CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17189 matches found

Mosparo < 1.0.2 - Open Redirect

Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2. id: CVE-2023-5375 info: name: Mosparo 1.0.2 - Open Redirect author: shankaracharya severity: medium description: | Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2. impact: | Unauthenticated attackers can exploit...

6.1CVSS5.8AI score0.433EPSS

Exploits1References4

Nuclei•added 6 hours ago•19 views

ArgoCD Project API Token Repository Credentials Exposure

Argo CD API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwords through the project details API endpoint, even when the token only has standard application management permissions and no explicit access to secrets. This vulnerability...

9.9CVSS6AI score0.05376EPSS

Exploits1References3

Nuclei•added 6 hours ago•28 views

phpMyFAQ < 3.2.0 - Cross-site Scripting

Cross-site Scripting XSS Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2. id: CVE-2023-5863 info: name: phpMyFAQ ' - 'phpMyFAQ' condition: and - type: word part: header words: - "tex...

7.4CVSS6.8AI score0.06224EPSS

Exploits1References2

Nuclei•added 6 hours ago•36 views

Imgproxy < 3.14.0 - Cross-site Scripting (XSS)

Cross-site Scripting XSS - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0. id: CVE-2023-1496 info: name: Imgproxy 3.14.0 - Cross-site Scripting XSS author: pdteam severity: medium description: Cross-site Scripting XSS - Reflected in GitHub repository imgproxy/imgproxy prior to...

6.5CVSS6.4AI score0.39772EPSS

Exploits1References2

Nuclei•added 6 hours ago•27 views

Froxlor < 0.10.38.2. - HTML Injection

HTML Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2. id: CVE-2022-3869 info: name: Froxlor TEST" matchers-condition: and matchers: - type: word part: body words: - 'The message to ""TEST" failed' - type: word part: header words: - "text/html" - type: status status: - 200 d...

6.5CVSS6.5AI score0.14857EPSS

Exploits1References2

RedhatCVE•added yesterday•5 views

CVE-2026-5241

A flaw was found in python-transformers. An attacker can exploit this vulnerability by providing a malicious model repository. During model initialization, the trustremotecode parameter, intended to prevent remote code execution, is overridden by untrusted configuration data. This allows the...

8CVSS7.6AI score

Exploits0References5

OSV•added yesterday•1 views

ROOT-APP-PYPI-CVE-2026-34515 CVE-2026-34515 in rootio-aiohttp - Patched by Root

Root has patched CVE-2026-34515 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

5.3CVSS5.2AI score0.00021EPSS

Exploits0

OSV•added yesterday•1 views

ROOT-APP-PYPI-CVE-2026-34519 CVE-2026-34519 in rootio-aiohttp - Patched by Root

Root has patched CVE-2026-34519 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

5.3CVSS5.2AI score0.00053EPSS

Exploits0

NVD•added yesterday•3 views

CVE-2024-47263

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users with administrator privileges to write specific files containing non-sensitive informati...

4.1CVSS

Exploits0References1

CVE•added yesterday•4 views

CVE-2024-47263

CVE-2024-47263 affects Synology Hyper Backup’s Backup.Repository webapi component. The vulnerability is a path traversal in versions prior to 4.1.2-4036 that allows remote authenticated users with administrator privileges to write specific files containing non-sensitive information through unspec...

4.1CVSS5.8AI score

Exploits0References1

Cvelist•added yesterday•18 views

CVE-2024-47263

4.1CVSS

Exploits0References1

Nuclei•added yesterday•20 views

FOSSBilling < 0.5.3 - Cross-Site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4. id: CVE-2023-3521 info: name: FOSSBilling &datefrom='" HTTP/1.1 Host: Hostname matchers-condition: and matchers: - type: word part: body words:...

6.1CVSS6.1AI score0.18964EPSS

Exploits1References2

Nuclei•added yesterday•73 views

Hestiacp <= 1.7.7 - Cross-Site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. id: CVE-2023-3479 info: name: Hestiacp = 1.7.7 - Cross-Site Scripting author: edoardottt severity: medium description: | Cross-site Scripting XSS - Reflected in GitHub repository hestiacp/hestiacp prior to...

6.1CVSS5.8AI score0.23521EPSS

Exploits1References3

Nuclei•added yesterday•63 views

Structurizr on-premises - Cross Site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository structurizr/onpremises prior to 3194. id: CVE-2023-5556 info: name: Structurizr on-premises - Cross Site Scripting author: shankaracharya severity: medium description: | Cross-site Scripting XSS - Reflected in GitHub repository...

6.1CVSS6.1AI score0.27325EPSS

Exploits1References3

Positive Technologies•added yesterday•4 views

PT-2026-45930

4.1CVSS5.8AI score

Exploits0References2

IBM Security Bulletins•added 2 days ago•3 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Service Registry and Repository due to April 2026 CPU

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, used by WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in April 2026. These issues are also addressed by WebSphere Application Server shipped with WebSphere...

7.5CVSS7.2AI score0.00154EPSS

Exploits0Affected Software1

NVD•added 2 days ago•4 views

CVE-2026-42795

Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball. The file collection helpers gleamfiles, nativefiles, privatefiles in compiler-cli/src/fs.rs use followlinkstrue when walking publishable directories...

5.1CVSS0.00014EPSS

Exploits0References4

EUVD•added 2 days ago•5 views

EUVD-2025-210017

In performPreInstallChecks of InstallRepository.kt, there is a possible way to bypass MDM policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00007EPSS

Exploits0References2

Positive Technologies•added 2 days ago•4 views

PT-2026-45783

Name of the Vulnerable Software and Affected Versions OpenMed versions prior to 1.5.2 Description Remote code execution is possible in the PII privacy-filter model loading path. The privacy-filter dispatcher uses broad substring matching on the user-supplied model name parameter, which allows a...

9.8CVSS6.2AI score0.00236EPSS

Exploits0References7

Cvelist•added 3 days ago•22 views

CVE-2025-48652

0.00007EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by