CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/29 9:16 a.m.•9 views

CVE-2026-10057

4.8CVSS0.00036EPSS

Vulnrichment•added 2026/05/29 8:34 a.m.•9 views

CVE-2026-10057 ITP Technology｜ITS Intelligent SCADA System - Stored Cross-Site Scripting

Cvelist•added 2026/05/29 8:34 a.m.•28 views

CVE-2026-10057 ITP Technology｜ITS Intelligent SCADA System - Stored Cross-Site Scripting

4.8CVSS0.00036EPSS

EUVD•added 2026/05/29 8:34 a.m.•11 views

EUVD-2026-33267

CVE•added 2026/05/29 8:34 a.m.•13 views

CVE-2026-10057

CVE-2026-10057 affects the ITS Intelligent SCADA System from ITP Technology. The vulnerability is a Stored Cross-Site Scripting (XSS) issue that lets privileged remote attackers inject persistent JavaScript that runs in users’ browsers when a page loads. The available documents confirm the affect...

Positive Technologies•added 2026/05/29 12:0 a.m.•8 views

PT-2026-44763

Positive Technologies•added 2026/05/29 12:0 a.m.•10 views

PT-2026-44764

OSV•added 2025/12/08 8:15 a.m.•3 views

CVE-2025-14253

Vitals ESP developed by Galaxy Software Services has an Arbitrary File Read vulnerability, allowing privileged remote attackers to exploit Absolute Path Traversal to download arbitrary system files...

6.9CVSS6AI score0.00058EPSS

NVD•added 2025/12/08 8:15 a.m.•2 views

CVE-2025-14253

6.9CVSS0.00058EPSS

Vulnrichment•added 2025/11/17 6:23 a.m.•1 views

CVE-2025-13164 Digiwin｜EasyFlow GP - Insufficiently Protected Credentials

EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext credentials of AD and system mail from the system frontend...

6.9CVSS6.6AI score0.00048EPSS

Cvelist•added 2025/11/17 6:23 a.m.•4 views

CVE-2025-13164 Digiwin｜EasyFlow GP - Insufficiently Protected Credentials

6.9CVSS0.00048EPSS

Vulnrichment•added 2025/11/17 6:17 a.m.•2 views

CVE-2025-13163 Digiwin｜EasyFlow GP - Insufficiently Protected Credentials

EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext database account credentials from the system frontend...

6.9CVSS6.6AI score0.00048EPSS

EUVD•added 2025/11/17 6:17 a.m.•1 views

EUVD-2025-197770

6.9CVSS6.5AI score0.00048EPSS

EUVD•added 2025/11/10 3:2 a.m.•2 views

EUVD-2025-41751

EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

8.6CVSS7.8AI score0.00329EPSS

RedhatCVE•added 2025/10/14 7:42 a.m.•2 views

CVE-2025-11673

SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server...

8.6CVSS8AI score0.00606EPSS

Exploits0References1

EUVD•added 2025/10/13 9:30 a.m.•2 views

EUVD-2025-34045

SOOP-CLM developed by PiExtract has a Server-Side Request Forgery vulnerability, allowing privileged remote attackers to read server files or probe internal network information...

6.9CVSS6.5AI score0.00052EPSS

NVD•added 2025/10/13 8:15 a.m.•3 views

CVE-2025-11673

SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server...

8.6CVSS0.00606EPSS