CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

202 matches found

EUVD-2026-33919

CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, resulting in full compromise of confidentiality, integrity, and availability of affected installations...

10CVSS5.8AI score0.00084EPSS

Exploits0References1

CNNVD•added 3 days ago•3 views

FlexRIC security vulnerabilities

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. Version FlexRIC v2.0.0 contains a security vulnerability. This vulnerability arises from the use of the assert function to enforce mapping relationships before sending the E2SETUPREQUEST message. This could allow remote...

7.5CVSS5.8AI score0.00081EPSS

Exploits0References2

NVD•added 6 days ago•7 views

CVE-2025-41277

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.8CVSS0.00261EPSS

Exploits0References1

NVD•added 6 days ago•9 views

CVE-2025-41274

9.8CVSS0.00261EPSS

Exploits0References1

Vulnrichment•added 6 days ago•6 views

CVE-2025-41273

Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authentication of the Console web application and...

9.3CVSS5.8AI score0.00186EPSS

Exploits0References1

EUVD•added 6 days ago•5 views

EUVD-2025-209992

9.3CVSS6.1AI score0.00261EPSS

Exploits0References1

CVE•added 6 days ago•10 views

CVE-2025-41271

Nozomi Networks Labs identifies a CWE-23 Relative Path Traversal affecting Waterfall WF-500 TX and RX Hosts (version 7.9.1.0 R2502171040) via the Console WebUI. An unauthenticated remote attacker could read arbitrary files on the device through this vulnerability. The provided documents do not sp...

8.7CVSS6AI score0.00065EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/05/22 12:0 a.m.•6 views

PT-2026-42777

Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management IAM module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data...

5.9CVSS5.8AI score0.00044EPSS

Exploits0References1

CNNVD•added 2026/05/18 12:0 a.m.•4 views

Dell Live Optics 信任管理问题漏洞

Dell Live Optics is an IT infrastructure analysis and capacity assessment platform developed by the American company Dell. Dell Live Optics has a trust management vulnerability, which stems from improper certificate verification. This vulnerability could allow remote unauthenticated attackers to...

6.8CVSS5.8AI score0.00015EPSS

Exploits0References1

Github Security Blog•added 2026/05/08 6:32 a.m.•4 views

Alkacon OpenCms allows remote unauthenticated attackers to obtain sensitive information

Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet...

7.3CVSS5.8AI score0.13668EPSS

Exploits0References4Affected Software1

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в openjdk-11

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK products of Oracle Java SE component: Libraries. The supported versions affected by this vulnerability are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise...

3.7CVSS6.8AI score0.00083EPSS

Exploits0References2

Tenable Nessus•added 2026/04/23 12:0 a.m.•1 views

Oracle WebCenter Sites (April 2026 CPU)

The 12.2.1.4.0 and 14.1.2.0.0 versions of WebCenter Sites installed on the remote host are affected by a vulnerability as referenced in the April 2026 CPU advisory. - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: Thick Client Apache Log4j. Supported...

6.3CVSS7.2AI score0.00029EPSS

Exploits1References3

Positive Technologies•added 2026/04/19 12:0 a.m.•4 views

PT-2026-33651

A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function get vector db details of the file superagi/controllers/vector dbs.py of the component Vector Database Management Endpoint. Executing a manipulation can lead to missing authentication. The...

7.5CVSS6.6AI score0.00105EPSS

Exploits0References6

NVD•added 2026/04/12 11:16 a.m.•0 views

CVE-2026-6126

A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.0.4. The affected element is an unknown function of the component Administrative HTTP Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The exploit has been made...

7.5CVSS0.00125EPSS

Exploits0References6

Packet Storm News•added 2026/04/07 12:0 a.m.•5 views

FortiClient EMS 7.4.6 Vulnerability Assessment Tool

CVE-2026-35616 is a pre-authentication API bypass in FortiClient EMS 7.4.5 and 7.4.6 that allows remote, unauthenticated attackers to bypass certificate-based authentication through HTTP header spoofing. The Django application trusts user-controllable HTTP headers X-SSL-CLIENT-VERIFY,...

9.8CVSS6.1AI score0.34753EPSS

Exploits7

Positive Technologies•added 2026/04/01 12:0 a.m.•1 views

PT-2026-29523

OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulnerability in the bot proxy router that allows remote unauthenticated attackers to access protected bot proxy functionality by sending requests to the POST /bot/v1/chat and POST /bot/v1/chat/stream endpoints. Attackers...

6.9CVSS6AI score0.00089EPSS

Exploits0References5

RedhatCVE•added 2026/03/29 5:3 p.m.•1 views

CVE-2026-5000

A vulnerability was detected in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. Impacted is the function LocalGPTHandler of the file backend/server.py of the component API Endpoint. The manipulation of the argument BaseHTTPRequestHandler results in missing authentication. T...

7.5CVSS5.6AI score0.00105EPSS

Exploits0References1

NVD•added 2026/03/10 6:17 p.m.•2 views

CVE-2025-54820

A Stack-based Buffer Overflow vulnerability CWE-121 vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is...

8.1CVSS0.00061EPSS

Exploits0References1

Positive Technologies•added 2026/03/09 12:0 a.m.•3 views

PT-2026-23999

Name of the Vulnerable Software and Affected Versions doramart DoraCMS versions 3.0.x Description A flaw exists in the processing of the /api/v1/mail/send file within the Email API component. This improper handling results in insufficient authentication. Remote attackers can exploit this issue. T...

9.8CVSS7.1AI score0.0014EPSS

Exploits1References11

EUVD•added 2026/03/04 6:31 p.m.•0 views

EUVD-2026-9472

A vulnerability in the SAML 2.0 single sign-on SSO feature of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the SAML feature and access sensitive,...

6.1CVSS5.8AI score0.0001EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by