CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

475 matches found

Positive Technologies•added 2026/05/19 12:0 a.m.•6 views

PT-2026-41844

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. Please note that in the updated version, "Data Resource" records with...

5.7AI score0.00192EPSS

Exploits0References2

Virtuozzo•added 2026/04/21 12:0 a.m.•6 views

Virtuozzo Infrastructure 7.3 Hotfix 1 (7.3.0-177)

This update provides stability fixes. Vulnerability id: VSTOR-127496 Improved error messages for QEMU updates. Vulnerability id: VSTOR-128436 Creating a load balancer could fail with "Unable to find securitygroup". Vulnerability id: VSTOR-129065 Neutron could consume excessive memory when listing...

5.7AI score

Exploits0

Circl•added 2026/04/02 5:0 p.m.•1 views

CVE-2025-68262

creationtimestamp| type| source ---|---|--- 2026-04-02 17:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0397/ 2026-04-07 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/ubuntu-linux-kernel-multiple-vulnerabilities20260408...

5.9AI score0.00024EPSS

Exploits0References2

Veracode•added 2026/04/01 9:53 a.m.•1 views

Improper Access Control

Cilium is vulnerable to improper access control. The vulnerability is due to missing validation of non-existent or unattached AWS security group IDs in egress policies, which allows an attacker to gain broader outbound network access than intended by the policy configuration...

5.5CVSS7.1AI score0.00007EPSS

Exploits0References2Affected Software2

RedhatCVE•added 2026/01/09 8:40 a.m.•3 views

CVE-2022-26043

An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests t...

7.5CVSS6.6AI score0.00268EPSS

Exploits1References1

vulnersOsv•added 2026/01/08 9:46 p.m.•1 views

aws-sg-cleanup (>=0.1.0 <=0.1.3), query-rds-data (>=2.0.0 <=2.0.1) potentially affected by unknown CVE via aws-sdk-rds (=0.15.0)

aws-sdk-rds CARGO version =0.15.0 is affected by a known vulnerability. The following packages have a transitive dependency on aws-sdk-rds and may be impacted: - aws-sg-cleanup =0.1.0, =2.0.0, =2.0.1 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

5.8AI score

Exploits0

vulnersOsv•added 2026/01/08 9:46 p.m.•0 views

aws-sg-cleanup (>=0.1.0 <=0.1.3) potentially affected by unknown CVE via aws-sdk-elasticache (=0.15.0)

aws-sdk-elasticache CARGO version =0.15.0 is affected by a known vulnerability. The following packages have a transitive dependency on aws-sdk-elasticache and may be impacted: - aws-sg-cleanup =0.1.0, =0.1.3 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

5.8AI score

Exploits0

SUSE CVE•added 2026/01/06 12:25 a.m.•4 views

SUSE CVE-2025-64715

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network...

5.5CVSS6.8AI score0.00007EPSS

Exploits0References2

Snyk•added 2025/12/01 6:59 p.m.•1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the policy evaluation process when egress.toGroups.aws.securityGroupsIds references AWS security group IDs that do not exist or are not attached to any network interface. An attacker can gain broader outbound...

5.5CVSS6.9AI score0.00007EPSS

Exploits0References2

OSV•added 2025/12/01 6:59 p.m.•1 views

GHSA-38PP-6GCP-RQVM Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic

Impact CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network interface may unintentionally allow broader outbound access than intended by the policy authors. In such cases, the toCIDRset sectio...

4CVSS6.8AI score0.00007EPSS

Exploits0References7

Vulnrichment•added 2025/11/29 12:11 a.m.•1 views

CVE-2025-64715 Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic

4CVSS6.4AI score0.00007EPSS

Exploits0References5

CNNVD•added 2025/11/29 12:0 a.m.•2 views

Cilium 访问控制错误漏洞

Cilium is an open source software from Cilium Open Source. It is used to provide and transparently protect network connectivity and load balancing between application workloads such as application containers or processes. An Access Control Error vulnerability exists in Cilium versions prior to...

5.5CVSS6.4AI score0.00007EPSS

Exploits0References6