CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

668 matches found

CVE-2026-37220

FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2SETUPREQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert. A remote unauthenticated attacker can crash the near-RT RIC port 36421...

0.00081EPSS

Exploits0References2

F5 Networks•added 2026/05/13 12:44 p.m.•9 views

K000158038: BIG-IP TMM vulnerability CVE-2026-41956

Security Advisory Description When a classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2026-41956 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote,...

8.7CVSS5.7AI score0.00098EPSS

Exploits0Affected Software13

RedhatCVE•added 2026/03/27 2:26 p.m.•6 views

CVE-2021-27214

A Server-side request forgery SSRF vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting XSS attack against the administrative interface via an HTTP...

10CVSS6.4AI score0.07302EPSS

Exploits1References1

CISA KEV Catalog•added 2026/03/09 12:0 a.m.•6 views

Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability

Ivanti Endpoint Manager EPM contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data...

8.6CVSS5.8AI score0.58921EPSS

In wildExploits0

RedhatCVE•added 2026/01/09 12:36 p.m.•7 views

CVE-2023-49140

Denial-of-service DoS vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service DoS condition may occur...

7.5CVSS7AI score0.00573EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:35 p.m.•4 views

CVE-2023-49143

Denial-of-service DoS vulnerability exists in rfe service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service DoS condition may occur...

7.5CVSS7AI score0.00573EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:9 a.m.•6 views

CVE-2019-11608

doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/renamefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information or make the server unserviceable...

8.2CVSS6.6AI score0.01309EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:27 a.m.•6 views

CVE-2023-31927

An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface...

5.3CVSS6.5AI score0.00408EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:45 a.m.•7 views

CVE-2022-38202

There is a path traversal vulnerability in Esri ArcGIS Server versions 10.9.1 and below. Successful exploitation may allow a remote, unauthenticated attacker traverse the file system to access files outside of the intended directory on ArcGIS Server. This could lead to the disclosure of sensitive...

7.5CVSS6.4AI score0.00692EPSS

Exploits0References1

RedhatCVE•added 2026/01/01 10:28 p.m.•3 views

CVE-2025-67711

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

6.1CVSS6.7AI score0.00027EPSS

Exploits0References1

CVE•added 2025/12/31 10:18 p.m.•5 views

CVE-2025-67710

CVE-2025-67710 refers to a stored cross-site scripting vulnerability in Esri ArcGIS Server versions prior to 11.4 on Windows and Linux. The Red Hat and ENISA/CNNVD entries echo the same description: a remote, unauthenticated attacker can store files containing malicious code that may execute in a...

6.1CVSS6.3AI score0.00027EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2025/12/24 12:0 a.m.•3 views

PT-2025-53377

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A remote, unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands. The attack involves accessing an API endpoint that allows f...

8.7CVSS7.6AI score0.0023EPSS

Exploits0References6

VulnCheck KEV•added 2025/11/10 12:0 a.m.•2 views

VulnCheck KEV: CVE-2021-4462

Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side...

9.8CVSS6AI score0.18369EPSS

In wildExploits2References80

RedhatCVE•added 2025/10/22 1:12 a.m.•5 views

CVE-2025-6542

An arbitrary OS command may be executed on the product by a remote unauthenticated attacker...

9.8CVSS7.3AI score0.00146EPSS

Exploits0References1

CNNVD•added 2025/10/21 12:0 a.m.•2 views

TP-Link Omada gateways 安全漏洞

TP-Link Omada gateways is a security gateway from China P&L TP-Link. A security vulnerability exists in TP-Link Omada gateways that originates from a remote unauthenticated attacker who could execute arbitrary OS commands...

9.8CVSS7.6AI score0.00146EPSS

Exploits0References4