CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

40 matches found

CVE-2026-45661

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that allows authenticated users to write arbitrary files to the filesystem during application deployment. When combined with Dokploy's remote serve...

9.9CVSS0.0009EPSS

Exploits0References1

Vulnrichment•added last week•5 views

CVE-2026-45661 Dokploy: Remote Code Execution through Path Traversal

9.9CVSS6.5AI score0.0009EPSS

Exploits0References1

CVE•added last week•14 views

CVE-2026-45661

Dokploy

9.9CVSS6.5AI score0.0009EPSS

Exploits0References1

CNNVD•added 2026/05/29 12:0 a.m.•5 views

Dokploy 安全漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.26.5 contain security vulnerabilities. These vulnerabilities stem from path traversal during the application deployment process, which allows authenticated users to write arbitrary files on the file...

9.9CVSS6.2AI score0.0009EPSS

Exploits0References1

Positive Technologies•added 2026/05/29 12:0 a.m.•8 views

PT-2026-44938

Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.26.6 Description Dokploy is a self-hostable Platform as a Service PaaS containing a path traversal issue. This allows authenticated users to write arbitrary files to the filesystem during application deployment. Whe...

9.9CVSS6.5AI score0.0009EPSS

Exploits0References4

Vulnrichment•added 2026/03/11 7:25 p.m.•3 views

CVE-2026-31957 Himmelblau unset domain configuration can allow any-tenant authentication at first login for remote deployments

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for...

10CVSS5.9AI score0.00359EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-26990

Malware in sbrugna...

7CVSS7.1AI score0.00163EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-26258

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.0008EPSS

Exploits0References2

OSV•added 2025/08/30 4:15 a.m.•1 views

CVE-2025-54943

A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks...

9.8CVSS5.9AI score

Exploits0References1

NVD•added 2025/08/30 4:15 a.m.•2 views

CVE-2025-54943

9.8CVSS0.0008EPSS

Exploits0References1

Cvelist•added 2025/08/30 3:42 a.m.•3 views

CVE-2025-54943 SUNNET Corporate Training Management System - Missing Authorization

9.3CVSS0.0008EPSS

Exploits0References1

Vulnrichment•added 2025/08/30 3:42 a.m.•2 views

CVE-2025-54943 SUNNET Corporate Training Management System - Missing Authorization

9.3CVSS6.4AI score0.0008EPSS

Exploits0References1

GithubExploit•added 2025/05/28 12:21 a.m.•527 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

CVE-2025-24071 PoC SMB + TAR Extraction Method This is a Po...

6.5CVSS7.8AI score0.74072EPSS

Exploits20

RedhatCVE•added 2025/05/22 5:42 p.m.•7 views

CVE-2020-5835

Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine...

7CVSS6.9AI score0.00163EPSS

Exploits0References1

The Hacker News•added 2023/03/21 6:55 a.m.•2 views

Hackers Steal Over $1.6 Million in Crypto from General Bytes Bitcoin ATMs Using Zero-Day Flaw

Bitcoin ATM maker General Bytes disclosed that unidentified threat actors stole cryptocurrency from hot wallets by exploiting a zero-day security flaw in its software. "The attacker was able to upload his own java application remotely via the master service interface used by terminals to upload...

7.3AI score

Exploits0

SUSE CVE•added 2023/02/15 5:26 a.m.•2 views

SUSE CVE-2014-6532

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503...

9.3CVSS6.7AI score0.08352EPSS

Exploits0References11

CNNVD•added 2022/01/04 12:0 a.m.•2 views

Spinnaker 访问控制错误漏洞

Spinnaker is a continuous delivery platform. Used to release software changes with high speed and confidence. Spinnaker has a security vulnerability that stems from the presence of inappropriate privileges in the software that allow for pipeline creation and execution. This allows an arbitrary us...

10CVSS6.1AI score0.01815EPSS

Exploits0References3

The Hacker News•added 2021/10/01 12:18 p.m.•173 views

Chinese Hackers Used a New Rootkit to Spy on Targeted Windows 10 Users

A formerly unknown Chinese-speaking threat actor has been linked to a long-standing evasive operation aimed at South East Asian targets as far back as July 2020 to deploy a kernel-mode rootkit on compromised Windows systems. Attacks mounted by the hacking group, dubbed GhostEmperor by Kaspersky,...

1.7AI score

Exploits0

OSV•added 2020/05/11 8:15 p.m.•1 views

CVE-2020-5835

Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine...

7CVSS7.2AI score

Exploits0References1

NVD•added 2020/05/11 8:15 p.m.•19 views

CVE-2020-5835

Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine...

7CVSS6.8AI score0.00163EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by