CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

CVE•added 2026/05/28 9:53 p.m.•21 views

CVE-2026-49299

OpenStack Neutron prior to 28.0.1 is affected: the tagging controller enforces plural policy action names on single-tag write operations while policy rules use singular names, causing the mismatch to evaluate as allowed under the default policy. This permits a project reader to create and update ...

5.3CVSS5.8AI score0.00246EPSS

Exploits0References4

Cvelist•added 2026/04/08 4:43 p.m.•19 views

CVE-2026-33460 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure

Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces through an internal enrollment endpoint. The endpoin...

4.3CVSS0.00175EPSS

Exploits0References1

RedhatCVE•added 2026/02/21 7:29 p.m.•4 views

CVE-2026-2846

A security vulnerability has been detected in UTT HiPER 520 1.7.7-160105. This impacts the function sub44D264 of the file /goform/formPdbUpConfig of the component Web Management Interface. The manipulation of the argument policyNames leads to os command injection. The attack can be initiated...

8.6CVSS5.4AI score0.0982EPSS

Exploits1References1

NVD•added 2026/02/20 4:22 p.m.•6 views

CVE-2026-2846

8.6CVSS0.0982EPSS

Exploits1References4

Cvelist•added 2026/02/20 3:32 p.m.•18 views

CVE-2026-2846 UTT HiPER 520 Web Management formPdbUpConfig sub_44D264 os command injection

8.6CVSS0.0982EPSS

Exploits1References4

ATTACKERKB•added 2026/02/20 3:32 p.m.•4 views

CVE-2026-2846

8.6CVSS6.8AI score0.0982EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2026/02/20 3:32 p.m.•2 views

CVE-2026-2846 UTT HiPER 520 Web Management formPdbUpConfig sub_44D264 os command injection

8.6CVSS6.8AI score0.0982EPSS

Exploits1References4

OSV•added 2026/02/08 10:15 p.m.•1 views

CVE-2026-2188

A vulnerability was determined in UTT 进取 521G 3.1.1-190816. The impacted element is the function sub446B18 of the file /goform/formPdbUpConfig. Executing a manipulation of the argument policyNames can lead to os command injection. It is possible to launch the attack remotely. The exploit has been...

7.2CVSS5.7AI score

Exploits0References4

NVD•added 2026/02/08 10:15 p.m.•3 views

CVE-2026-2188

8.6CVSS0.06413EPSS

Exploits1References4

OSV•added 2026/02/08 5:16 a.m.•2 views

CVE-2026-2135

A vulnerability was detected in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub43F020 of the file /goform/formPdbUpConfig. Performing a manipulation of the argument policyNames results in command injection. It is possible to initiate the attack remotely. The exploit is now...

8.8CVSS5.7AI score0.03852EPSS

Exploits1References4

Cvelist•added 2026/02/08 4:32 a.m.•36 views

CVE-2026-2135 UTT HiPER 810 formPdbUpConfig sub_43F020 command injection

6.5CVSS0.03852EPSS

Exploits1References4

ATTACKERKB•added 2026/02/08 4:32 a.m.•5 views

CVE-2026-2135

6.5CVSS6.5AI score0.03852EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2026/02/08 4:32 a.m.•11 views

CVE-2026-2135 UTT HiPER 810 formPdbUpConfig sub_43F020 command injection

6.5CVSS5.5AI score0.03852EPSS

Exploits1References4

CNNVD•added 2026/02/08 12:0 a.m.•3 views

UTT 521G 操作系统命令注入漏洞

UTT 521G is a router produced by the Chinese company Aite UTT. The version UTT 521G 3.1.1-190816 contains a vulnerability related to operating system command injection. This vulnerability arises from improper handling of the parameter policyNames in the function sub446B18 within the...

8.6CVSS7.1AI score0.06413EPSS

Exploits1References5

Positive Technologies•added 2026/02/08 12:0 a.m.•4 views

PT-2026-7021

Name of the Vulnerable Software and Affected Versions UTT 进取 521G version 3.1.1-190816 Description A flaw exists in the function sub 446B18 located in the file /goform/formPdbUpConfig. Manipulation of the policyNames argument can result in operating system command injection. This issue is...

8.6CVSS5.4AI score0.06413EPSS

Exploits1References8

OSV•added 2025/11/20 3:17 p.m.•4 views

CVE-2025-13442

A security vulnerability has been detected in UTT 进取 750W up to 3.2.2-191225. Affected by this vulnerability is the function system of the file /goform/formPdbUpConfig. Such manipulation of the argument policyNames leads to command injection. The attack may be launched remotely. The exploit has...

9.8CVSS6.7AI score0.17612EPSS

Exploits1References4

NVD•added 2025/11/20 3:17 p.m.•3 views

CVE-2025-13442

9.8CVSS0.17612EPSS

Exploits1References4

CNNVD•added 2025/11/20 12:0 a.m.•4 views

UTT 750W 命令注入漏洞

The UTT Progressive 750W is an enterprise-grade wireless router from Atech Technology UTT designed for office environments such as small businesses and remote branch offices. The UTT Progress 750W suffers from a command injection vulnerability that stems from the failure of the parameter...

9.8CVSS7.2AI score0.17612EPSS

Exploits1References5

Positive Technologies•added 2025/09/09 12:0 a.m.•5 views

PT-2025-36957

Name of the Vulnerable Software and Affected Versions: pfSense CE affected versions not specified Description: The policy name parameter in /suricata/suricata app parsers.php is not properly sanitized to remove HTML-related strings and characters before being displayed. This can lead to stored...

5.1CVSS5.3AI score0.03424EPSS

Exploits0References4

Snyk•added 2025/08/12 6:7 p.m.•3 views

Prototype Pollution

Overview content-security-policy-parser is a Parse Content Security Policy directives. Affected versions of this package are vulnerable to Prototype Pollution via the parse function. An attacker can manipulate the Object prototype by supplying a crafted policy name in HTTP queries, potentially...

9.1CVSS8.1AI score0.00395EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by