVSS5.8AI score0.00043EPSS

Exploits0References1

CNVD•added 2026/04/10 12:0 a.m.•2 views

TRENDnet TEW-657BRM vpn_drop Function OS Command Injection Vulnerability

The TRENDnet TEW-657BRM is a WiFi router from TRENDnet. An OS command injection vulnerability exists in the TRENDnet TEW-657BRM vpndrop function, which originates from a misuse of the vpndrop function parameter policyname in file /setup.cgi, and can be exploited by an attacker to cause OS command...

8.8CVSS6.4AI score0.00376EPSS

Exploits1

RedhatCVE•added 2026/04/03 5:0 p.m.•1 views

CVE-2026-5355

A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpndrop of the file /setup.cgi. The manipulation of the argument policyname leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the...

8.8CVSS6.3AI score0.00376EPSS

Exploits1References1

EUVD•added 2026/04/02 6:31 p.m.•1 views

EUVD-2026-18412

6.5CVSS6.3AI score0.00376EPSS

Exploits1References5

NVD•added 2026/04/02 5:16 p.m.•2 views

CVE-2026-5354

A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpnconnect of the file /setup.cgi. Executing a manipulation of the argument policyname can lead to os command injection. The attack can be executed remotely. The exploit has been published and may ...

8.8CVSS0.00376EPSS

Exploits1References4

CVE•added 2026/04/02 4:30 p.m.•3 views

CVE-2026-5354

Trendnet TEW-657BRM 1.00.1 is affected by CVE-2026-5354 due to a flaw in the vpn_connect function in /setup.cgi where manipulating the policy_name argument enables remote os command injection. Exploitation is possible without user interaction and remote access, with the exploit published and pote...

8.8CVSS6.4AI score0.00376EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2026/04/02 4:30 p.m.•2 views

CVE-2026-5354 Trendnet TEW-657BRM setup.cgi vpn_connect os command injection

6.5CVSS6.4AI score0.00376EPSS

Exploits1References4

RedhatCVE•added 2025/09/11 8:27 p.m.•7 views

CVE-2025-34177

In pfSense CE /suricata/suricataflowstream.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

5.1CVSS6.1AI score0.00035EPSS

Exploits0References1

RedhatCVE•added 2025/09/11 8:27 p.m.•4 views

CVE-2025-34178

In pfSense CE /suricata/suricataappparsers.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

5.1CVSS6.1AI score0.00035EPSS

Exploits0References1

OSV•added 2025/09/09 9:15 p.m.•1 views

CVE-2025-34177

5.4CVSS6.2AI score

Exploits0References3

NVD•added 2025/09/09 9:15 p.m.•4 views

CVE-2025-34177

5.4CVSS0.00035EPSS

Exploits0References3

NVD•added 2025/09/09 9:15 p.m.•5 views

CVE-2025-34178

5.4CVSS0.00035EPSS

Exploits0References3

OSV•added 2025/09/09 9:15 p.m.•4 views

CVE-2025-34178

5.4CVSS6.2AI score

Exploits0References3

Vulnrichment•added 2025/09/09 8:23 p.m.•4 views

CVE-2025-34178 Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting

5.1CVSS5.6AI score0.00035EPSS

Exploits0References3

CVE•added 2025/09/09 8:23 p.m.•16 views

CVE-2025-34178

The CVE refers to pfSense CE with the Suricata package where the policy_name parameter is not sanitized of HTML-related strings before display, causing stored XSS. Connected sources specify this affects Netgate pfSense CE Suricata package (notably v7.0.8_2 in CVE-2025-34178 listings) and require ...

5.4CVSS5.6AI score0.00035EPSS

Exploits0References3Affected Software1

CVE•added 2025/09/09 8:19 p.m.•11 views

CVE-2025-34177

PfSense CE with Suricata package is affected by a stored XSS in suricata_flow_stream.php: the policy_name parameter is not sanitized, allowing reflected HTML/JS content to persist when displayed. Exploitation requires authentication with at least WebCfg - Services: suricata package permissions. T...

5.4CVSS5.6AI score0.00035EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2025/09/09 8:19 p.m.•2 views

CVE-2025-34177 Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting

5.1CVSS5.6AI score0.00035EPSS

Exploits0References3

Cvelist•added 2025/09/09 8:19 p.m.•6 views

CVE-2025-34177 Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting

5.1CVSS0.00035EPSS

Exploits0References3

CNNVD•added 2025/09/09 12:0 a.m.•4 views

Netgate pfSense CE 安全漏洞

Netgate pfSense CE is a FreeBSD-based open source firewall and routing platform from Netgate, Inc. that supports enterprise-class network security and network management features. A security vulnerability exists in Netgate pfSense CE that stems from the policyname parameter not being cleaned of...

5.4CVSS5.8AI score0.00035EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by